Topic 1 Question 110
Your Security team believes that a former employee of your company gained unauthorized access to Google Cloud resources some time in the past 2 months by using a service account key. You need to confirm the unauthorized access and determine the user activity. What should you do?
Use Security Health Analytics to determine user activity.
Use the Cloud Monitoring console to filter audit logs by user.
Use the Cloud Data Loss Prevention API to query logs in Cloud Storage.
Use the Logs Explorer to search for user activity.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: D
D.
We use audit logs by searching the Service Account and checking activities in the past 2 months. (the user identity will not be seen since he used the SA identity but we can make correlations based on ip address, working hour, etc. )
👍 11Medofree2022/05/26 - 正解だと思う選択肢: D
B is intended to mislead the public. Cloud Monitoring provides only metrics. To check user activity is necessary to go to Cloud Logging and search on Audit Logs.
👍 4mikesp2022/06/02 - 正解だと思う選択肢: B
Correct. Answer is (B). Investigate the potentially unauthorized activity and restore the account. Ref.https://support.google.com/a/answer/2984349
👍 3mT32022/05/19
シャッフルモード