Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Google Discussions

Exam Professional Cloud DevOps Engineer topic 1 question 38 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 38
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (PII) is leaking into certain log entry fields. All PII entries begin with the text userinfo. You want to capture these log entries in a secure location for later review and prevent them from leaking to Stackdriver Logging. What should you do?

  • A. Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.
  • B. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Cloud Storage bucket.
  • C. Create an advanced log filter matching userinfo, configure a log export in the Stackdriver console with Cloud Storage as a sink, and then configure a log exclusion with userinfo as a filter.
  • D. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, create an advanced log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by devopsbatch at June 2, 2021, 8:27 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
DucLee3110
Highly Voted 2 years, 11 months ago
looks like it is B. https://medium.com/google-cloud/fluentd-filter-plugin-for-google-cloud-data-loss-prevention-api-42bbb1308e76
upvoted 19 times
holahola
2 years, 11 months ago
B to me as well. Because fluentd can filter the logs quite nicely before passing information to Stackdriver. It can cober sensitive information such as credit card details, social security numbers, etc. Once the filtering is done, then the log can be passed to Cloud Storage, but the unfiltered information should not even reach stackdriver, so most of the answers are wrong.
upvoted 5 times
...
akg001
2 years, 11 months ago
to me , looks B is the correct answer .
upvoted 2 times
syslog
2 years, 11 months ago
Why not D?
upvoted 2 times
francisco_guerra
2 years, 10 months ago
prevent them from leaking to Stackdriver Logging. If you need to create a log export & log filter so the information is leaking to logging.
upvoted 6 times
...
...
...
Manh
2 years, 6 months ago
Agree with B
upvoted 1 times
...
irmingard_examtopics
5 months, 1 week ago
Not available any more.
upvoted 1 times
...
...
francisco_guerra
Highly Voted 2 years, 10 months ago
Im not pretty sure but Ans B Prevent them form leaking to Stackdriver logging A: Incorrect, Leaking to Stackdriver B: Correct, not leaking to Stackdriver & fluentD C: Incorrect, Leaking D: If we removed why we need to create a filter matching there will not be logs with userinfo?
upvoted 9 times
...
jomonkp
Most Recent 5 months, 2 weeks ago
Selected Answer: B
option b
upvoted 1 times
...
jeffersonkozak
11 months, 3 weeks ago
Selected Answer: C
A suggests creating a basic log filter and configuring a log export to Cloud Storage, but it does not address preventing the PII entries from leaking to Stackdriver Logging. By creating only a basic log filter, the PII data would still be accessible within Stackdriver Logging.
upvoted 1 times
aswani
10 months ago
are these questions still relevant? @jeffersonkozak
upvoted 1 times
...
...
JonathanSJ
1 year, 4 months ago
Selected Answer: B
B. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Cloud Storage bucket. By using Fluentd filter plugin, you can remove log entries that contain PII information and configure it to send to a designated cloud storage bucket. This way you prevent the logs that contain PII from leaking to Stackdriver Logging, and have them stored in a secure location for later review.
upvoted 2 times
...
Greg123123
1 year, 4 months ago
All A,C and D are leaking to stackdriver. So the ans has to be B
upvoted 1 times
...
floppino
1 year, 4 months ago
Selected Answer: B
Ans: B Exam passed and taken on 19/12/2022, 50/50 from this dump without buying the full access and looking for 'devops' word here: https://www.examtopics.com/discussions/google/1/
upvoted 1 times
...
raghupothula
1 year, 5 months ago
Selected Answer: B
will go with B
upvoted 1 times
...
saiprasathdv
1 year, 8 months ago
Selected Answer: B
Option B: https://cloud.google.com/logging/docs/agent/logging/configuration. Custom defined log entries has this structure "[TAG_NAME]+Payload+timestamp+Severity+labels". Here "Userinfo" is the TAG_NAME. Fluentd filter plugins used to filter out logs based on TAG_NAME. finally this could be stored in Cloud storage.
upvoted 3 times
...
GCP72
1 year, 9 months ago
Selected Answer: B
Answer is B
upvoted 1 times
...
mgm7
1 year, 10 months ago
Selected Answer: C
B is a poor answer IMHO because it seems to include a manual task of copying the PII data to the bucket at some later date (cron job or personal intervention, ugly either way). https://cloud.google.com/logging/docs/routing/overview makes it quite clear that this should be taken care by routing and the exclusion filter which would imply that C is the correct answer. "Cloud logging" is only one of the possible sink choices.
upvoted 1 times
mgm7
1 year, 10 months ago
Nevermind... I though B is ugly, if the PII data is removed with the fluentd filter, it will never arrive at the advanced filter.
upvoted 1 times
...
...
TNT87
2 years, 4 months ago
Selected Answer: B
Ans B https://medium.com/google-cloud/fluentd-filter-plugin-for-google-cloud-data-loss-prevention-api-42bbb1308e76
upvoted 2 times
...
garmstrong
2 years, 5 months ago
Selected Answer: B
Agree with B
upvoted 1 times
...
Shasha1
2 years, 5 months ago
A question is about capture logs entries in a secure location for later review, not removing the log sensitive data before store then in a secure location. so answer is A
upvoted 4 times
...
TNT87
2 years, 8 months ago
B https://medium.com/google-cloud/fluentd-filter-plugin-for-google-cloud-data-loss-prevention-api-42bbb1308e76
upvoted 3 times
irmingard_examtopics
5 months, 1 week ago
The author deleted this Medium story.
upvoted 1 times
...
...
j3e
2 years, 10 months ago
B. filter_record_transformer to be exact.
upvoted 3 times
...
Charun
2 years, 10 months ago
B answer
upvoted 5 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel