Google Cloud Professional Cloud DevOps Engineer — Question 128

You are configuring Cloud Logging for a new application that runs on a Compute Engine instance with a public IP address. A user-managed service account is attached to the instance. You confirmed that the necessary agents are running on the instance but you cannot see any log entries from the instance in Cloud Logging. You want to resolve the issue by following Google-recommended practices. What should you do?

Answer options

• A. Export the service account key and configure the agents to use the key.
• B. Update the instance to use the default Compute Engine service account.
• C. Add the Logs Writer role to the service account.
• D. Enable Private Google Access on the subnet that the instance is in.

Correct answer: C

Explanation

The correct answer is C because adding the Logs Writer role to the service account grants the necessary permissions for logging. The other options either involve unnecessary complexity, such as exporting a service account key (A) or changing to a default service account (B), which may not resolve the issue. Enabling Private Google Access (D) is not relevant to the logging issue at hand.