In your role at a financial services and housing loans company, you're responsible for ensuring that all read requests to a Cloud Storage bucket containing highly sensitive client financial data are logged to comply with client mandates. What is the best course of action to meet these requirements?

Real Exam

Explanation:

Option B is correct because enabling Data Access audit logs for the Cloud Storage API ensures that all read requests to the bucket are logged, fulfilling the client's requirement. This includes logging for operations that read the configuration or metadata (ADMIN_READ) and operations that read an object (DATA_READ).

Option A is incorrect as the Data Loss Prevention API is designed for identifying and protecting sensitive data, not for logging access requests.

Option C is incorrect because restricting access to a single Service Account does not inherently log read requests, which is the primary requirement.

Option D is incorrect since the Identity Aware Proxy API is used for securing access to applications and resources, not for logging data access requests.

For more information, refer to Google Cloud's documentation on audit logs: https://cloud.google.com/storage/docs/audit-logs#types.

Powered ByGPT-5

Google Associate Cloud Engineer

Get started today

Google Associate Cloud Engineer

Get started today

In your role at a financial services and housing loans company, you're responsible for ensuring that all read requests to a Cloud Storage bucket containing highly sensitive client financial data are logged to comply with client mandates. What is the best course of action to meet these requirements?