Explanation:
Option C is optimal because it uses a log sink to filter only the relevant logs, minimizing data exposure by not sending unnecessary data. Pub/Sub enables secure, real-time streaming, and Dataflow provides a managed service for processing and transferring logs to the on-premises SIEM, ensuring controlled and efficient data flow. While option B (log view with identity federation) offers access control, it does not facilitate exporting logs externally, making it less suitable for integration with an on-premises SIEM. Option A (BigQuery with workload identity) and option D (Cloud Storage with service account keys) involve storing logs in accessible locations, increasing the risk of data exposure compared to the streaming approach in C.
Ultimate access to all questions.
You need to provide a subset of Google Cloud logs to an on-premises SIEM while minimizing the risk of data exposure in your cloud environment. What should you do?
A
Create a new BigQuery dataset. Stream all logs to this dataset. Provide the on-premises SIEM system access to the data in BigQuery by using workload identity federation and let the SIEM team filter for the relevant log data.
B
Define a log view for the relevant logs. Provide access to the log view to a principal from your on-premises identity provider by using workforce identity federation.
C
Create a log sink for the relevant logs. Send the logs to Pub/Sub. Retrieve the logs from Pub/Sub and push the logs to the SIEM by using Dataflow.
D
Filter for the relevant logs. Store the logs in a Cloud Storage bucket. Grant the service account access to the bucket. Provide the service account key to the SIEM team.
No comments yet.