ExpertEasy1 markMultiple Choice
GCP ACE · Question 48 · Domain 5.3: Viewing audit logs
You are investigating a security incident and need to find out who deleted a critical Compute Engine instance yesterday.
Which type of Cloud Audit Log should you review?
You are investigating a security incident and need to find out who deleted a critical Compute Engine instance yesterday.
Which type of Cloud Audit Log should you review?
Answer options:
A.
Data Access audit logs
B.
System Event audit logs
C.
Admin Activity audit logs
D.
Access Transparency logs
How to approach this question
Match the action (deleting a resource) with the correct audit log type. Modifying resources = Admin Activity.
Full Answer
C.Admin Activity audit logs✓ Correct
Admin Activity audit logs
Cloud Audit Logs are divided into several categories. Admin Activity audit logs record API calls and administrative actions that modify the configuration or metadata of resources. Creating, updating, or deleting a Compute Engine instance falls under this category. These logs are enabled by default and cannot be disabled. Data Access logs, on the other hand, record API calls that read the configuration or metadata of resources, as well as user-driven API calls that create, modify, or read user-provided resource data.
Common mistakes
Confusing Admin Activity (modifying resources) with Data Access (reading data inside resources).
Practice the full GCP Associate Cloud Engineer Practice Exam 6
50 questions · hints · full answers · grading
More questions from this exam
Q01What is the primary purpose of a Google Cloud project?EasyQ02Your development team needs to manage Compute Engine instances in a specific project. They need t...MediumQ03You are automating the setup of a new Google Cloud project using a bash script. You need to enabl...EasyQ04Your startup has a strict monthly cloud budget of $500. You want to be notified immediately if yo...MediumQ05Your finance team wants to perform granular analysis of your Google Cloud spending using SQL. The...Hard