0
0
GCPcloud~20 mins

Audit logging in GCP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Audit Logging Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding Audit Log Types in GCP

Which of the following is NOT a standard audit log type provided by Google Cloud Platform?

AAdmin Activity logs
BData Access logs
CSystem Performance logs
DPolicy Denied logs
Attempts:
2 left
💡 Hint

Think about the main categories of audit logs GCP provides for tracking user and system actions.

💻 Command Output
intermediate
2:00remaining
Output of Enabling Audit Logs for a Service

What is the output of the following gcloud command when successfully enabling audit logs for the Compute Engine API?

GCP
gcloud logging sinks create my-sink storage.googleapis.com/my-bucket --log-filter='resource.type="gce_instance"' --project=my-project
AERROR: (gcloud.logging.sinks.create) Permission denied.
BCreated sink [projects/my-project/sinks/my-sink].
CNo sinks created. Invalid filter syntax.
DSink already exists with the same name.
Attempts:
2 left
💡 Hint

Successful creation of a sink shows a confirmation message with the sink's full path.

Configuration
advanced
3:00remaining
Configuring Audit Log Exclusions

Which configuration snippet correctly excludes Data Access logs for BigQuery from being ingested into Cloud Logging?

A
{
  "name": "exclude-bigquery-data-access",
  "filter": "logName:bigquery.googleapis.com AND protoPayload.methodName:dataAccess",
  "description": "Exclude BigQuery Data Access logs",
  "disabled": true
}
B
{
  "name": "exclude-bigquery-data-access",
  "filter": "resource.type=bigquery_resource AND logName:dataAccess",
  "description": "Exclude BigQuery Data Access logs",
  "disabled": false
}
C
{
  "name": "exclude-bigquery-data-access",
  "filter": "logName:bigquery.googleapis.com/dataAccess",
  "description": "Exclude BigQuery Data Access logs",
  "disabled": false
}
D
{
  "name": "exclude-bigquery-data-access",
  "filter": "logName:bigquery.googleapis.com AND protoPayload.methodName:dataAccess",
  "description": "Exclude BigQuery Data Access logs",
  "disabled": false
}
Attempts:
2 left
💡 Hint

Check the filter syntax and ensure the exclusion is enabled.

Troubleshoot
advanced
3:00remaining
Troubleshooting Missing Audit Logs

You notice that Admin Activity audit logs for Cloud Storage are missing in Cloud Logging. Which of the following is the MOST likely cause?

AThe Cloud Storage API is disabled in the project.
BAudit logs are only available for Compute Engine resources.
CThe user has not enabled billing for the project.
DThe logs are delayed by 24 hours before appearing.
Attempts:
2 left
💡 Hint

Audit logs require the service API to be enabled to generate logs.

🔀 Workflow
expert
4:00remaining
Steps to Enable and Verify Audit Logging for a New Service

Arrange the steps in the correct order to enable audit logging for a new Google Cloud service and verify logs are generated.

A1,3,2,4
B2,1,3,4
C1,2,3,4
D3,1,2,4
Attempts:
2 left
💡 Hint

Think about enabling the service first, then generating logs, then exporting if needed, and finally verifying.