Google Cloud Professional Cloud Architect — Question 23

Auditors visit your teams every 12 months and ask to review all the Google Cloud Identity and Access Management (Cloud IAM) policy changes in the previous 12 months. You want to streamline and expedite the analysis and audit process.
What should you do?

Answer options

• A. Create custom Google Stackdriver alerts and send them to the auditor
• B. Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the auditor
• C. Use cloud functions to transfer log entries to Google Cloud SQL and use ACLs and views to limit an auditor's view
• D. Enable Google Cloud Storage (GCS) log export to audit logs into a GCS bucket and delegate access to the bucket

Correct answer: B

Explanation

The correct answer is B because enabling Logging export to Google BigQuery allows for efficient querying and analysis of the IAM policy changes while using ACLs and views ensures that sensitive data is appropriately restricted. Options A and C do not provide a systematic way to analyze large datasets, and D does not offer the same analytical capabilities as BigQuery, making them less suitable for streamlining the audit process.