ExpertMedium1 markMultiple Choice
GCP ACE · Question 50 · Domain 5.3: Viewing audit logs
You want to grant a new employee the ability to view Data Access audit logs. By default, these logs are not visible to users with the basic 'Viewer' role.
Which IAM role must you grant them?
You want to grant a new employee the ability to view Data Access audit logs. By default, these logs are not visible to users with the basic 'Viewer' role.
Which IAM role must you grant them?
Answer options:
A.
roles/logging.viewer
B.
roles/logging.privateLogViewer
C.
roles/viewer
D.
roles/iam.securityReviewer
How to approach this question
Know the specific IAM role required for sensitive logs.
Full Answer
B.roles/logging.privateLogViewer✓ Correct
roles/logging.privateLogViewer
Data Access audit logs can contain sensitive user data. Therefore, Google Cloud restricts access to them. The standard `roles/logging.viewer` or project `roles/viewer` cannot see them. You must explicitly grant `roles/logging.privateLogViewer` (or a higher role like Logging Admin).
Common mistakes
Assuming the standard Logging Viewer role grants access to all logs.
Practice the full GCP Associate Cloud Engineer Practice Exam 2
50 questions · hints · full answers · grading
More questions from this exam
Q01Your company is migrating to Google Cloud and needs to establish a resource hierarchy. You have t...EasyQ02You are managing access to a GCP project. You need to grant 15 developers the ability to view Com...MediumQ03You have created a new GCP project using the Cloud Console. You want to deploy a Cloud Function u...EasyQ04Your startup has a strict monthly cloud budget of $500. You want to be notified immediately if yo...EasyQ05Your finance team wants to perform complex SQL analysis on your GCP billing data to understand co...Medium