A recent audit revealed that a new network was created in your GCP project. In this network, a GCE instance has an SSH port open to the world. You want to discover this network's origin. What should you do?
A.
Search for Create VM entry in the Stackdriver alerting console
B.
Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry
C.
In the Logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry
D.
Connect to the GCE instance using project SSH keys. Identify previous logins in system logs, and match these with the project owners list
I am going to go with C. Answer A doesn't seem to fit because the matter of when a VM was created.
Answer B focuses on Data Access logs which doesn't seem to fit since the matter of creating a network firewall rule
is an Admin activity, not a data access activity.
D focuses on who logged in which is good to know but doesn't answer the question of how the network was created.
C focuses on logging, the selection of network events, and the Create/Insert entry.
Option C is incorrect because the GCE Network logs are not the correct place to search for the creation of a VM instance. The correct place to search for this information is the Activity page, as specified in option B.
Sorry to gripe again, but why on Earth would anybody need to remember this from the top of their mind. You will never be in a situation in which you need to remember this without looking at the available options in the console (or simply Googling it, lol).
In Logs Explorer , Filter "resource.type="gce_firewall_rule" and Query insert Create
You would see below and email address
"methodName": "v1.compute.firewalls.insert",
"authorizationInfo": [
{
"permission": "compute.firewalls.create",
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
clouddude
Highly Voted 3 years, 1 month agoEroc
Highly Voted 3 years, 8 months agotartar
2 years, 11 months agoAugustoKras011111
Most Recent 4 months agoNodummyIQ
6 months agon_nana
5 months, 3 weeks agomegumin
7 months, 3 weeks agoMahmoud_E
8 months, 2 weeks agoAzureDP900
8 months, 2 weeks agocloudmon
1 year, 2 months agovincy2202
1 year, 6 months agoBobch
1 year, 6 months agojoe2211
1 year, 7 months agomuneebarshad
1 year, 10 months agobala786
1 year, 11 months agovictory108
2 years, 1 month agoun
2 years, 1 month agoAusias18
2 years, 3 months agowillan
2 years, 5 months ago