GCP Professional Cloud Security Engineer Practice Question
Your security team needs a single organization-level aggregated sink that forwards only Cloud Audit Data Access logs produced by BigQuery to a dedicated BigQuery dataset in a central logging project. All other log types must be excluded to reduce ingestion costs. Which advanced logs filter should you configure on the sink to meet these requirements while exporting the minimum possible volume of logs?
resource.type="bigquery_dataset" AND logName="projects/*/logs/cloudaudit.googleapis.com%2Factivity"
protoPayload.methodName:"google.cloud.bigquery.*" AND severity>=NOTICE
logName="projects/*/logs/cloudaudit.googleapis.com%2Fdata_access" AND protoPayload.serviceName="bigquery.googleapis.com"
Cloud Audit Data Access logs have the log name that ends with cloudaudit.googleapis.com%2Fdata_access. To further restrict the export to BigQuery activity, the filter must also match the service that generated the audit entry: protoPayload.serviceName="bigquery.googleapis.com". Combining both conditions guarantees that only BigQuery Data Access audit logs are selected, excluding Admin Activity, System Event, Policy Denied, and Data Access logs from other services.
The correct filter therefore uses:
logName="projects/*/logs/cloudaudit.googleapis.com%2Fdata_access" to capture only Data Access logs from every project under the organization.
protoPayload.serviceName="bigquery.googleapis.com" to restrict the logs to BigQuery.
The other options are incorrect:
The expression that relies solely on the log name with bigquery.googleapis.com%2Fdata_access is invalid because BigQuery audit logs are recorded under cloudaudit.googleapis.com, not a service-specific path.
The filter that matches only protoPayload.methodName allows other log types (for example Admin Activity) and includes non-BigQuery services using similar method prefixes, exporting extra logs.
The filter that targets resource.type="bigquery_dataset" and cloudaudit.googleapis.com%2Factivity captures Admin Activity logs, not Data Access, and would miss Data Access logs entirely.
Therefore the first filter is the only one that exports exactly the required subset.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Cloud Audit Logs in GCP?
Open an interactive chat with Bash
Why restrict logs using `protoPayload.serviceName`?
Open an interactive chat with Bash
What is the purpose of an aggregated sink in GCP logging?
Open an interactive chat with Bash
What are Cloud Audit Logs used for?
Open an interactive chat with Bash
What is the significance of 'cloudaudit.googleapis.com%2Fdata_access' in the filter?
Open an interactive chat with Bash
Why is 'protoPayload.serviceName="bigquery.googleapis.com"' important in the filter?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Managing operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .