ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 115 - Professional Cloud Security Engineer discussion

Report
Export

The security operations team needs access to the security-related logs for all projects in their organization. They have the following requirements:

Follow the least privilege model by having only view access to logs.

Have access to Admin Activity logs.

Have access to Data Access logs.

Have access to Access Transparency logs.

Which Identity and Access Management (IAM) role should the security operations team be granted?

A.
roles/logging.privateLogViewer
Answers
A.
roles/logging.privateLogViewer
B.
roles/logging.admin
Answers
B.
roles/logging.admin
C.
roles/viewer
Answers
C.
roles/viewer
D.
roles/logging.viewer
Answers
D.
roles/logging.viewer
Suggested answer: A

Explanation:

https://cloud.google.com/logging/docs/access-control#considerations roles/logging.privateLogViewer (Private Logs Viewer) includes all the permissions contained by roles/logging.viewer, plus the ability to read Data Access audit logs in the _Default bucket.

asked 18/09/2024
Alireza Noura
27 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first