ExpertEasy1 markMultiple Choice
GCP ACE · Question 48 · Domain 5.3: Viewing audit logs
You are investigating a security incident and need to find out who deleted a specific Compute Engine instance yesterday.
Which type of Cloud Audit Log should you review?
You are investigating a security incident and need to find out who deleted a specific Compute Engine instance yesterday.
Which type of Cloud Audit Log should you review?
Answer options:
A.
Data Access logs
B.
System Event logs
C.
Admin Activity logs
D.
Access Transparency logs
How to approach this question
Differentiate between the types of Cloud Audit Logs.
Full Answer
C.Admin Activity logs✓ Correct
Admin Activity logs
Cloud Audit Logs are divided into several categories. Admin Activity logs contain log entries for API calls and other administrative actions that modify the configuration or metadata of resources. Deleting a VM is an administrative action, so it will be recorded here. Admin Activity logs are always enabled and cannot be disabled.
Common mistakes
Confusing Admin Activity with Data Access logs. Deleting a VM is an Admin Activity. Reading a row from a database is Data Access.
Practice the full GCP Associate Cloud Engineer Practice Exam 7
50 questions · hints · full answers · grading
More questions from this exam
Q01You are starting a new initiative and need to create a new Google Cloud project using the Cloud S...EasyQ02Your company is migrating to Google Cloud and wants to manage user identities centrally. They cur...MediumQ03You have just created a new Google Cloud project and want to deploy a containerized application u...MediumQ04Your finance team wants to perform complex SQL queries on your Google Cloud billing data to analy...MediumQ05You are managing a development project in Google Cloud. You want to ensure that you are notified ...Easy