Google Cloud Professional Cloud Security Engineer — Question 342

Your organization 1s developing a new SaaS application on Google Cloud. Stringent compliance standards require visibility into privileged account activity, and potentially unauthorized changes and misconfigurations to the application's infrastructure. You need to monitor administrative actions, log changes to IAM roles and permissions, and be able to trace potentially unauthorized configuration changes. What should you do?

Answer options

• A. Create log sinks to Cloud Storage for long-term retention. Set up log-based alerts in Cloud Logging based on relevant log types. Enable VPC Flow Logs for network visibility.
• B. Deploy Cloud IDS and activate Firewall Rules Logging. Create a custom dashboard in Security Command Center to visualize potential intrusion attempts.
• C. Detect sensitive administrative actions by using Cloud Logging with custom filters. Enable VPC Flow Logs with BigQuery exports for rapid analysis of network traffic patterns.
• D. Enable Event Threat Detection and Security Health Analytics in Security Command Center. Set up detailed logging for IAM-related activity and relevant project resources by deploying Cloud Audit Logs.

Correct answer: D

Explanation

The correct answer is D because it directly addresses the need for detailed logging of IAM-related activities and utilizes Security Command Center for comprehensive threat detection and health analytics. Options A, B, and C, while useful for general monitoring and visibility, do not specifically provide the necessary logging and compliance tracking for IAM roles and permissions as required by the stringent standards.