Answer-first summary for fast verification
Answer: Create a Log Sink at the organization level with the includeChildren parameter, and set the destination to a Pub/Sub topic., Enable Data Access audit logs at the organization level to apply to all projects.
The correct answers are B and C. Option B (Create a Log Sink at the organization level with the includeChildren parameter and set the destination to a Pub/Sub topic) is essential because it ensures logs from all projects in the organization are captured and exported in near real-time via Pub/Sub, meeting both requirements. Option C (Enable Data Access audit logs at the organization level to apply to all projects) is necessary because Data Access audit logs capture API calls that modify configurations, which are disabled by default and must be explicitly enabled. Option A is incorrect as it lacks the includeChildren parameter, failing to capture logs from all projects. Option D is incorrect because Google Workspace audit logs are separate from Google Cloud logs and not required for this scenario. Option E is incorrect as it relates to SIEM processing, not the export setup itself.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to export and audit security logs for Google Cloud console logins and API calls that modify resource configurations. The solution must meet these requirements:
A
Create a Log Sink at the organization level with a Pub/Sub destination.
B
Create a Log Sink at the organization level with the includeChildren parameter, and set the destination to a Pub/Sub topic.
C
Enable Data Access audit logs at the organization level to apply to all projects.
D
Enable Google Workspace audit logs to be shared with Google Cloud in the Admin Console.
E
Ensure that the SIEM processes the AuthenticationInfo field in the audit log entry to gather identity information.
No comments yet.