Google Cloud Associate Cloud Engineer — Question 306

You have a Bigtable instance that consists of three nodes that store personally identifiable information (PII) data. You need to log all read or write operations, including any metadata or configuration reads of this database table, in your company’s Security Information and Event Management (SIEM) system. What should you do?

Answer options

• A. • Navigate to Cloud Monitoring in the Google Cloud console, and create a custom monitoring job for the Bigtable instance to track all changes. • Create an alert by using webhook endpoints, with the SIEM endpoint as a receiver.
• B. • Navigate to the Audit Logs page in the Google Cloud console, and enable Admin Write logs for the Bigtable instance. • Create a Cloud Functions instance to export logs from Cloud Logging to your SIEM.
• C. • Navigate to the Audit Logs page in the Google Cloud console, and enable Data Read, Data Write and Admin Read logs for the Bigtable instance. • Create a Pub/Sub topic as a Cloud Logging sink destination, and add your SIEM as a subscriber to the topic.
• D. • Install the Ops Agent on the Bigtable instance during configuration. • Create a service account with read permissions for the Bigtable instance. • Create a custom Dataflow job with this service account to export logs to the company’s SIEM system.

Correct answer: C

Explanation

Option C is correct because it enables the necessary logging for all read and write operations on the Bigtable instance and sets up a Pub/Sub topic to send these logs directly to the SIEM. Option A focuses on monitoring changes but does not cover all operations or logging. Option B only enables Admin Write logs, which is insufficient for complete logging, and relies on Cloud Functions for export, which is not the most efficient method. Option D involves unnecessary steps like installing the Ops Agent and does not directly address the logging requirements.