GCP Professional Cloud Security Engineer Practice Question

Your security team needs to run SQL queries in Log Analytics to identify outbound HTTP requests that Cloud NGFW blocks as command-and-control traffic. You deployed a regional Cloud NGFW Standard tier with layer-7 inspection and enabled logging, but no threat-type entries appear in Cloud Logging. Without adding new third-party services, what change will allow the SOC to obtain the required threat logs?

Enable Firewall Rules Logging on all VPC firewall rules and include full metadata to capture threat information.
Configure Packet Mirroring to feed traffic to Cloud IDS and query the resulting IDS alert logs in Log Analytics.
Migrate the regional Cloud NGFW to the Enterprise tier and enable intrusion prevention with threat logging on each firewall policy rule.
Activate Event Threat Detection in Security Command Center and export its findings to Log Analytics for analysis.

Report Issue

Answer Description

Upgrading the deployment to Cloud NGFW Enterprise tier unlocks signature-based intrusion prevention and threat intelligence. After the upgrade, you must explicitly enable intrusion prevention and threat logging on each relevant firewall policy rule. Only then does Cloud NGFW generate threat-type log entries that Log Analytics can query. Firewall Rules Logging, Security Command Center's Event Threat Detection, or Cloud IDS either lack the necessary telemetry or add extra services and cost without making Cloud NGFW itself emit threat logs.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.