Google Cloud Professional Cloud Security Engineer — Question 6

Your team needs to obtain a unified log view of all development cloud projects in your SIEM. The development projects are under the NONPROD organization folder with the test and pre-production projects. The development projects share the ABC-BILLING billing account with the rest of the organization.
Which logging export strategy should you use to meet the requirements?

Answer options

• A. 1. Export logs to a Cloud Pub/Sub topic with folders/NONPROD parent and includeChildren property set to True in a dedicated SIEM project. 2. Subscribe SIEM to the topic.
• B. 1. Create a Cloud Storage sink with billingAccounts/ABC-BILLING parent and includeChildren property set to False in a dedicated SIEM project. 2. Process Cloud Storage objects in SIEM.
• C. 1. Export logs in each dev project to a Cloud Pub/Sub topic in a dedicated SIEM project. 2. Subscribe SIEM to the topic.
• D. 1. Create a Cloud Storage sink with a publicly shared Cloud Storage bucket in each project. 2. Process Cloud Storage objects in SIEM.

Correct answer: A

Explanation

The correct answer is A because exporting logs to a Cloud Pub/Sub topic with the includeChildren property set to True allows for capturing logs from all nested projects under the NONPROD folder, which is essential for a unified log view. Option B is incorrect as it sets includeChildren to False, which would not capture logs from subprojects. Option C exports logs from each dev project separately, which does not provide a consolidated view, while option D involves creating separate storage buckets that complicate the log management process.