You want to audit all data access to Cloud Storage buckets in your project and store logs in BigQuery for analysis. Which steps should you take?

hard📝 Best Practice Q15 of 15

GCP - Cloud IAM Advanced

AEnable data access audit logs for Cloud Storage, create a sink with filter resource.type="gcs_bucket", export to BigQuery dataset

BEnable system logs only, create a sink exporting all logs to Cloud Storage

CInstall logging agents on VMs, export logs to BigQuery without filters

DCreate a firewall rule to allow logging traffic, enable data access logs

Step-by-Step Solution

Solution:

Step 1: Enable data access audit logs for Cloud Storage
This ensures logs capture who accessed or changed Cloud Storage buckets.
Step 2: Create a sink with filter resource.type="gcs_bucket" and export to BigQuery
This filters logs to only Cloud Storage bucket access and stores them in BigQuery for analysis.
Final Answer:
Enable data access audit logs for Cloud Storage, create a sink with filter resource.type="gcs_bucket", export to BigQuery dataset -> Option A
Quick Check:
Enable logs + filter + export to BigQuery = audit setup [OK]

Quick Trick: Enable logs, filter by resource, export to BigQuery [OK]

Common Mistakes:

Master "Cloud IAM Advanced" in GCP

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More GCP Quizzes