Answer-first summary for fast verification
Answer: Policy Denied audit logs
The question focuses on detecting possible intrusions for IAP-protected applications in a zero trust strategy. While Data Access audit logs (A) show successful access events, Policy Denied audit logs (B) specifically record access attempts blocked by IAP policies, which are critical for identifying unauthorized intrusion attempts. The community discussion shows divided opinions, but B has stronger reasoning for intrusion detection: it highlights denied access attempts that could indicate malicious activity, whereas A shows authorized access that may not reveal intrusions. Admin Activity logs (D) track administrative changes, not user access attempts, and Cloud Identity user log events (C) are less directly related to IAP access control. For alerting on possible intrusions, Policy Denied logs provide the most relevant security events.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As part of your organization's zero trust strategy, you use Identity-Aware Proxy (IAP) to protect multiple applications. You need to ingest logs into a Security Information and Event Management (SIEM) system to be alerted to possible intrusions.
Which logs should you ingest and analyze?
A
Data Access audit logs
B
Policy Denied audit logs
C
Cloud Identity user log events
D
Admin Activity audit logs
No comments yet.