Google Cloud Professional Cloud Security Engineer — Question 84

Your Security team believes that a former employee of your company gained unauthorized access to Google Cloud resources some time in the past 2 months by using a service account key. You need to confirm the unauthorized access and determine the user activity. What should you do?

Answer options

• A. Use Security Health Analytics to determine user activity.
• B. Use the Cloud Monitoring console to filter audit logs by user.
• C. Use the Cloud Data Loss Prevention API to query logs in Cloud Storage.
• D. Use the Logs Explorer to search for user activity.

Correct answer: D

Explanation

The correct answer is D because the Logs Explorer allows you to search and analyze logs for specific user activity, which is essential in confirming unauthorized access. Option A is incorrect as Security Health Analytics focuses on security posture rather than detailed user actions. Option B, while useful, does not provide a comprehensive search capability like Logs Explorer. Option C is also not relevant for this purpose, as the Cloud Data Loss Prevention API is intended for data classification and protection rather than directly querying user activity logs.