Palo Alto Networks System Engineer – Prisma Cloud — Question 48

Which RQL query should be used to quickly identify any events related to an organization's Google Cloud Platform Big Guery database the in last 24 hours?

Answer options

• A. event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'Google Bigtable Instance'
• B. event from cloud.audit_logs where cloud.service = 'Google Bigquery Dataset'
• C. event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'bigquery.googleapis.com'
• D. event from cloud.audit_logs where cloud.type = 'gcp'

Correct answer: C

Explanation

The correct answer, C, specifically targets the BigQuery service using its API endpoint, ensuring accurate results for the database. Option A refers to Bigtable, which is a different service, while option B points to a dataset rather than the service itself. Option D is too broad and does not focus on the specific service needed.