ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 5.3: Viewing audit logsDomain 5Audit LogsCloud LoggingCompliance

GCP ACE · Question 50 · Domain 5.3: Viewing audit logs

Your organization is subject to strict compliance regulations. You are required to retain all Admin Activity and Data Access audit logs for a period of 3 years. By default, Cloud Logging only retains Admin Activity logs for 400 days and Data Access logs for 30 days.

Which TWO actions should you take to meet the compliance requirement? (Select TWO)

Answer options:

A.

Create a log sink (router) in Cloud Logging

B.

Set the destination of the sink to a Cloud Storage bucket configured with a 3-year retention policy

C.

Export the logs to a Cloud SQL database

D.

Change the default retention period in Cloud Logging settings to 3 years

E.

Take a manual snapshot of the logs every 30 days

How to approach this question

Identify the standard GCP pattern for long-term log retention: Log Router (Sink) -> Cloud Storage.

Full Answer

Create a log sink (router) in Cloud Logging, Set the destination of the sink to a Cloud Storage bucket configured with a 3-year retention policy
To retain logs beyond their default retention periods (or for cost-effective long-term archiving), you must export them. You do this by creating a Log Router Sink in Cloud Logging. For compliance archiving (like a 3-year requirement), the best practice destination is a Cloud Storage bucket. You can further secure this by applying a Bucket Lock (retention policy) to ensure the logs cannot be deleted before the 3 years are up.

Common mistakes

Choosing Cloud SQL as a destination, which is highly expensive and inappropriate for log storage.
49All questions

Practice the full GCP Associate Cloud Engineer Practice Exam 5

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You are starting a new initiative and need to create a new Google Cloud project using the command...EasyQ02A developer on your team needs to manage App Engine applications, including deploying new version...MediumQ03You have created a new Google Cloud project. You need to allow a specific group of developers to ...MediumQ04Which statement best describes the relationship between Google Cloud projects and billing accounts?EasyQ05Your company wants to be notified immediately in their Slack channel whenever their monthly Googl...Medium
View all 50 questions →