Google Cloud Professional Cloud Security Engineer — Question 178

A team at your organization collects logs in an on-premises security information and event management system (SIEM). You must provide a subset of Google Cloud logs for the SIEM, and minimize the risk of data exposure in your cloud environment. What should you do?

Answer options

• A. Create a new BigQuery dataset. Stream all logs to this dataset. Provide the on-premises SIEM system access to the data in BigQuery by using workload identity federation and let the SIEM team filter for the relevant log data.
• B. Define a log view for the relevant logs. Provide access to the log view to a principal from your on-premises identity provider by using workforce identity federation.
• C. Create a log sink for the relevant logs. Send the logs to Pub/Sub. Retrieve the logs from Pub/Sub and push the logs to the SIEM by using Dataflow.
• D. Filter for the relevant logs. Store the logs in a Cloud Storage bucket. Grant the service account access to the bucket. Provide the service account key to the SIEM team.

Correct answer: C

Explanation

The correct answer is C because creating a log sink to route logs to Pub/Sub allows for controlled access and processing of logs before they reach the SIEM, minimizing exposure risk. Option A involves streaming all logs, which can lead to unnecessary data exposure, while option B focuses on access management but does not address the transfer mechanism. Option D suggests storing logs in Cloud Storage, which can be less secure than using Pub/Sub for log retrieval.