Google Associate Cloud Engineer

Get started today

Ultimate access to all questions.

Explanation:

The correct approach is to assign the auditor the IAM role roles/logging.privateLogViewer and direct them to review logs for changes to Cloud IAM policy. This role grants the necessary permissions to view both Admin Activity and Data Access logs, ensuring a comprehensive audit. Google recommends this method for external audits to maintain security and privacy standards.

Option A is incorrect because exporting logs to Cloud Storage is unnecessary when direct access is provided, and it overlooks the need to review IAM policy changes.
Option C is incorrect due to the unnecessary complexity of a custom role when a predefined role suffices.
Option D is incorrect for similar reasons to Option A, with the added redundancy of exporting logs.

Explanation:

Option A is incorrect because exporting logs to Cloud Storage is unnecessary when direct access is provided, and it overlooks the need to review IAM policy changes.
Option C is incorrect due to the unnecessary complexity of a custom role when a predefined role suffices.
Option D is incorrect for similar reasons to Option A, with the added redundancy of exporting logs.

Comments (0)

No comments yet.

As part of facilitating an external audit for your travel booking application on GCP, the auditor requests permissions to review GCP Audit Logs and Data Access logs. Which Cloud IAM role should you assign to the auditor?

Real Exam

Assign the auditor a custom role with logging.privateLogEntries.list permission. 2. Export logs to Cloud Storage.

2.0%

Assign the auditor the IAM role roles/logging.privateLogViewer. 2. Direct the auditor to review logs for changes to Cloud IAM policy.

59.2%

Assign the auditor a custom role with logging.privateLogEntries.list permission. 2. Direct the auditor to review logs for changes to Cloud IAM policy.

12.2%

Assign the auditor the IAM role roles/logging.privateLogViewer. 2. Export logs to Cloud Storage.

26.5%