ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Subtask 3.2: Compliance DesignSecurityAudit LoggingCompliance

GCP PCA · Question 40 · Compliance Design

Your organization requires strict auditing of all GCP resources. The security team needs to know exactly who modified a firewall rule, and they also need to know which users queried a specific BigQuery dataset containing PII. Which TWO types of Cloud Audit Logs must be enabled or analyzed to gather this information? (Select TWO)

Answer options:

A.

Admin Activity logs

B.

System Event logs

C.

Data Access logs

D.

VPC Flow Logs

E.

Policy Denied logs

How to approach this question

Distinguish between logs that record configuration changes and logs that record data reads.

Full Answer

Admin Activity logs, Data Access logs
Cloud Audit Logs are categorized. Admin Activity logs capture changes to resource configurations (like firewall rules) and cannot be disabled. Data Access logs capture reads of data (like a SELECT query in BigQuery) and must be explicitly enabled because they can generate massive volumes of logs.

Common mistakes

Selecting VPC Flow Logs (D) because firewalls are mentioned, but Flow Logs only show network traffic, not the API call that *changed* the firewall rule.
39All questions41

Practice the full GCP Professional Cloud Architect Practice Exam 6

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ02CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ03CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...HardQ04CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ05CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...Easy
View all 50 questions →