Cloud Monitoring is the correct service. An alerting policy specifies: the metric to watch (HTTP error rate), the threshold (5%), the evaluation window (5 minutes), and the notification channel (email, PagerDuty, Slack, etc.). This is a core Cloud Monitoring capability.
Why this answer
Cloud Monitoring is the correct service because it is purpose-built for creating alerting policies based on metrics like HTTP error rates. You can define a condition that triggers when the error rate exceeds 5% for a specified evaluation window (e.g., 5 minutes) and route the alert through a notification channel (e.g., email, Slack). This directly matches the requirement for a metric-based alert with a time-based threshold.
Exam trap
Google Cloud often tests the misconception that Cloud Logging can directly send alerts, but in reality, Cloud Logging only stores logs and log-based metrics; the alerting policy must always be configured in Cloud Monitoring.
How to eliminate wrong answers
Option A is wrong because Cloud Logging is used for storing and querying log data, not for creating metric-based alerts on HTTP error rates; while log-based metrics can be created, the alert itself must be configured in Cloud Monitoring, and Cloud Logging does not natively support email notification channels for alerts. Option C is wrong because Cloud Trace is a distributed tracing tool for analyzing request latency and performance, not for monitoring error rates or triggering alerts based on percentage thresholds. Option D is wrong because Security Command Center is a security and risk management service that provides findings for vulnerabilities and threats, not for operational metric-based alerting on web application error rates.