GCP Professional Cloud Security Engineer Practice Question
Your security team must detect command-and-control (C2) activity originating from Compute Engine VMs in a production VPC and have every Cloud IDS finding available for near-real-time SQL analysis in the organization's centralized "sec-logs" project, which already contains a Log Analytics-enabled log bucket. You want a solution that reuses managed Google Cloud features and minimizes custom code and ongoing maintenance. What should you do?
Create a regional Packet Mirroring policy that mirrors all VM egress traffic to a new Cloud IDS endpoint in the same region, then configure an organization-level aggregated log sink that filters on the Cloud IDS threat log and routes it to the existing "sec-logs" log bucket.
Enable VPC Flow Logs at sampling rate 1.0, export the logs to Pub/Sub, and deploy a Dataflow pipeline that parses the logs and writes C2 events to BigQuery in the "sec-logs" project.
Deploy third-party IDS sensors on a dedicated GKE cluster, forward mirrored traffic to the sensors, and use a custom Fluentd daemonset to push alerts to the "sec-logs" bucket.
Turn on Cloud NGFW in Enterprise tier with threat prevention, then configure Cloud Monitoring alerting policies to copy all firewall threat logs into the "sec-logs" project via Pub/Sub.
Cloud IDS requires a Packet Mirroring policy to receive a copy of the VPC's traffic. When Cloud IDS analyzes that mirrored traffic it generates threat findings that are written automatically to Cloud Logging in the same project and region where the IDS endpoint resides, using the log type ids.googleapis.com/threat. An aggregated sink created at the organization (or folder) level can match this log with a filter such as log_id("ids_threat") and route every matching entry, in near real time, to the existing log bucket in the centralized security project. Because aggregated sinks are managed by Cloud Logging, no custom code, additional services, or third-party collectors are required, and the data becomes immediately queryable with Log Analytics in BigQuery SQL. The other options either miss Cloud IDS entirely, rely on VPC Flow Logs (which do not detect application-layer C2 patterns), or introduce unnecessary custom pipelines and maintenance overhead.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Packet Mirroring, and why is it important for Cloud IDS?
Open an interactive chat with Bash
What is an aggregated log sink, and how does it work in this solution?
Open an interactive chat with Bash
Why is Cloud IDS better for detecting C2 traffic compared to VPC Flow Logs?
Open an interactive chat with Bash
What is Cloud IDS and how does it help detect C2 activity?
Open an interactive chat with Bash
What is a Packet Mirroring policy, and why is it needed for Cloud IDS?
Open an interactive chat with Bash
What is an aggregated log sink, and how does it simplify security workflows?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Managing operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .