Answer-first summary for fast verification
Answer: Enable Data Access audit logs for the Cloud Storage API to log all read requests.
Option B is correct because enabling Data Access audit logs for the Cloud Storage API ensures that all read requests to the bucket are logged, fulfilling the client's requirement. This includes logging for operations that read the configuration or metadata (ADMIN_READ) and operations that read an object (DATA_READ). Option A is incorrect as the Data Loss Prevention API is designed for identifying and protecting sensitive data, not for logging access requests. Option C is incorrect because restricting access to a single Service Account does not inherently log read requests, which is the primary requirement. Option D is incorrect since the Identity Aware Proxy API is used for securing access to applications and resources, not for logging data access requests. For more information, refer to Google Cloud's documentation on audit logs: [https://cloud.google.com/storage/docs/audit-logs#types](https://cloud.google.com/storage/docs/audit-logs#types).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In your role at a financial services and housing loans company, you're responsible for ensuring that all read requests to a Cloud Storage bucket containing highly sensitive client financial data are logged to comply with client mandates. What is the best course of action to meet these requirements?
A
Scan the bucket using the Data Loss Prevention API to identify sensitive data.
B
Enable Data Access audit logs for the Cloud Storage API to log all read requests.
C
Restrict read access to the data by allowing only a single Service Account.
D
Enable the Identity Aware Proxy API on the project for secure access.
No comments yet.