Google Cloud Professional Cloud Security Engineer — Question 86

You are tasked with exporting and auditing security logs for login activity events for Google Cloud console and API calls that modify configurations to Google
Cloud resources. Your export must meet the following requirements:
✑ Export related logs for all projects in the Google Cloud organization.
✑ Export logs in near real-time to an external SIEM.
What should you do? (Choose two.)

Answer options

• A. Create a Log Sink at the organization level with a Pub/Sub destination.
• B. Create a Log Sink at the organization level with the includeChildren parameter, and set the destination to a Pub/Sub topic.
• C. Enable Data Access audit logs at the organization level to apply to all projects.
• D. Enable Google Workspace audit logs to be shared with Google Cloud in the Admin Console.
• E. Ensure that the SIEM processes the AuthenticationInfo field in the audit log entry to gather identity information.

Correct answer: B, C

Explanation

Option B is correct because creating a Log Sink at the organization level with the includeChildren parameter allows you to capture logs from all projects and send them to a Pub/Sub topic for near real-time processing. Option C is also correct since enabling Data Access audit logs ensures that logging applies to all projects under the organization. Options A, D, and E do not meet the requirements for exporting logs in near real-time or are not directly related to capturing the necessary events.