Answer-first summary for fast verification
Answer: 1. Assign the auditor the IAM role `roles/logging.privateLogViewer`. 2. Direct the auditor to review logs for changes to Cloud IAM policy.
The correct approach is to assign the auditor the IAM role `roles/logging.privateLogViewer` and direct them to review logs for changes to Cloud IAM policy. This role grants the necessary permissions to view both Admin Activity and Data Access logs, ensuring a comprehensive audit. Google recommends this method for external audits to maintain security and privacy standards. - **Option A** is incorrect because exporting logs to Cloud Storage is unnecessary when direct access is provided, and it overlooks the need to review IAM policy changes. - **Option C** is incorrect due to the unnecessary complexity of a custom role when a predefined role suffices. - **Option D** is incorrect for similar reasons to Option A, with the added redundancy of exporting logs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As part of facilitating an external audit for your travel booking application on GCP, the auditor requests permissions to review GCP Audit Logs and Data Access logs. Which Cloud IAM role should you assign to the auditor?
A
logging.privateLogEntries.list permission. 2. Export logs to Cloud Storage.B
roles/logging.privateLogViewer. 2. Direct the auditor to review logs for changes to Cloud IAM policy.C
logging.privateLogEntries.list permission. 2. Direct the auditor to review logs for changes to Cloud IAM policy.D
roles/logging.privateLogViewer. 2. Export logs to Cloud Storage.No comments yet.