GCP Professional Cloud Security Engineer Practice Question
Your company operates hundreds of projects spread across several folders in a single Google Cloud organization. Developers in each project rely on the default Cloud Logging buckets for day-to-day troubleshooting and must keep access to those logs. The Security Operations Center wants to run near-real-time SQL correlation queries across all VPC Flow Logs and Cloud IDS threat logs produced anywhere in the organization, but they do not want duplicate records to appear in the central dataset. Which solution provides the required visibility with the least operational overhead while preserving developers' existing log access?
Create a single organization-level aggregated sink with a filter that selects VPC Flow Logs and Cloud IDS threat logs, and route the sink to a BigQuery dataset in a dedicated security project. Leave the sink in its default non-intercepting mode.
Enable Log Analytics in each project and query the resulting BigQuery-powered log buckets through a shared BigQuery connection from the security project.
In every project, enable VPC Flow Logs and Cloud IDS, then create a project-level sink that exports the logs to a Pub/Sub topic which a centralized Dataflow job loads into BigQuery.
Create an organization-level aggregated sink with the intercepting option enabled so the selected logs are routed only to a BigQuery dataset in a security project, preventing them from reaching any child Log Router.
An organization-level aggregated sink automatically includes logs from every descendant folder and project, so it satisfies the requirement to capture all VPC Flow and Cloud IDS logs centrally without per-project maintenance. Leaving the sink in its default non-intercepting mode means the Log Router continues to route matching entries to the individual projects' default log buckets, so developers retain local visibility. Because the projects do not export those logs to the same BigQuery dataset, no duplicate records are written there. An intercepting sink would break developers' access, and creating hundreds of per-project pipelines or enabling Log Analytics in each project adds unnecessary operational burden.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an organization-level aggregated sink in Google Cloud Logging?
Open an interactive chat with Bash
What is the difference between a non-intercepting and intercepting sink?
Open an interactive chat with Bash
How do VPC Flow Logs and Cloud IDS threat logs help with security monitoring?
Open an interactive chat with Bash
What is an organization-level aggregated sink in Google Cloud?
Open an interactive chat with Bash
What does intercepting mode mean when configuring a sink in Google Cloud?
Open an interactive chat with Bash
How does routing logs to BigQuery improve security and analysis capabilities?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Managing operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .