Your company has a Google Cloud resource hierarchy with folders for production, test, and development. Your cyber security team needs to review your company’s Google Cloud security posture to accelerate security issue identification and resolution. You need to centralize the logs generated by Google Cloud services from all projects inside your production folder to allow for alerting and near-real time analysis. What should you do?
A. Enable the Workflows API and route all the logs to Cloud Logging.
B. Create a central Cloud Monitoring workspace and attach all related projects.
C. Create an aggregated log sink associated with the production folder that uses a Pub/Sub topic as the destination.
D. Create an aggregated log sink associated with the production folder that uses a Cloud Logging bucket as the destination.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
C
Explanation
A. Enable the Workflows API and route all the logs to Cloud Logging.
(Don’t need Workflow API.)
B. Create a central Cloud Monitoring workspace and attach all related projects.
(Not possible at folder level.)
C. Create an aggregated log sink associated with the production folder that uses a Pub/Sub topic as the destination.
(Sink is the native feature of GCP to route logs and this excludes A and B. Also being asked to achieve near-real time analysis, and the pub-sub works better than a bucket.
Cloud Logging includes the capability for log archival in Google Cloud Storage and the ability to send logs to Google BigQuery. In addition, Cloud Logging also allows you to forward these logs to any custom endpoint including third party log management services for advanced and tailored log analytics via the near real-time streaming Google Cloud Pub/Sub API.
https://cloudplatform.googleblog.com/2015/06/Real-Time-Log-Streaming-and-Analysis-with-Google-Cloud-Platform-Logentries.html)
D. Create an aggregated log sink associated with the production folder that uses a Cloud Logging bucket as the destination.
(Cloud Logging bucket is not giving real-time log streaming capabilities. There is slight delay when using Cloud Logging bucket.)