As part of facilitating an external audit for your travel booking application on GCP, the auditor requests permissions to review GCP Audit Logs and Data Access logs. Which Cloud IAM role should you assign to the auditor?

Real Exam

Explanation:

The correct approach is to assign the auditor the IAM role roles/logging.privateLogViewer and direct them to review logs for changes to Cloud IAM policy. This role grants the necessary permissions to view both Admin Activity and Data Access logs, ensuring a comprehensive audit. Google recommends this method for external audits to maintain security and privacy standards.

Option A is incorrect because exporting logs to Cloud Storage is unnecessary when direct access is provided, and it overlooks the need to review IAM policy changes.
Option C is incorrect due to the unnecessary complexity of a custom role when a predefined role suffices.
Option D is incorrect for similar reasons to Option A, with the added redundancy of exporting logs.

Powered ByGPT-5

Google Associate Cloud Engineer

Get started today

Google Associate Cloud Engineer

Get started today

As part of facilitating an external audit for your travel booking application on GCP, the auditor requests permissions to review GCP Audit Logs and Data Access logs. Which Cloud IAM role should you assign to the auditor?