Exam Professional Cloud Architect topic 1 question 28 discussion

B. https://cloud.google.com/iam/docs/roles-audit-logging#scenario_external_auditors

Think B is better. Export to Bigquery and restrict access to queries with ACLs to auditors

1. Comprehensive Audit Trail: Cloud Logging automatically captures audit logs for all Cloud IAM activity. Exporting these logs to BigQuery provides a centralized and comprehensive audit trail for analysis. 2. Powerful Analysis: BigQuery's analytical capabilities allow auditors to efficiently query and analyze IAM policy changes over the 12-month period. They can filter, aggregate, and generate reports to identify any anomalies or security concerns. 3. Granular Access Control: BigQuery's Access Control Lists (ACLs) and views enable you to precisely control which data the auditors can access. This ensures that they only see the information relevant to their audit without exposing sensitive data. Note: While exporting logs to Cloud Storage is possible, it's less efficient for analysis compared to BigQuery.

Answer B

Option B is the best approach. Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the auditor. This method provides robust querying capabilities, ensures that historical IAM policy changes can be analyzed effectively, and allows you to control access securely.

b is correct because it is easier to implement compared to D

READ THIS, ACL is not available in BIG QUERY , thereforeD. Enable Google Cloud Storage (GCS) log export to audit logs into a GCS bucket and delegate access to the bucket

ACLs would provide year-round access to the data which is more privileges than necessary. Logs will need to be retained for a full year because hypothetically, January logs could be looked at in December. Cloud Storage offers signed URLs, and less expensive storage options.

Both B and D are ok. Using cloud storage requires additional setup for auditors, pulling data to BQ. Using BQ would satisfy "streamline and expedite the analysis and audit process"

Based on google documentation B is the correct answer. https://cloud.google.com/iam/docs/job-functions/auditing#scenario_external_auditors Dashboard is available in BigQuery to review historic logs and in case anamoly is found elevated access is provided. Access is revoked after audit activities are done.

D - Correct B - his option requires additional work to set up the ACLs and views to limit an auditor's view of the data. This could be time-consuming and complex to implement. Furthermore, BigQuery may not be the ideal tool for auditors who are only interested in reviewing Cloud IAM policy changes.

That‘s the only logical one also Bard is confirming this one

D I will not go with B, as the requirement is once for 12 months. Push the data in Coldline for 12 months and retrieve it during audit is enough. Save costs.

Reading from Cloud Storage raw audit logs (without filtering applied) is everything but streamlined. Imagine the auditor fetching all audit logs, then write some script to analyze them...

B talks about ACL in BigQuery and ACL is not associated with BigQuery but with GCS.

You want to streamline and expedite the analysis and audit process. Big Query, as the data retention is mentioned, and data is related to Cloud IAM policy changes, it is safe to assume long term retention with annual audit.

``To comply with this requirement, a dashboard is available that provides access to the historic logs stored in BigQuery, and on request, to the Cloud Logging Admin Activity logs. The organization creates a Google group for these external auditors and adds the current auditor to the group. This group is monitored and is typically granted access to the dashboard application. During normal access, the auditors' Google group is only granted access to view the historic logs stored in BigQuery. If any anomalies are discovered, the group is granted permission to view the actual Cloud Logging Admin Activity logs via the dashboard's elevated access mode. At the end of each audit period, the group's access is then revoked.'' https://cloud.google.com/iam/docs/job-functions/auditing#scenario_external_auditors