Google Cloud Professional Cloud DevOps Engineer — Question 164

Your company runs services on Google Cloud. Each team runs their applications in a dedicated project. New teams and projects are created regularly. Your security team requires that all logs are processed by a security information and event management (SIEM) system. The SIEM ingests logs by using Pub/Sub. You must ensure that all existing and future logs are scanned by the SIEM. What should you do?

Answer options

• A. Create an organization-level aggregated sink with a siem log bucket as the destination. Set an inclusion filter to include all logs.
• B. Create a folder-level aggregated sink with a siem Pub/Sub topic as the destination. Set an inclusion filter to include all logs. Repeat for each folder.
• C. Create an organization-level aggregated sink with a siem Pub/Sub topic as the destination. Set an inclusion filter to include all logs.
• D. Create a project-level logging sink with a siem Pub/Sub topic as the destination. Set an inclusion filter to include all logs. Repeat for each project.

Correct answer: C

Explanation

The correct answer is C because creating an organization-level aggregated sink ensures that all logs from every project within the organization are captured and sent to the SIEM, meeting the security team's requirement. Options A and D are incorrect as they either direct logs to a log bucket or only address individual projects, failing to encompass all projects. Option B is not suitable because it requires repetitive configurations for each folder, which is inefficient compared to an organization-level approach.