You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (PII) is leaking into certain log entry fields. You want to prevent these fields from being written in new log entries as quickly as possible. What should you do?
A. Use the filter-record-transformer Fluentd filter plugin to remove the fields from the log entries in flight.
B. Use the fluent-plugin-record-reformer Fluentd output plugin to remove the fields from the log entries in flight.
C. Wait for the application developers to patch the application, and then verify that the log entries are no longer exposing PII.
D. Stage log entries to Cloud Storage, and then trigger a Cloud Function to remove the fields and write the entries to Stackdriver via the Stackdriver Logging API.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
A
Explanation
A. Use the filter-record-transformer Fluentd filter plugin to remove the fields from the log entries in flight.
(https://cloud.google.com/logging/docs/agent/logging/configuration#modifying_log_records
Fluentd is a log collector and processor that is commonly used with Google Cloud Platform. The filter-record-transformer plugin for Fluentd can be used to modify log entries as they are being collected, allowing you to remove sensitive fields from the log entries in real-time before they are written to Stackdriver. This can be done quickly, as it doesn’t require changes on the application code.)
B. Use the fluent-plugin-record-reformer Fluentd output plugin to remove the fields from the log entries in flight.
(We need transformer, not reformer.)
C. Wait for the application developers to patch the application, and then verify that the log entries are no longer exposing PII.
(Not an option, since this option may not redact PII data.)
D. Stage log entries to Cloud Storage, and then trigger a Cloud Function to remove the fields and write the entries to Stackdriver via the Stackdriver Logging API.
(Irrelevant, as it’s not stopping to write PII data to log entries.)