Answer-first summary for fast verification
Answer: Create a log sink for the relevant logs. Send the logs to Pub/Sub. Retrieve the logs from Pub/Sub and push the logs to the SIEM by using Dataflow.
Option C is optimal because it uses a log sink to filter only the relevant logs, minimizing data exposure by not sending unnecessary data. Pub/Sub enables secure, real-time streaming, and Dataflow provides a managed service for processing and transferring logs to the on-premises SIEM, ensuring controlled and efficient data flow. While option B (log view with identity federation) offers access control, it does not facilitate exporting logs externally, making it less suitable for integration with an on-premises SIEM. Option A (BigQuery with workload identity) and option D (Cloud Storage with service account keys) involve storing logs in accessible locations, increasing the risk of data exposure compared to the streaming approach in C.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to provide a subset of Google Cloud logs to an on-premises SIEM while minimizing the risk of data exposure in your cloud environment. What should you do?
A
Create a new BigQuery dataset. Stream all logs to this dataset. Provide the on-premises SIEM system access to the data in BigQuery by using workload identity federation and let the SIEM team filter for the relevant log data.
B
Define a log view for the relevant logs. Provide access to the log view to a principal from your on-premises identity provider by using workforce identity federation.
C
Create a log sink for the relevant logs. Send the logs to Pub/Sub. Retrieve the logs from Pub/Sub and push the logs to the SIEM by using Dataflow.
D
Filter for the relevant logs. Store the logs in a Cloud Storage bucket. Grant the service account access to the bucket. Provide the service account key to the SIEM team.
No comments yet.