Google Cloud Professional Collaboration Engineer — Question 51

Your organization has been on G Suite Enterprise for one year. Recently, an admin turned on public link sharing for Drive files without permission from security.
Your CTO wants to get better insight into changes that are made to the G Suite environment. The chief security officer wants that data brought into your existing
SIEM system.
What are two ways you should accomplish this? (Choose two.)

Answer options

• A. Use the Data Export Tool to export admin audit data to your existing SIEM system
• B. Use Apps Script and the Reports API to export admin audit data to your existing SIEM system.
• C. Use Apps Script and the Reports API to export drive audit data to the existing SIEM system
• D. Use the BigQuery export to send admin audit data to the existing SIEM system via custom code
• E. Use the BigQuery export to send drive audit data to the existing SIEM system via custom code.

Correct answer: C, E

Explanation

The correct options are C and E because they specifically address exporting drive audit data, which is crucial for monitoring changes related to Drive file sharing. Options A and B focus on admin audit data, which is not relevant in this context, while option D addresses admin audit data rather than drive audit data, making them unsuitable for the CTO's requirements.