Answer: Query logs in BigQuery

## Explanation To analyze Cloud Storage access logs for a specific user, the correct approach is to **query logs in BigQuery**. Here's why: 1. **Cloud Storage access logs** can be exported to BigQuery for detailed analysis. When you enable Cloud Storage logging, the logs are stored in Cloud Logging, but for complex queries and analysis, exporting to BigQuery provides more powerful querying capabilities. 2. **BigQuery** allows you to: - Run SQL-like queries on log data - Filter logs by specific users using IAM principal information - Analyze patterns over time - Create custom reports and dashboards - Join log data with other datasets 3. **Why other options are incorrect:** - **B) Use ACL logs**: While ACLs (Access Control Lists) control permissions, they don't provide detailed access logging for specific users. ACL logs aren't a standard feature for analyzing user access patterns. - **C) Enable extra labels**: Labels are metadata tags for organizing resources, not for analyzing access logs. - **D) Delete old objects**: This is unrelated to analyzing access logs and is about storage management. **Best Practice:** To analyze Cloud Storage access logs for a specific user: 1. Enable Cloud Storage audit logging 2. Export logs to BigQuery 3. Query the logs using SQL to filter by user identity 4. Use IAM principal information (like user email or service account) to identify specific users This approach provides comprehensive visibility into user access patterns and helps with security monitoring and compliance requirements.

Author: Rodrigo Sales