An operations team must forward all GKE workload logs from project "prod-1" to an external SIEM that can consume messages from Google Cloud Pub/Sub in near-real time through an HTTPS push subscription. They want the simplest, lowest-cost option and do not need to run SQL queries on the data after it leaves Google Cloud. When they create the log sink, which destination should they choose to best meet these requirements?
A dedicated log bucket upgraded to Log Analytics to allow SQL queries on the logs.
A Cloud Storage bucket using the Nearline storage class with an Object Lifecycle rule for long-term retention.
A BigQuery dataset that stores the logs in partitioned tables for later querying.
A Cloud Pub/Sub topic in the prod-1 project, with the SIEM subscribed via a push subscription.
A Cloud Pub/Sub topic is the only log-sink destination that streams entries almost immediately after ingestion and supports push or pull subscriptions. This lets the SIEM receive each log record in near real time with minimal storage cost inside Google Cloud, because Pub/Sub retains messages only briefly. Exporting to BigQuery or a log bucket would store the data in Google Cloud and require additional querying services; exporting to Cloud Storage writes objects in batches, introducing delay and storage charges. A log bucket upgraded to Log Analytics is useful for in-console SQL queries but does not transmit data externally by itself. Therefore, configuring a sink that routes logs to a Cloud Pub/Sub topic in the same project is the correct solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Google Cloud Pub/Sub and how does it work?
Open an interactive chat with Bash
Why is Cloud Storage not suitable for near-real-time log forwarding?
Open an interactive chat with Bash
What are the benefits of a Pub/Sub push subscription over a pull subscription?
Open an interactive chat with Bash
What is Google Cloud Pub/Sub?
Open an interactive chat with Bash
What does a push subscription in Pub/Sub do?
Open an interactive chat with Bash
Why is Cloud Pub/Sub preferred over BigQuery for forwarding logs in near-real time?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Ensuring successful operation of a cloud solution
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .