Auditors visit your teams every 12 months and ask to review all the Google Cloud Identity and Access Management (Cloud IAM) policy changes in the previous 12 months. You want to streamline and expedite the analysis and audit process.
What should you do?
Enabling Logging export to Google BigQuery and using ACLs and views to scope the data shared with the auditor is the most appropriate solution. This approach allows auditors to easily query and analyze the relevant IAM policy changes over the past 12 months, thereby streamlining and expediting the audit process. BigQuery is optimized for complex queries, making it efficient for analyzing large sets of logs, and access can be controlled via ACLs and views to ensure auditors only see the relevant data. Unlike other options that may involve more complex and time-consuming setups, this approach leverages the strengths of BigQuery for efficient data querying and access management.
B. https://cloud.google.com/iam/docs/roles-audit-logging#scenario_external_auditors
b) seems correct
I agree. Answer B
The article references either gcs or bq. I think this q is referring to gcs
B makes more sense after reading it. thx
Think B is better. Export to Bigquery and restrict access to queries with ACLs to auditors
I thought same as well. I would go with B
D is ok.
Sorry, changed my view. B is the recommended practice
don't change your view, D was right :)
B is correct
I think D is better. B implies too much data manipulation to make it suitable for an audit.
D, rest all options are no good.
Please check the keywords in question -- "streamline and expedite" -- Bigquery is suitable not storage bucket. so it should be (B)
B talks about ACL in BigQuery and ACL is not associated with BigQuery but with GCS.
D I will not go with B, as the requirement is once for 12 months. Push the data in Coldline for 12 months and retrieve it during audit is enough. Save costs.
Coldline / Archive
Streamline and expedite analysis is the goal. Costs are never brought up.
Based on google documentation B is the correct answer. https://cloud.google.com/iam/docs/job-functions/auditing#scenario_external_auditors Dashboard is available in BigQuery to review historic logs and in case anamoly is found elevated access is provided. Access is revoked after audit activities are done.
It is mentioned here that "Cloud Storage is the destination for long term storage of audit logs". So, going with D https://cloud.google.com/iam/docs/job-functions/auditing#scenario_operational_monitoring
Reading from Cloud Storage raw audit logs (without filtering applied) is everything but streamlined. Imagine the auditor fetching all audit logs, then write some script to analyze them...
D - Correct B - his option requires additional work to set up the ACLs and views to limit an auditor's view of the data. This could be time-consuming and complex to implement. Furthermore, BigQuery may not be the ideal tool for auditors who are only interested in reviewing Cloud IAM policy changes.
Here they didnt asked about analysis so answer is D
Sorry B is the Correct Answer
Auditors don't have why know how make BigQuery queries. They usually ask for evidence files.
``To comply with this requirement, a dashboard is available that provides access to the historic logs stored in BigQuery, and on request, to the Cloud Logging Admin Activity logs. The organization creates a Google group for these external auditors and adds the current auditor to the group. This group is monitored and is typically granted access to the dashboard application. During normal access, the auditors' Google group is only granted access to view the historic logs stored in BigQuery. If any anomalies are discovered, the group is granted permission to view the actual Cloud Logging Admin Activity logs via the dashboard's elevated access mode. At the end of each audit period, the group's access is then revoked.'' https://cloud.google.com/iam/docs/job-functions/auditing#scenario_external_auditors
You want to streamline and expedite the analysis and audit process. Big Query, as the data retention is mentioned, and data is related to Cloud IAM policy changes, it is safe to assume long term retention with annual audit.
That‘s the only logical one also Bard is confirming this one
Both B and D are ok. Using cloud storage requires additional setup for auditors, pulling data to BQ. Using BQ would satisfy "streamline and expedite the analysis and audit process"
ACLs would provide year-round access to the data which is more privileges than necessary. Logs will need to be retained for a full year because hypothetically, January logs could be looked at in December. Cloud Storage offers signed URLs, and less expensive storage options.
READ THIS, ACL is not available in BIG QUERY , thereforeD. Enable Google Cloud Storage (GCS) log export to audit logs into a GCS bucket and delegate access to the bucket