0
0
GCPcloud~20 mins

Data access logs in GCP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Data Access Logs Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
Understanding Data Access Logs Activation

You enable Data Access logs for a Google Cloud Storage bucket. What is the expected behavior immediately after enabling these logs?

AData Access logs only record write operations, not read operations.
BData Access logs start recording all read and write operations on the bucket immediately.
CData Access logs start recording only after 24 hours delay from enabling.
DData Access logs are not generated unless Audit Logs API is explicitly called.
Attempts:
2 left
💡 Hint

Think about what Data Access logs are designed to capture in Google Cloud.

security
intermediate
2:00remaining
Permissions Required for Viewing Data Access Logs

Which IAM role is required for a user to view Data Access logs in Google Cloud's Cloud Logging?

Aroles/audit.logReader
Broles/storage.objectViewer
Croles/logging.viewer
Droles/owner
Attempts:
2 left
💡 Hint

Consider which role grants read access to logs in Cloud Logging.

Architecture
advanced
3:00remaining
Designing a Secure Audit Logging Architecture

You want to ensure Data Access logs for BigQuery are immutable and stored securely for compliance. Which architecture best achieves this?

AExport Data Access logs to a Cloud Storage bucket with Object Versioning and Bucket Lock enabled.
BStore Data Access logs only in Cloud Logging with default retention settings.
CExport Data Access logs to BigQuery and allow users to modify the logs as needed.
DSend Data Access logs to Pub/Sub and delete them after 30 days.
Attempts:
2 left
💡 Hint

Think about how to make logs tamper-proof and retained for compliance.

Configuration
advanced
3:00remaining
Configuring Data Access Logs for Cloud SQL

Which configuration step is necessary to enable Data Access logs for Cloud SQL instances?

AEnable Data Access logs in Cloud Audit Logs settings and configure export to Cloud Logging.
BEnable SQL Insights and Data Access logs are automatically enabled.
CSet the Cloud SQL instance to private IP mode to activate Data Access logs.
DCreate a custom IAM role with Cloud SQL Admin permissions to enable logs.
Attempts:
2 left
💡 Hint

Consider where Data Access logs are managed in Google Cloud.

Best Practice
expert
4:00remaining
Optimizing Cost and Retention for Data Access Logs

Your organization generates large volumes of Data Access logs daily. What is the best practice to optimize cost while retaining logs for 1 year?

ADisable Data Access logs and rely on System Event logs for auditing.
BKeep all Data Access logs only in Cloud Logging with default retention of 30 days.
CExport logs to BigQuery without partitioning and keep indefinitely.
DExport Data Access logs to Cloud Storage with Nearline storage class and set lifecycle to delete after 1 year.
Attempts:
2 left
💡 Hint

Think about storage classes and lifecycle policies for cost-effective long-term retention.