Google Cloud Professional Cloud Security Engineer — Question 27

How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?

Answer options

• A. Send all logs to the SIEM system via an existing protocol such as syslog.
• B. Configure every project to export all their logs to a common BigQuery DataSet, which will be queried by the SIEM system.
• C. Configure Organizational Log Sinks to export logs to a Cloud Pub/Sub Topic, which will be sent to the SIEM via Dataflow.
• D. Build a connector for the SIEM to query for all logs in real time from the GCP RESTful JSON APIs.

Correct answer: C

Explanation

The correct answer is C because configuring Organizational Log Sinks to export logs to a Cloud Pub/Sub Topic allows for scalable and reliable log delivery to the SIEM system via Dataflow. Option A is less reliable as it relies on a traditional protocol without scalability. Option B does not provide real-time access and may complicate log management. Option D requires significant development effort and may not be as efficient as the automated solution provided in C.