Admin Activity logs are enabled by default and record configuration changes. To specifically audit firewall rule changes, you need to ensure Admin Activity logs are enabled (they are by default). However, the question may refer to Data Access logs? But modifying firewall rules is an admin activity.
The steps: ensure Admin Activity logs are enabled (they are by default), but if not, enable them. Then you can view logs in Logging. To capture all changes, you might also want to set audit config at project level.
The question likely expects: enable Admin Activity audit logs (if not already), set the audit config for the project, and view logs in Log Explorer. However, Admin Activity logs are always enabled. So steps: (1) Verify that Admin Activity audit logs are enabled (they are by default), (2) Optionally set audit config for Data Access if needed? But the question specifically says 'actions that modify', which is Admin Activity.
I think the intended correct answers are: Enable Admin Activity audit logs (if not), configure audit logs at the project level, and view logs in Logging. Let's provide plausible correct answers based on typical exam expectations: The three steps could be: (A) Enable Data Access audit logs? No. Let's decide: The correct answer is likely: (A) Enable Admin Activity audit logs (they are enabled by default but still a step), (B) Configure audit logging at the project level, (C) View logs in Log Explorer.
But those are generic. The question might expect specific commands or settings. Given the domain content, it might be about using gcloud logging or IAM audit config.
I'll construct options accordingly.