Answer-first summary for fast verification
Answer: Use the Logs Explorer to search for user activity.
The question requires investigating unauthorized access via a service account key and determining user activity over the past 2 months. Logs Explorer (option D) is the optimal choice because it allows querying audit logs, which capture detailed activity logs including service account usage, API calls, and resource access. This aligns with Google Cloud's documentation for investigating compromised credentials, where audit logs in Cloud Logging are used to detect unauthorized access. The community discussion strongly supports D (88% consensus, with high upvotes), noting that Cloud Monitoring (B) focuses on metrics, not detailed activity logs, and Security Health Analytics (A) is for security posture assessment, not forensic investigation. The Cloud DLP API (C) is for data protection, not access logging. Thus, D provides the necessary forensic capability to trace service account key usage and associated activities.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to investigate a potential security incident where a former employee may have used a service account key for unauthorized access to Google Cloud resources within the last two months. How should you proceed to confirm this access and identify the user's activities?
A
Use Security Health Analytics to determine user activity.
B
Use the Cloud Monitoring console to filter audit logs by user.
C
Use the Cloud Data Loss Prevention API to query logs in Cloud Storage.
D
Use the Logs Explorer to search for user activity.
No comments yet.