Google Cloud Associate Cloud Engineer — Question 174

An employee was terminated, but their access to Google Cloud was not removed until 2 weeks later. You need to find out if this employee accessed any sensitive customer information after their termination. What should you do?

Answer options

• A. View System Event Logs in Cloud Logging. Search for the user's email as the principal.
• B. View System Event Logs in Cloud Logging. Search for the service account associated with the user.
• C. View Data Access audit logs in Cloud Logging. Search for the user's email as the principal.
• D. View the Admin Activity log in Cloud Logging. Search for the service account associated with the user.

Correct answer: C

Explanation

The correct answer is C because Data Access audit logs specifically track access to sensitive information, allowing you to see if the terminated employee accessed any customer data. Options A and B focus on System Event Logs, which may not provide details on sensitive data access, while D looks at Admin Activity logs, which are less relevant for tracking data access by the user.