Your company manages highly sensitive personally identifiable information (PII) data of its clients using Bigtable. The security team requires that all read or write operations, including any metadata or configuration reads of this database table, be logged and stored in the company's Security Information and Event Management (SIEM) system. What is the best approach to achieve this?

Real Exam

Install the Ops Agent on the Bigtable instance during configuration. Create a service account with read permissions for the Bigtable instance. Develop a custom Dataflow job using this service account to export logs to the company's SIEM system.

20.0%

Access the Audit Logs page in the Google Cloud console and enable Data Read, Data Write, and Admin Read logs for the Bigtable instance. Create a Pub/Sub topic as a Cloud Logging sink destination and subscribe your SIEM system to this topic.

26.7%

Navigate to the Audit Logs page in the Google Cloud console and enable Admin Write logs specifically for the Bigtable instance. Set up a Cloud Functions instance to export logs from Cloud Logging to your SIEM.

33.3%

Use Cloud Monitoring in the Google Cloud console to create a custom monitoring task for the Bigtable instance to track all changes. Configure an alert using webhook endpoints, with the SIEM endpoint as the recipient.

20.0%

Google Associate Cloud Engineer

Get started today

Comments