A security engineer needs to ensure that all Google Cloud API calls in the organization are logged and retained for 7 years for compliance. Admin Activity logs are enabled by default but retention is limited. Which combination of actions should the engineer take?
Trap 1: Create a log sink to export Admin Activity logs to BigQuery and set…
BigQuery is for querying, not long-term archival at lower cost. Cloud Storage is more cost-effective for archival.
Trap 2: Enable Data Access logs for all services and set a custom retention…
Data Access logs are not needed for Admin Activity logs, and audit log retention cannot be extended beyond 400 days in Logging; you must export.
Trap 3: Enable the 'Admin Activity logs' retention to 7 years in the…
Audit log retention cannot be changed; you must export logs to extend retention.
- A
Create a log sink with _Required log view filter to export Admin Activity logs to Cloud Storage with a retention policy of 7 years.
The _Required log view includes Admin Activity logs. Exporting to Cloud Storage allows archiving with retention policies.
- B
Create a log sink to export Admin Activity logs to BigQuery and set the table expiration to 7 years.
Why wrong: BigQuery is for querying, not long-term archival at lower cost. Cloud Storage is more cost-effective for archival.
- C
Enable Data Access logs for all services and set a custom retention period of 7 years on the log bucket.
Why wrong: Data Access logs are not needed for Admin Activity logs, and audit log retention cannot be extended beyond 400 days in Logging; you must export.
- D
Enable the 'Admin Activity logs' retention to 7 years in the Logging settings.
Why wrong: Audit log retention cannot be changed; you must export logs to extend retention.