Google Cloud Professional Cloud Security Engineer — Question 256

You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account.
What should you do?

Answer options

• A. Query Data Access logs.
• B. Query Admin Activity logs.
• C. Query Access Transparency logs.
• D. Query Stackdriver Monitoring Workspace.

Correct answer: B

Explanation

The correct answer is B, as Admin Activity logs specifically record changes made to resources, including the creation of new resources by service accounts. Options A, C, and D do not provide information on resource creation; Data Access logs track data access events, Access Transparency logs focus on access transparency, and Stackdriver Monitoring Workspace is used for monitoring resource performance.