You have sensitive data stored in three Cloud Storage buckets and have enabled data access logging. You want to verify activities for a particular user for these buckets, using the fewest possible steps. You need to verify the addition of metadata labels and which files have been viewed from those buckets. What should you do?
To verify activities such as the addition of metadata labels and which files have been viewed from Cloud Storage buckets, the most efficient method is to use Stackdriver (now called Cloud Logging). Filtering the Stackdriver log in the GCP Console allows you to access comprehensive audit logs that include detailed information about user actions, including metadata modifications and data access. While Activity logs provide some information, they may not cover all relevant events, especially data access logs required for this task.
A is correct. As mentioned in the question, data access logging is enabled. I tried to download a file from a bucket and was able to view this information in Activity tab in console
data access logging don't provide information about addition of metada, so B is correct
I did all the configuration enabling data access logging but I still not able to see the logs when uploading or downloading a file. Does someone here has done it with a different result?
I agree with liyux21 and vito9630. In this reference link below says: In the Activity page, where the identity performing logged actions is redacted from the audit log entry, User (anonymized) is displayed. Beacause of this, I think you can't verify the addition of metadata labels through Activity Logs. https://cloud.google.com/logging/docs/audit#view-activity
activity log is deprecated: https://cloud.google.com/compute/docs/logging/activity-logs
You need to see here, https://cloud.google.com/compute/docs/logging/audit-logging. Admin activity audit logs.
Yes, it is deprecated. However, it became the audit log which is exactly what this question is referring to. Option A is correct in my opinion.
Answer is A. Activity log does indeed show information about metadata. I agree with Eshkrkrkr based on https://cloud.google.com/storage/docs/audit-logs Admin Activity logs: Entries for operations that modify the configuration or metadata of a project, bucket, or object.
'Admin activity logs' capture metadata modification, but its different from 'Data Access logging', right ?
The correct answer is A. Steps: 1 Go to the GCP Console 2 Click on the Hamburger menu in the top left corner of the page 3 Click on Logging 4 Click on the Activity log tab 5 Click on the Filter button 6 In the Resource field, enter the names of the three Cloud Storage buckets 7 In the User field, enter the name of the user whose activities you want to verify 8 Click on the Apply button The Activity log will display all of the activities that have been performed on the three Cloud Storage buckets by the specified user. You can then review the log to identify the addition of metadata labels and which files have been viewed. The other options are not as efficient B because it requires you to create a trace in Stackdriver. This can be time-consuming and error-prone C&D because it does not allow you to filter the results by user or resource
A is correct
Answer is B. Explanation: Activity Logs are essential for tracking administrative and system actions for security and compliance, while Cloud Logging (formerly known as Stackdriver Logging) offers a comprehensive solution for collecting, analyzing, and monitoring a wide range of logs from various sources. Also, the addition of metadata labels can be verified in Cloud Logging only.
Activity Log Usage: Useful for auditing and tracking changes made by users or service accounts to the GCP resources. Stackdriver Log Usage: Useful for monitoring the behavior of applications, diagnosing issues, and understanding the operational state of your system
Using the GCP Console, Filter the activity log to view the information
Option A suggests filtering the Activity log, but the Activity log only shows user activity within a GCP project, not across projects or resources. In this case, the buckets are likely in different projects or locations, so the Activity log may not show all the relevant activity. So B Is correct
Option B is Correct By filtering the Stackdriver logs in the GCP Console, you can easily track and verify activities related to the addition of metadata labels and viewed files for the specified user across the three Cloud Storage buckets. Option A (filtering the Activity log) is not as appropriate because the Stackdriver log provides more detailed and comprehensive logging and monitoring capabilities.
I think it's all about Data Access audit logs, you check it - https://cloud.google.com/storage/docs/audit-logging
The best approach among the given options is to use Option B: Using the GCP Console, filter the Stackdriver log to view the information. This approach would allow you to efficiently filter and analyze the logs related to the Cloud Storage buckets to verify the desired user activities.
A is correct, the activity log has metadata info as well
A is Correct
https://cloud.google.com/logging/docs/audit#view-logs
The correct option to verify activities for a particular user, including the addition of metadata labels and viewed files from Cloud Storage buckets, with the fewest possible steps is: B. Using the GCP Console, filter the Stackdriver log to view the information. Explanation: Stackdriver logging captures logs for various GCP services, including Cloud Storage. By filtering the Stackdriver logs, you can easily view activities such as metadata changes and file accesses for the specified user across multiple buckets. This method allows you to access the relevant information in a centralized manner, minimizing the number of steps required to gather the required insights.
After asking Microsoft Copilot, I got B as a correct answer, but here is what Google Gemini replied: " The best option to verify activities for a particular user with the fewest steps is to: * A. Using the GCP Console, filter the Activity log to view the information. Here's why the other options are less suitable: * B. Stackdriver Logs: While Stackdriver Logs can be used for broader GCP activity logging, Cloud Storage access logs are specifically captured in the Activity log. * C. Viewing the Bucket: This option only shows the current state of the bucket and doesn't provide historical activity information. * D. Stackdriver Trace: Creating a trace is for monitoring service calls and dependencies, not user activity on Cloud Storage buckets. By filtering the Activity log for the specific user and the relevant Cloud Storage buckets, you can efficiently see actions like adding metadata labels and viewing files. "
B is the correct answer