Google Cloud Associate Cloud Engineer — Question 132

You are storing sensitive information in a Cloud Storage bucket. For legal reasons, you need to be able to record all requests that read any of the stored data. You want to make sure you comply with these requirements. What should you do?

Answer options

• A. Enable the Identity Aware Proxy API on the project.
• B. Scan the bucket using the Data Loss Prevention API.
• C. Allow only a single Service Account access to read the data.
• D. Enable Data Access audit logs for the Cloud Storage API.

Correct answer: D

Explanation

Enabling Data Access audit logs for the Cloud Storage API is the correct choice because it records all access requests to the data, ensuring compliance with legal requirements. The other options do not provide the necessary logging capability: the Identity Aware Proxy API relates to authentication, the Data Loss Prevention API focuses on data scanning for sensitive information, and restricting access to a single Service Account does not fulfill the logging requirement.