The security team must analyze VPC Flow Logs from every current and future project. All flow logs should be copied to a regional log bucket named flow-hub in a central security project, where they will be queried with Log Analytics. The team does not want to create or modify sinks when new projects are created. Which approach meets these requirements with the least operational effort?
Create an organization-level aggregated sink with includeChildren that filters for VPC Flow Logs only, set the destination to the flow-hub log bucket in the security project, then upgrade that bucket to Log Analytics.
In every project, enable VPC Flow Logs and create a sink that exports them to a BigQuery dataset in the security project, configuring another job to transfer new projects automatically.
Create a log-based metric for VPC Flow Logs and schedule a Dataflow pipeline to stream matching log entries from each project's _Default bucket into a BigQuery table.
Configure a Pub/Sub topic to receive all logs, write a Cloud Function that filters VPC Flow Logs and writes them to the flow-hub bucket, then query the data with BigQuery.
An aggregated log sink created at the organization level automatically receives log entries from all existing and future projects when the includeChildren flag is set. By giving the sink a filter that matches only VPC Flow Logs and setting its destination to the flow-hub log bucket in the security project, every relevant log entry is routed centrally without additional per-project work. Upgrading the destination bucket to Log Analytics enables SQL queries over the stored logs. The other options either require manual sink creation in each project, rely on additional services such as Cloud Functions or Dataflow, or export logs to destinations that Log Analytics cannot query directly.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VPC Flow Log?
Open an interactive chat with Bash
What is an organization-level aggregated sink in GCP?
Open an interactive chat with Bash
What is the purpose of upgrading a log bucket to Log Analytics?
Open an interactive chat with Bash
What is an aggregated log sink in GCP?
Open an interactive chat with Bash
What is Log Analytics in GCP?
Open an interactive chat with Bash
How does the includeChildren flag work in an aggregated sink?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Ensuring successful operation of a cloud solution
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .