GCP Professional Cloud Security Engineer Practice Question
Your company wants to trigger a Cloud Function whenever Security Command Center (SCC) reports a new HIGH-severity finding. You create a dedicated Pub/Sub topic in a central security project and configure an SCC notification with the filter severity="HIGH" that points to this topic. After deployment, no messages arrive on the topic and the function never runs. All APIs are enabled and the notification shows as active. Which change will allow SCC to publish findings to the topic?
Grant the Cloud Functions default runtime service account the Pub/Sub Publisher role on the destination topic.
Enable Data Access audit logs for securitycenter.googleapis.com in the project that owns the Pub/Sub topic.
Configure a Log Router sink that exports all security logs to the same Pub/Sub topic used by the Cloud Function.
Grant the SCC notifications service account ([email protected]) the Pub/Sub Publisher (roles/pubsub.publisher) role on the destination topic.
SCC publishes finding notifications by using a per-organization service account of the form [email protected]. That account needs permission to write to the destination Pub/Sub topic. Granting the Pub/Sub Publisher role on the topic to this SCC notifications service account lets SCC successfully push messages. Granting the Cloud Functions service account privileges, creating a separate Logging sink, or enabling additional audit logs does not give SCC the rights it needs to publish to the topic, so none of those actions would resolve the issue.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the SCC notifications service account and its role in this setup?
Open an interactive chat with Bash
Why does granting the Cloud Function service account the Pub/Sub Publisher role not work?
Open an interactive chat with Bash
What does the Pub/Sub Publisher role allow in GCP?
Open an interactive chat with Bash
What does the SCC notifications service account do?
Open an interactive chat with Bash
What is the Pub/Sub Publisher role, and why is it needed here?
Open an interactive chat with Bash
Why doesn’t granting the Cloud Functions service account the Pub/Sub Publisher role help?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Managing operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .