Exam Professional Cloud Security Engineer topic 1 question 158 discussion

The A and the C are the two possible (12 years retention is not possible with Cloud Logging...max 3650 days) so now the question is...pub/sub or not pub/sub.... in my opinion when it's said...limit overhead, i should go with the A....but not really sure

A: Google recommand to avoid developping new code while it propose service for that => incorrect B: seem to reponse for this needs => correct C: Pub/sub is not using for forwarding log, it is an event notification, and no configuration for the retention 12 years is proposed => incorrect D: how the application will forward the logs to the bucket ? => incorrect

Max custom log retention: https://cloud.google.com/logging/docs/buckets#custom-retention

Selected Answer: A

Option B is the best approach because it leverages the Google Cloud's operations suite Cloud Logging agent for efficient log collection, ensures compliance with data residency requirements by storing logs in the EUROPE-WEST1 region, and allows for setting a custom retention policy of 12 years. This solution balances operational efficiency with compliance and cost-effectiveness.

A is the solution because you can't have a retentioon more than 3650 days

We need a Cloud Storage bucket not a log bucket, as their max log retention period is 10 years, so B and D are out. A does not minimize overhead as it is additional work. That leaves C in my opinion.

B is correct. This option totally makes sense because approach points to decrease overhead and optimize cost.

A With Cloud Storage you can set a maximum retention period of 3,155,760,000 seconds (100 years). You can configure Cloud Logging to retain your logs only between 1 day and 3650 days.

Answer is B. Google recommand to avoid developping new code.

B make sense

It's A. B,D are not viable because max is 10 years.

A is least overhead B,D are not viable because max is 10 years. C has unnecessary hop/step before forwarding. Unnecessary network and (temporary?) storage overhead. Reference: https://cloud.google.com/logging/docs/buckets#custom-retention

Answer A not B

B. Configure your Compute Engine instances to use the Google Cloud's operations suite Cloud Logging agent to send application logs to a custom log bucket in the EUROPE-WEST1 region with a custom retention of 12 years.

B. Configure your Compute Engine instances to use the Google Cloud's operations suite Cloud Logging agent to send application logs to a custom log bucket in the EUROPE-WEST1 region with a custom retention of 12 years. read more about it here- https://youtu.be/MI4iG2GIZMA