GCP Professional Cloud Security Engineer Practice Question

During a scheduled host-maintenance window, Compute Engine automatically live-migrated a critical VM instance. The operations team must locate the audit entry that proves Google Cloud, not a human user, performed the action and also understand any cost implications of keeping that log. Which Cloud Audit Logs type contains this live-migration record, and what is true about the way that log data is ingested and stored by default?

Data Access logs - these entries capture resource reads and writes, are disabled by default, and incur ingestion charges when enabled.
Policy Denied logs - these entries record IAM authorization failures and incur standard Cloud Logging ingestion charges.
System Event logs - these entries are always generated by Google Cloud services and their ingestion is free of charge.
Admin Activity logs - these entries are always generated but their ingestion is billed against your project's Logging usage.

Report Issue

Answer Description

Automatic live migration is triggered by Google-managed maintenance processes, so the action is written to a System Event audit log, the category reserved for events generated by Google Cloud services rather than by users. System Event logs are always on and cannot be disabled. Like Admin Activity and Policy Denied logs, their ingestion does not count against the project's Logging allotment, so the organization is not charged for storing them in Cloud Logging (although long-term exports could incur separate costs). Data Access logs would only appear if explicitly enabled, and Policy Denied logs record access rejections rather than successful system actions. Admin Activity logs are free but capture only user-initiated administrative operations, not system-initiated maintenance events.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.