Google Cloud Professional Cloud Security Engineer — Question 164

A security audit uncovered several inconsistencies in your project's Identity and Access Management (IAM) configuration. Some service accounts have overly permissive roles, and a few external collaborators have more access than necessary. You need to gain detailed visibility into changes to IAM policies, user activity, service account behavior, and access to sensitive projects. What should you do?

Answer options

• A. Configure Google Cloud Functions to be triggered by changes to IAM policies. Analyze changes by using the policy simulator, send alerts upon risky modifications, and store event details.
• B. Enable the metrics explorer in Cloud Monitoring to follow the service account authentication events and build alerts linked on it.
• C. Use Cloud Audit Logs. Create log export sinks to send these logs to a security information and event management (SIEM) solution for correlation with other event sources.
• D. Deploy the OS Config Management agent to your VMs. Use OS Config Management to create patch management jobs and monitor system modifications.

Correct answer: C

Explanation

The correct answer is C because Cloud Audit Logs provide detailed insight into IAM changes, user actions, and service account behaviors, and sending these logs to a SIEM solution allows for effective correlation with other security events. Options A and B do not offer comprehensive visibility across all necessary aspects of IAM management, while D is focused on VM configurations rather than IAM monitoring.