Exam Professional Cloud Security Engineer topic 1 question 201 discussion

B. A: No. Granting monitoring.viewer to security team doesn't help to see the log since log to BQ. C: No. How does the security team to view logs if no log sink created? This option means no log streaming in. D: No. "90 days retention period" and "Security Reviewer" are not the question asked for.

D. Revised for a No-Folder Scenario: Create a single organization-level log sink: Include all child resources (projects) to centralize logging for the entire organization. Configure log filters: If you want to scope the logs (e.g., for "production" projects only), use labels or other identifiers on projects to filter relevant logs into the sink. Destination: Use a log bucket in a dedicated project accessible to the security team. Ensure the log bucket has a minimum retention period of 90 days (or longer if required). Grant Access: Assign the Security Reviewer role to the security operations team at the organization level. This role provides read access to logs across all resources in the organization.

B required external on prem SIEM it is not recommended solution

For sure not A, but I'm not sure B, because it required external SIEM, in my opinion D is the best option

It is B because you need a SIEM to actually analyse the configurations of the environments

B. 1. Create one log sink at the organization level that includes all the child resources. 2. Use as destination a Pub/Sub topic to ingest the logs into the security information and event management (SIEM) on-premises, and ensure that the right team can access the SIEM.

B is good

B makes sense

B https://github.com/GoogleCloudPlatform/community/blob/master/archived/exporting-security-data-to-your-siem/index.md

B makes sense cuz viewer role permits view environments configuration