GCP Professional Cloud Security Engineer Practice Question
Your company runs hundreds of Google Cloud projects. VPC Flow Logs, Firewall Rules Logging, and Cloud IDS are enabled everywhere, and an organization-level log retention policy already applies through a centralized Cloud Logging bucket. Security operations engineers now request the ability to run ad-hoc SQL joins that correlate findings from Cloud IDS with VPC Flow Logs across all projects. You must satisfy this request while 1) re-using existing Cloud Logging access controls, 2) avoiding the overhead of managing separate analytical storage, and 3) keeping additional storage costs to a minimum. What should you do?
Stream all network logs to Pub/Sub and process them with a Dataflow pipeline that writes into a manually managed BigQuery dataset; have the SOC query the dataset with SQL.
Forward network logs to Security Command Center and use its query interface to perform the required cross-log correlation analysis.
Create an aggregated sink at the organization level that routes all network logs into a new centralized log bucket and enable Log Analytics on that bucket; instruct SOC analysts to run SQL queries from Logs Explorer against the bucket.
Configure a project-level log sink in every project that exports network logs to a dedicated BigQuery dataset; grant the SOC BigQuery Data Viewer access so they can run SQL joins in the BigQuery console.
Upgrading (or creating) a centralized log bucket with Log Analytics turns that Cloud Logging bucket into a BigQuery-backed view that can be queried with standard SQL from Logs Explorer. The underlying BigQuery dataset is provisioned and managed automatically by Cloud Logging, so you do not need to build or operate separate export pipelines or datasets, and the data remains governed by the same Cloud Logging IAM policies applied to the bucket. Exporting or streaming logs to an external BigQuery dataset (or to Cloud Storage and then loading into BigQuery) would duplicate data, require additional infrastructure, and incur extra storage costs. Security Command Center and Cloud Trace do not provide the required ad-hoc SQL join capability over raw network log entries. Therefore, enabling Log Analytics on an organization-level aggregated log bucket best meets all the stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Log Analytics in Google Cloud and how does it relate to Cloud Logging buckets?
Open an interactive chat with Bash
What is a centralized log bucket and why is it used here?
Open an interactive chat with Bash
How do SQL queries in Logs Explorer help correlate findings from Cloud IDS and VPC Flow Logs?
Open an interactive chat with Bash
How does Log Analytics integrate with BigQuery in Cloud Logging?
Open an interactive chat with Bash
What is the purpose of an aggregated sink in Google Cloud Logging?
Open an interactive chat with Bash
Why is forwarding logs to Security Command Center insufficient for SQL joins?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Managing operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .