Exam Professional Cloud Security Engineer topic 1 question 10 discussion

Answer is A. https://cloud.google.com/logging/docs/export/aggregated_sinks

To use the aggregated sink feature, create a sink in a Google Cloud organization or folder and set the sink's includeChildren parameter to True. That sink can then export log entries from the organization or folder, plus (recursively) from any contained folders, billing accounts, or projects. You can use the sink's filter to specify log entries from projects, resource types, or named logs. https://cloud.google.com/logging/docs/export/aggregated_sinks so the Ans is A

By setting the parent resource to folders/NONPROD and includeChildren to True, you specifically capture logs from all projects within the NONPROD folder (test and pre-production). This avoids collecting logs from other parts of the organization.

Answer is A.

Centralized Export: By exporting logs at the folder level with includeChildren set to True, you centralize the logging export process. This setup ensures that all logs from the relevant projects under the NONPROD folder are captured without needing individual setups for each project. Real-Time Processing: Using a Cloud Pub/Sub topic allows for real-time log export to your SIEM, which is beneficial for timely log analysis and monitoring.

It can't be C because exporting logs from each development project individually is more complex to manage and requires subscribing your SIEM to multiple topics.

Answer is A

Option C suggests exporting logs to individual Cloud Pub/Sub topics for each dev project, which may not provide a unified view of all development projects' logs.

As per my understanding the Folder NON PROD has three Projects test,nonprod & dev. The questions unified logs from dev only, setting Children properties on FOLDER will extract logs from other two projects which we do not want . so export logs from dev is only solution here - Correct me if I am wrong here ?

Option A is the recommended logging export strategy to meet the requirements: A. Export logs to a Cloud Pub/Sub topic with folders/NONPROD parent and includeChildren property set to True in a dedicated SIEM project. Subscribe SIEM to the topic. Here's why this option is suitable: It exports logs from all development cloud projects under the NONPROD organization folder, ensuring a unified view. The use of the "includeChildren" property set to True allows you to capture logs from all child projects within the folder hierarchy. Exporting logs to a Cloud Pub/Sub topic provides a scalable and real-time way to stream logs to an external system like your SIEM. Subscribing the SIEM to the Pub/Sub topic enables it to consume and process the logs effectively.

Answer is C

Answer should be C. please refer the below link https://cloud.google.com/logging/docs/export/configure_export_v2#managing_sinks

1. They require a unified view of all Dev projects - didn't however mention pre-prod and test otherwise A would have been the right one. Hence C seems to be more accurate.

Definitely A

Option B is not correct because setting the includeChildren property to False will exclude the test and pre-production projects from the log export. Option C is not correct because it would require you to create a separate Cloud Pub/Sub topic for each development project, which would not meet the requirement to obtain a unified log view of all development projects. Option D is not correct because using a publicly shared Cloud Storage bucket would not provide a secure way to store and access the logs. It is generally not recommended to use publicly shared Cloud Storage buckets for storing sensitive data such as logs.

You can create aggregated sinks for Google Cloud folders and organizations. Because neither Cloud projects nor billing accounts contain child resources, you can't create aggregated sinks for those. which means logs will be for the folder and contains non dev entries as well Ans -C

You can create aggregated sinks for Google Cloud folders and organizations. Because neither Cloud projects nor billing accounts contain child resources, you can't create aggregated sinks for those. So ans has to be c