You are performing a monthly security check of your Google Cloud environment and want to know who has access to view data stored in your Google Cloud Project. What should you do?
A.
Enable Audit Logs for all APIs that are related to data storage.
B.
Review the IAM permissions for any role that allows for data access.
C.
Review the Identity-Aware Proxy settings for each resource.
B is the one:
A. Enable Audit Logs for all APIs that are related to data storage. --> That is not the correct answer, if someone with permissions has not accessed or does not access, it will not be listed.
B. Review the IAM permissions for any role that allows for data access. --> That's correct
C. Review the Identity-Aware Proxy settings for each resource. --> Nothing relevant, Proxy? Is configured? The question don't ask or tell something about if it is configured.
D. Create a Data Loss Prevention job. --> Data Loss Prevention nothing to see here.
B. 'Audit logs help you answer "who did what, where, and when?"'(from https://cloud.google.com/logging/docs/audit). So, not who has access, but rather who accessed.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
JelloMan
Highly Voted 2 years, 3 months agoAlejondri
Highly Voted 2 years, 3 months agoccpmad
Most Recent 3 months agoJonassamr
3 months, 2 weeks agosnkhatri
2 years agoNaree
1 year, 1 month agoAzureDP900
2 years, 2 months agoakshaychavan7
2 years, 3 months agoTerzlightyear
2 years, 3 months agosdflkds
2 years, 3 months agoMaltb
2 years, 4 months ago