Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

Your healthcare enterprise must comply with a policy that any Google administrator access to protected health information (PHI) must be explicitly approved by your security team and later traceable in a single log stream together with regular Cloud Audit Logs. You have already turned on Access Approval for every in-scope project and designated a Google Group to receive approval requests. Which additional action best satisfies the policy requirement for an end-to-end auditable chain of provider access?

  • Enable Access Transparency for the organization and create an aggregated log sink that exports both Access Transparency and Cloud Audit Logs to your central logging project.

  • Deploy a Cloud Function that triggers on Access Approval Pub/Sub notifications and writes a custom record to BigQuery each time a request is granted.

  • Activate automated data inspection jobs in Cloud DLP for the log buckets that hold audit logs.

  • Place the projects inside a VPC Service Controls perimeter and enable dry-run mode to capture any violations.

GCP Professional Cloud Security Engineer
Supporting compliance requirements
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot