ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 131 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 131
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

Your organization stores all application logs from multiple Google Cloud projects in a central Cloud Logging project. Your security team wants to enforce a rule that each project team can only view their respective logs and only the operations team can view all the logs. You need to design a solution that meets the security team s requirements while minimizing costs. What should you do?

  • A. Grant each project team access to the project _Default view in the central logging project. Grant togging viewer access to the operations team in the central logging project.
  • B. Create Identity and Access Management (IAM) roles for each project team and restrict access to the _Default log view in their individual Google Cloud project. Grant viewer access to the operations team in the central logging project.
  • C. Create log views for each project team and only show each project team their application logs. Grant the operations team access to the _AllLogs view in the central logging project.
  • D. Export logs to BigQuery tables for each project team. Grant project teams access to their tables. Grant logs writer access to the operations team in the central logging project.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by khoukha at Oct. 28, 2023, 1:30 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SahandJ
1 year, 2 months ago
why not B?
upvoted 1 times
...
xhilmi
1 year, 8 months ago
Selected Answer: C
Choose (option C). Creating log views for each project team allows you to tailor access to only show each team their relevant application logs. This fine-grained control ensures that project teams can access their own logs while maintaining isolation from logs of other teams. Granting the operations team access to the _AllLogs view in the central logging project provides them with the necessary visibility across all logs. This approach not only satisfies the security requirements but also minimizes costs by efficiently organizing and restricting access to the logs based on project teams' needs.
upvoted 2 times
...
mshafa
1 year, 9 months ago
C is the answer.
upvoted 2 times
...
koo_kai
1 year, 9 months ago
Selected Answer: C
maybe https://cloud.google.com/logging/docs/logs-views
upvoted 4 times
lelele2023
1 year, 9 months ago
"Custom log views provide you with an advanced and granular way to control access to your logs data. For example, consider a scenario in which you store all of your organization's logs in a central Google Cloud project. Because log buckets can contain logs from multiple Google Cloud projects, you might want to control which Google Cloud projects different users can view logs from. Using custom log views, you can give one user access to logs only from a single Google Cloud project, while you give another user access to logs from all the Google Cloud projects." Regarding _Default view: "Cloud Logging also creates a view for the _Default bucket called _Default. The _Default view for the _Default bucket shows all logs except Data Access audit logs.", be noted it shows "all logs"
upvoted 2 times
...
...
khoukha
1 year, 9 months ago
Answer is B
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel