ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 77 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 77
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Last week, a company deployed a new App Engine application that writes logs to BigQuery. No other workloads are running in the project. You need to validate that all data written to BigQuery was done using the App Engine Default Service Account.
What should you do?

  • A. 1. Use Cloud Logging and filter on BigQuery Insert Jobs. 2. Click on the email address in line with the App Engine Default Service Account in the authentication field. 3. Click Hide Matching Entries. 4. Make sure the resulting list is empty.
  • B. 1. Use Cloud Logging and filter on BigQuery Insert Jobs. 2. Click on the email address in line with the App Engine Default Service Account in the authentication field. 3. Click Show Matching Entries. 4. Make sure the resulting list is empty.
  • C. 1. In BigQuery, select the related dataset. 2. Make sure that the App Engine Default Service Account is the only account that can write to the dataset.
  • D. 1. Go to the Identity and Access Management (IAM) section of the project. 2. Validate that the App Engine Default Service Account is the only account that has a role that can write to BigQuery.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by tangac at Sept. 6, 2022, 6:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AwesomeGCP
Highly Voted 2 years ago
Selected Answer: A
A. 1. Use StackDriver Logging and filter on BigQuery Insert Jobs. 2. Click on the email address in line with the App Engine Default Service Account in the authentication field. 3. Click Hide Matching Entries. 4. Make sure the resulting list is empty.
upvoted 13 times
Appsec977
1 year, 5 months ago
Stackdriver is now Cloud Operations.
upvoted 2 times
...
...
blacortik
Highly Voted 1 year, 2 months ago
Selected Answer: B
A: This option seems to be about using Cloud Logging and hiding matching entries. However, hiding matching entries wouldn't help in verifying the specific service account used for BigQuery Insert Jobs. C: While restricting permissions in BigQuery is important for security, it doesn't directly help you validate the specific service account that wrote the data. D: While IAM roles and permissions are important to manage access, it doesn't provide a clear process for verifying the service account used for a specific action. In summary, option B provides the appropriate steps to validate that data written to BigQuery was done using the App Engine Default Service Account by examining the Cloud Logging entries.
upvoted 5 times
anciaosinclinado
1 month, 3 weeks ago
Yes, but *hiding* log entries associated with App Engine Default Service Account will help *validate* that all data written to BigQuery was written by such service account. If we show only entries associated to this service account we wouldn't achieve the question objective. So A is correct.
upvoted 1 times
...
...
dija123
Most Recent 7 months, 1 week ago
Selected Answer: B
Agree with B
upvoted 1 times
dija123
7 months ago
I think "Make sure the resulting list is empty" makes answer A is correct not B
upvoted 4 times
...
...
PST21
1 year, 10 months ago
A is correct as last 2 are means of doing it rather than validating it
upvoted 2 times
...
shayke
2 years ago
Selected Answer: C
validate - C
upvoted 1 times
...
tangac
2 years, 1 month ago
Selected Answer: A
https://www.examtopics.com/discussions/google/view/32259-exam-professional-cloud-security-engineer-topic-1-question/
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago