Domain 5.3: Viewing audit logs

Which type of Cloud Audit Log records administrative actions that modify the configuration or metadata of resources, and is enabled by default?

You suspect that an unauthorized user has been reading sensitive data from a Cloud Storage bucket. Which type of audit log must be enabled to investigate this?

You need to retain Admin Activity audit logs for 3 years for compliance reasons. By default, Cloud Logging only retains them for 400 days. Which TWO actions should you take to achieve this? (Select TWO)

You want to monitor who is modifying IAM policies and creating new resources in your GCP project. Which type of Cloud Audit Log should you review?

Your compliance team requires that all Data Access audit logs be retained for 3 years for forensic analysis. Cloud Logging only retains these logs for 30 days by default. Which TWO actions should you take to meet this requirement? (Select TWO)

You are troubleshooting an issue and need to find all Admin Activity audit logs related to a specific Compute Engine instance named 'db-server' over the last 2 hours. Where should you go in the Google Cloud Console to build and execute this query?

You are writing a query in the Logs Explorer to find all errors generated by a specific Cloud Function named 'process-data'. Which TWO fields are essential to include in your query to filter the results accurately? (Select TWO)

You want to grant a new employee the ability to view Data Access audit logs. By default, these logs are not visible to users with the basic 'Viewer' role. Which IAM role must you grant them?

You need to investigate who modified the firewall rules in your VPC network yesterday. You want to view the logs that record administrative actions and configuration changes. Which type of Cloud Audit Log should you review?

You want to view the Admin Activity audit logs for your project to see recent changes to Compute Engine instances. You are using the Google Cloud Console. Which tool should you use to query and filter these logs?

Your company is subject to strict compliance regulations that require all Admin Activity audit logs to be retained for exactly 3 years. By default, Cloud Logging only retains these logs for 400 days. Which TWO actions should you take to meet this compliance requirement? (Select TWO)

You suspect that a user accidentally deleted a critical Compute Engine instance yesterday. You need to verify who performed the deletion and when it happened. Which type of Cloud Audit Log should you review?

You are investigating a security incident and need to search through your project's Admin Activity audit logs for the past 7 days. Where in the Google Cloud Console do you go to run queries and filter these logs?

Your compliance department requires that all Admin Activity audit logs be retained for 5 years. By default, Cloud Logging only retains these logs for 400 days. You need to set up a solution to meet the compliance requirement while allowing the security team to perform complex SQL analysis on the historical logs. Which TWO actions should you take? (Select TWO)

A critical Compute Engine instance was unexpectedly deleted. You need to find out which user or service account issued the delete command. Which type of Cloud Audit Log should you review?

You are using the Logs Explorer in the Google Cloud Console. You want to write a query to filter the logs so that you ONLY see Admin Activity audit logs related to Compute Engine instances. Which query filter should you use?

Your organization is subject to strict compliance regulations. You are required to retain all Admin Activity and Data Access audit logs for a period of 3 years. By default, Cloud Logging only retains Admin Activity logs for 400 days and Data Access logs for 30 days. Which TWO actions should you take to meet the compliance requirement? (Select TWO)

You are investigating a security incident and need to find out who deleted a critical Compute Engine instance yesterday. Which type of Cloud Audit Log should you review?

You want to view the Admin Activity audit logs for your project to see recent changes to IAM policies. Where in the Google Cloud Console should you go to view these logs?

You are using the Logs Explorer to investigate an issue. You want to filter the logs to show ONLY Admin Activity audit logs related to Compute Engine instances that were created in the last hour. Which TWO filters must you include in your Logs Explorer query? (Select TWO)

You are investigating a security incident and need to find out who deleted a specific Compute Engine instance yesterday. Which type of Cloud Audit Log should you review?

You want to view the logs for a specific Cloud Function named 'process-payment' to troubleshoot an error. Where in the Google Cloud Console should you go to query and filter these logs efficiently?

Your compliance department requires that all Data Access audit logs be retained for 3 years. Cloud Logging only retains these logs for 30 days by default. Which TWO actions should you take to meet this compliance requirement? (Select TWO)