Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud DevOps Engineer Exam - Topic 3 Question 77 Discussion

Actual exam question for Google's Professional Cloud DevOps Engineer exam
Question #: 77
Topic #: 3
[All Professional Cloud DevOps Engineer Questions]

Your organization stores all application logs from multiple Google Cloud projects in a central Cloud Logging project. Your security team wants to enforce a rule that each project team can only view their respective logs, and only the operations team can view all the logs. You need to design a solution that meets the security team's requirements, while minimizing costs. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

Create log views for each project team, and only show each project team their application logs.Grant the operations team access to the _AllLogs View in the central logging project1.

This approach aligns with the Google Cloud's recommended methodologies for Professional Cloud DevOps Engineers1. Log views allow you to create and manage access control at a finer granularity for your logs. By creating a separate log view for each project team, you can ensure that they only have access to their respective logs. The operations team, on the other hand, can be granted access to the _AllLogs view in the central logging project, allowing them to view all logs as required.

This solution not only meets the security team's requirements but also minimizes costs as it leverages built-in features of Google Cloud's logging and does not require exporting logs to another service like BigQuery (as suggested in option A), which could incur additional costs1.


by Sharen at Sep 18, 2024, 11:19 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud DevOps Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Mirta
6 months ago
I think C is too permissive for project teams.
upvoted 0 times
...
Desiree
6 months ago
D is a solid approach, IAM roles are powerful!
upvoted 0 times
...
Pilar
6 months ago
Wait, can we really limit access like that? Sounds tricky.
upvoted 0 times
...
Mitzie
7 months ago
I disagree, A seems more scalable for future projects.
upvoted 0 times
...
Glenna
7 months ago
Option B sounds like the best choice for access control.
upvoted 0 times
...
Rosalind
7 months ago
I vaguely recall that granting access to the _ Default view might not be secure enough. I think option C could expose logs unintentionally.
upvoted 0 times
...
Rosio
7 months ago
I feel like option D might be overcomplicating things with IAM roles. I thought the simpler solutions were usually better, like using log views.
upvoted 0 times
...
Junita
7 months ago
I think exporting logs to BigQuery like in option A could be costly, especially if we have a lot of logs. We practiced a similar question where cost was a big factor.
upvoted 0 times
...
Lili
8 months ago
I remember we discussed log views in class, but I'm not entirely sure how they work in this context. Would option B really limit access effectively?
upvoted 0 times
...
Taryn
8 months ago
Option A looks promising - exporting logs to BigQuery and granting access seems like a clean way to segregate the data. I'll double-check the pricing implications, but this could be a good solution.
upvoted 0 times
...
Deandrea
8 months ago
Hmm, I'm a bit confused by the different log view options. I'll need to review the Google Cloud Logging documentation to understand the differences between the project-specific views and the central logging project.
upvoted 0 times
...
Kimberlie
8 months ago
This seems like a straightforward access control problem. I'll carefully read through the options and think about the most efficient way to meet the security requirements while minimizing costs.
upvoted 0 times
...
Ligia
8 months ago
I'm leaning towards Option D. Creating IAM roles for each project team and restricting access to their own logs seems like the most secure approach. The operations team can still have viewer access to the central project.
upvoted 0 times
...
Terrilyn
8 months ago
Hmm, this looks like a tricky one. I'll need to think carefully about the different options and what they each allow an app builder to configure.
upvoted 0 times
...
Tran
2 years ago
What do you mean, 'minimize costs'? I'm just going to choose the most secure option, which is D. Forget about the costs, this is a security exam!
upvoted 0 times
...
Elly
2 years ago
Option A seems like a lot of work with the BigQuery tables. I'd go with the simpler solution of log views in Option B.
upvoted 0 times
Erinn
2 years ago
Yeah, creating log views for each project team seems like the best option.
upvoted 0 times
...
Tamesha
2 years ago
I agree, Option B with log views sounds simpler and more efficient.
upvoted 0 times
...
Rebbecca
2 years ago
Option A seems like a lot of work with the BigQuery tables.
upvoted 0 times
...
Rupert
2 years ago
Yeah, creating log views for each project team seems like the best option here.
upvoted 0 times
...
Shasta
2 years ago
I agree, Option B with log views sounds simpler and more efficient.
upvoted 0 times
...
Janna
2 years ago
Option A seems like a lot of work with the BigQuery tables.
upvoted 0 times
...
...
Robt
2 years ago
I'm leaning towards option B, it seems like a good balance between security and accessibility.
upvoted 0 times
...
Thora
2 years ago
I disagree, I believe option D is more secure and cost-effective.
upvoted 0 times
...
Myra
2 years ago
Hmm, I'm not sure about Option C. Granting access to the default view doesn't seem like it would meet the security team's requirements.
upvoted 0 times
...
Dalene
2 years ago
I think option A is the best solution.
upvoted 0 times
...
Sheron
2 years ago
I think Option D is the way to go. Creating IAM roles and restricting access in the individual projects is a more secure approach.
upvoted 0 times
Tommy
2 years ago
Granting viewer access to the operations team in the central logging project is a smart move.
upvoted 0 times
...
Buffy
2 years ago
It's important to restrict access to the Default log view in each individual project.
upvoted 0 times
...
Ashleigh
2 years ago
I agree, creating IAM roles for each project team seems like the best way to control access.
upvoted 0 times
...
Novella
2 years ago
Option D is definitely the most secure choice.
upvoted 0 times
...
...
Mitzie
2 years ago
Option B makes the most sense. Creating log views for each project team is a clean and efficient way to control access to the logs.
upvoted 0 times
Bernadine
2 years ago
I agree, it's important to ensure that each team only has access to the logs they need.
upvoted 0 times
...
Alona
2 years ago
Option B makes the most sense. Creating log views for each project team is a clean and efficient way to control access to the logs.
upvoted 0 times
...
...

Save Cancel