Exam Professional Cloud Security Engineer topic 1 question 199 discussion

The data_access log name only appears if there was traffic to your resource after you enabled Cloud Audit Logs for IAP. Click to expand the date and time of the access you want to review. Authorized access has a blue i icon. Unauthorized access has an orange !! icon. " https://cloud.google.com/iap/docs/audit-log-howto

I will choose A. Not B because we won't get the valuable information - it just reports what were denied. We are looking for what were not get denied so those can be formed as alerts.

B. Policy Denied audit logs Policy Denied audit logs are crucial because they record instances where access to resources was denied based on your IAP policies. These logs can help you identify and investigate unauthorized access attempts, which are critical for detecting potential intrusions. While Data Access and Admin Activity audit logs provide valuable information about resource access and administrative actions, Policy Denied logs specifically highlight security-related events that could indicate malicious activity.

Policy Denied Audit Logs: These logs capture access attempts denied by Identity-Aware Proxy (IAP) policies. They indicate potential unauthorized or suspicious activity, such as users attempting to access resources they are not authorized for. These logs are critical for identifying possible intrusions or misconfigurations in your zero-trust strategy.

https://cloud.google.com/iap/docs/audit-log-howto#viewing_audit A

To effectively monitor and detect possible intrusions related to IAP-protected applications, focusing on Policy Denied audit logs provides the most relevant insights into access control and denial events. These logs help you track access violations and unauthorized attempts, aligning with your zero trust strategy and enabling timely alerts in your SIEM system.

B. Policy Denied audit logs can show when unauthorized users or devices tried to access protected applications and were blocked, which is crucial for identifying and responding to threats. As part of a zero trust strategy, leveraging Identity-Aware Proxy (IAP) involves closely monitoring and analyzing logs to detect potential intrusions and unauthorized activities.

B. Policy Denied audit logs: These logs contain records of access attempts that were denied by IAP policies. Analyzing these logs can help identify unauthorized access attempts and potential intrusion attempts blocked by IAP.

Answer is B

A is fire

https://cloud.google.com/iap/docs/audit-log-howto#viewing_audit