0
0
GCPcloud~20 mins

Log Explorer and queries in GCP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Log Explorer Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
Understanding Log Explorer Query Output

You run this Log Explorer query in Google Cloud Platform:

resource.type = "gce_instance"
severity = "ERROR"
"disk"

What will the query return?

AAll log entries from Compute Engine instances regardless of severity that mention the word 'disk'.
BAll log entries from any resource with severity ERROR that mention the word 'disk'.
CAll log entries from Compute Engine instances with severity ERROR that mention the word 'disk'.
DAll log entries from Compute Engine instances with severity ERROR but excluding those mentioning 'disk'.
Attempts:
2 left
💡 Hint

Look at the resource type and severity filters carefully.

🧠 Conceptual
intermediate
2:00remaining
Log Explorer Query Syntax for Time Filtering

Which of these Log Explorer queries correctly filters logs from the last 24 hours?

Atimestamp >= timestamp_sub(current_timestamp(), interval 24 hour)
Btimestamp >= "-24h"
Ctimestamp >= "2024-04-25T00:00:00Z"
Dtimestamp >= "2024-04-26T00:00:00Z"
Attempts:
2 left
💡 Hint

Log Explorer supports relative time syntax like '-24h'.

Configuration
advanced
2:00remaining
Correct Query to Extract HTTP Status Codes

You want to find all HTTP request logs with status code 500 in Log Explorer. Which query is correct?

AhttpRequest.status = 500
BprotoPayload.status = 500
CjsonPayload.status = 500
Dstatus = 500
Attempts:
2 left
💡 Hint

HTTP request logs use a specific field for status codes.

security
advanced
2:00remaining
Detecting Unauthorized Access Attempts Using Log Explorer

Which Log Explorer query best detects unauthorized access attempts to Cloud Storage buckets?

Aresource.type = "gcs_bucket" AND protoPayload.status.code = 7
Bresource.type = "gcs_bucket" AND protoPayload.status.code = 16
Cresource.type = "gcs_bucket" AND protoPayload.authenticationInfo.principalEmail = "unauthorized@example.com"
Dresource.type = "gcs_bucket" AND severity = "ERROR"
Attempts:
2 left
💡 Hint

Look for the status code that means permission denied.

Best Practice
expert
2:00remaining
Optimizing Log Explorer Queries for Performance

You have a large volume of logs. Which query practice improves Log Explorer performance the most?

AUse wildcard characters (*) in text search to match all patterns.
BUse only text search terms without filters to catch all logs.
CUse OR conditions extensively to include many log types.
DUse resource.type and severity filters before text search terms.
Attempts:
2 left
💡 Hint

Filtering by structured fields first reduces data scanned.