Google Cloud Associate Cloud Engineer — Question 246

After a recent security incident, your startup company wants better insight into what is happening in the Google Cloud environment. You need to monitor unexpected firewall changes and instance creation. Your company prefers simple solutions. What should you do?

Answer options

• A. Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Cloud Storage. Use BigQuery to periodically analyze log events in the storage bucket.
• B. Use Cloud Logging filters to create log-based metrics for firewall and instance actions. Monitor the changes and set up reasonable alerts.
• C. Install Kibana on a compute instance. Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Pub/Sub. Target the Pub/Sub topic to push messages to the Kibana instance. Analyze the logs on Kibana in real time.
• D. Turn on Google Cloud firewall rules logging, and set up alerts for any insert, update, or delete events.

Correct answer: B

Explanation

The correct answer is B because using Cloud Logging filters to create log-based metrics allows for efficient monitoring of specific actions related to firewalls and instances, along with the ability to set alerts based on those metrics. Option A involves more complex analysis using BigQuery, which may not align with the preference for simple solutions. Option C requires additional setup with Kibana and Pub/Sub, making it less straightforward. Option D, while useful, does not provide as comprehensive monitoring for both firewalls and instances simultaneously.