Topic 1 Question 113
You need to assign a Cloud Identity and Access Management (Cloud IAM) role to an external auditor. The auditor needs to have permissions to review your Google Cloud Platform (GCP) Audit Logs and also to review your Data Access logs. What should you do?
Assign the auditor the IAM role roles/logging.privateLogViewer. Perform the export of logs to Cloud Storage.
Assign the auditor the IAM role roles/logging.privateLogViewer. Direct the auditor to also review the logs for changes to Cloud IAM policy.
Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Perform the export of logs to Cloud Storage.
Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission. Direct the auditor to also review the logs for changes to Cloud IAM policy.
ユーザの投票
コメント(17)
Correct Answer is (B):
Background Google Cloud provides Cloud Audit Logs, which is an integral part of Cloud Logging. It consists of two log streams for each project: Admin Activity and Data Access. Admin Activity logs contain log entries for API calls or other administrative actions that modify the configuration or metadata of resources. Admin Activity logs are always enabled. There is no charge for your Admin Activity audit logs. Data Access logs record API calls that create, modify, or read user-provided data. Data Access audit logs are disabled by default because they can be large.
logging.viewer: The logging.viewer role gives the security admin team the ability to view the Admin Activity logs. logging.privateLogViewer : The logging.privateLogViewer role gives the ability to view the Data Access logs.
👍 54ESP_SAP2020/08/24for me B is the correct answer..
👍 17DarioFama232020/07/06why here cloud storage is mentioned ? they are mentioning only access and why this is coming in the middle
👍 3Sathya222021/03/15
シャッフルモード