GCP Professional Cloud Security Engineer Practice Question
A European bank runs its core payment system in Google Cloud projects under a production folder. Auditors must obtain tamper-evident records whenever Google staff access customer data or configurations in Cloud Spanner, BigQuery, or other services to satisfy GDPR accountability. All Cloud Audit Logs are already exported to an Object Versioning Cloud Storage bucket using an aggregated organization-level sink. Which action meets the requirement with the least additional operational overhead while keeping the audit trail in the same bucket?
Enable Access Transparency on each production project and create a dedicated logging sink per project that exports only Access Transparency entries to the bucket.
Enable Access Transparency at the organization level and rely on the existing aggregated log sink so the new entries are exported automatically.
Enable Access Approval on all production projects so auditors can review and approve every Google support access request before it occurs.
Grant auditors the Logs Explorer role (roles/logging.privateLogViewer) on every production project and instruct them to query for Google access in Admin Activity logs.
Access Transparency adds near real-time Cloud Logging entries whenever Google personnel access customer content or configurations. Enabling the feature at the organization level automatically covers every current and future project, including those in the production folder. Because the security team already exports all log types through an aggregated sink, the new Access Transparency entries are forwarded to the existing immutable Cloud Storage bucket without any extra configuration. Access Approval would add an approval workflow that is unnecessary for simply obtaining audit logs, and creating per-project sinks or granting viewers per project would increase administrative effort.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Access Transparency in Google Cloud?
Open an interactive chat with Bash
How does Access Transparency differ from Access Approval?
Open an interactive chat with Bash
What is an aggregated organization-level log sink in Google Cloud?
Open an interactive chat with Bash
What is Access Transparency in GCP?
Open an interactive chat with Bash
What is an aggregated organization-level logging sink?
Open an interactive chat with Bash
How does Access Approval differ from Access Transparency?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Supporting compliance requirements
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .