ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 153 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 153
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

You are configuring Cloud Logging for a new application that runs on a Compute Engine instance with a public IP address. A user-managed service account is attached to the instance. You confirmed that the necessary agents are running on the instance but you cannot see any log entries from the instance in Cloud Logging. You want to resolve the issue by following Google-recommended practices. What should you do?

  • A. Export the service account key and configure the agents to use the key.
  • B. Update the instance to use the default Compute Engine service account.
  • C. Add the Logs Writer role to the service account.
  • D. Enable Private Google Access on the subnet that the instance is in.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by activist at Oct. 21, 2023, 11:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
khoukha
Highly Voted 6 months ago
answer is C. For B, they specified that a user manager service account is attached to the instance, so the default one will not gonna be used.
upvoted 5 times
...
xhilmi
Most Recent 4 months, 3 weeks ago
Selected Answer: C
The issue described suggests that the service account associated with the Compute Engine instance may not have the necessary permissions to write logs to Cloud Logging. To resolve this issue following Google-recommended practices, you should choose option C: Add the Logs Writer role to the service account. By adding the Logs Writer role to the service account, you grant the necessary permissions to write logs to Cloud Logging. This role provides the required access for the agents running on the instance to send log entries to Cloud Logging. Make sure to follow the principle of least privilege and only grant the minimum permissions required for your application to function. Therefore, the recommended solution is to add the Logs Writer role to the user-managed service account attached to the Compute Engine instance.
upvoted 1 times
...
nqthien041292
4 months, 4 weeks ago
Selected Answer: C
Vote C
upvoted 2 times
...
mshafa
5 months, 3 weeks ago
Selected Answer: C
Same reason as KHOUKHA.
upvoted 4 times
...
Mar_Mar
6 months ago
B is correct : https://cloud.google.com/logging/docs/agent/logging/troubleshooting#verify_default_service_account_permission
upvoted 2 times
...
activist
6 months, 1 week ago
I think answer C is correct in granting the existing service account the least privilege to write logs.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago