Topic 1 Question 171
Your company runs an ecommerce business. The application responsible for payment processing has structured JSON logging with the following schema:
Capture and access of logs from the payment processing application is mandatory for operations, but the jsonPayload.user_email field contains personally identifiable information (PII). Your security team does not want the entire engineering team to have access to PII. You need to stop exposing PII to the engineering team and restrict access to security team members only. What should you do?
Apply the conditional role binding resource.name.extract("locations/global/buckets/{bucket}/") == "_Default" to the _Default bucket.
Apply a jsonPayload.user_email restricted field to the _Default bucket. Grant the Log Field Accessor role to the security team members.
Apply a jsonPayload.user_email exclusion filter to the _Default bucket.
Modify the application to toggle inclusion of user_email when the LOG_USER_EMAIL environment variable is set to true. Restrict the engineering team members who can change the production environment variable by using the CODEOWNERS file.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: B
B. This is right approach. Check the doc - https://cloud.google.com/logging/docs/field-level-acl
👍 1GCP0012025/03/06
シャッフルモード