Exam Professional Cloud Security Engineer topic 1 question 158 discussion

The A and the C are the two possible (12 years retention is not possible with Cloud Logging...max 3650 days) so now the question is...pub/sub or not pub/sub.... in my opinion when it's said...limit overhead, i should go with the A....but not really sure

A: Google recommand to avoid developping new code while it propose service for that => incorrect B: seem to reponse for this needs => correct C: Pub/sub is not using for forwarding log, it is an event notification, and no configuration for the retention 12 years is proposed => incorrect D: how the application will forward the logs to the bucket ? => incorrect

B is OK if the retention period is 10 years. So A should be the best answer https://cloud.google.com/logging/docs/buckets In the Retention period field, enter the number of days, between 1 day and 3650 days, that you want Cloud Logging to retain your logs. If you don't customize the retention period, the default is 30 days.

The best option to meet your requirements is B: Configure your Compute Engine instances to use the Google Cloud's operations suite Cloud Logging agent to send application logs to a custom log bucket in the EUROPE-WEST1 region with a custom retention of 12 years. This solution ensures that: Logs are automatically collected and managed by the Cloud Logging agent, reducing manual overhead. Data is stored within the specified European region. A custom retention policy of 12 years is applied, meeting the business requirement for log preservation. plus: Compute Engine instances do not automatically log into Cloud Logging. You need to install an agent to enable this functionality. Specifically, you can use the Ops Agent, which is recommended for new Google Cloud workloads as it combines both logging and monitoring capabilities

Cos A is hassle, and Google never recommend to mess with app code.

B. Configure your Compute Engine instances to use the Google Cloud's operations suite Cloud Logging agent to send application logs to a custom log bucket in the EUROPE-WEST1 region with a custom retention of 12 years. Option D is not feasible for a 12-year retention requirement because the default log buckets in Google Cloud's operations suite have a fixed retention period of 365 days, which cannot be changed. If the retention requirement exceeds 365 days, a custom log bucket must be used instead.

Option B: Provides a seamless and integrated logging solution while ensuring compliance with location and retention requirements.

A is unnecessary complexity

Without doubt its between A and C due to obvious retention caveats on log buckets. I choose C because of Google's push to simplify everything and to use their own native services rather than tinkering with your app code. Answer C.

Max custom log retention: https://cloud.google.com/logging/docs/buckets#custom-retention

Selected Answer: A

Option B is the best approach because it leverages the Google Cloud's operations suite Cloud Logging agent for efficient log collection, ensures compliance with data residency requirements by storing logs in the EUROPE-WEST1 region, and allows for setting a custom retention policy of 12 years. This solution balances operational efficiency with compliance and cost-effectiveness.

A is the solution because you can't have a retentioon more than 3650 days

We need a Cloud Storage bucket not a log bucket, as their max log retention period is 10 years, so B and D are out. A does not minimize overhead as it is additional work. That leaves C in my opinion.

B is correct. This option totally makes sense because approach points to decrease overhead and optimize cost.

A With Cloud Storage you can set a maximum retention period of 3,155,760,000 seconds (100 years). You can configure Cloud Logging to retain your logs only between 1 day and 3650 days.

Answer is B. Google recommand to avoid developping new code.