GCP Professional Cloud Architect Practice Question

Your security team defines three separate requirements for GCP audit logs: (1) retain all Admin Activity logs for at least seven years in low-cost cold storage; (2) allow data analysts to run ad-hoc SQL queries on the most recent twelve months of logs; (3) forward critical events to an external SIEM with sub-minute latency. You will create one sink per requirement. Which combination of Logging sink destinations meets the goals with minimal operational overhead?

Pub/Sub topic for seven-year retention, BigQuery dataset used for both analytics and SIEM streaming; no Cloud Storage sink required.
Cloud Storage bucket for seven-year retention, BigQuery dataset for the twelve-month analytics window, and Pub/Sub topic for real-time SIEM streaming.
BigQuery dataset for seven-year retention, Cloud Storage bucket for the twelve-month analytics window, and Pub/Sub topic for SIEM streaming.
Cloud Storage bucket for long-term retention, Pub/Sub topic for the twelve-month analytics window, and BigQuery dataset for SIEM streaming.

Report Issue

Answer Description

Cloud Storage is the most economical destination for long-term, infrequently accessed data and therefore suits the seven-year retention mandate. BigQuery stores log entries in structured tables that can be queried immediately with SQL, so it is the best choice for interactive analysis of the last year of logs. Pub/Sub provides a streaming interface that can push each log entry to downstream subscribers in near real time, allowing the SIEM to ingest events with sub-minute latency. The other answer choices either misuse BigQuery for cold storage, rely on Pub/Sub for long-term retention, or require additional tooling to achieve ad-hoc SQL analysis, so they do not meet all three requirements as cleanly.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.