Professional Cloud Security Engineer Exam QuestionsBrowse all questions from this exam

Professional Cloud Security Engineer Exam - Question 199


As part of your organization's zero trust strategy, you use Identity-Aware Proxy (IAP) to protect multiple applications. You need to ingest logs into a Security Information and Event Management (SIEM) system so that you are alerted to possible intrusions.

Which logs should you analyze?

Show Answer
Correct Answer: B

To effectively monitor and detect possible intrusions related to IAP-protected applications, Policy Denied audit logs provide the most relevant insights. These logs contain records of access attempts that were denied by IAP policies, helping to identify unauthorized access attempts and potential intrusions. Analyzing these logs aligns with your zero trust strategy by enabling you to track access violations and unauthorized attempts, which is crucial for timely alerts in your SIEM system.

Discussion

7 comments
Sign in to comment
gcp4testOption: A
Aug 4, 2023

The data_access log name only appears if there was traffic to your resource after you enabled Cloud Audit Logs for IAP. Click to expand the date and time of the access you want to review. Authorized access has a blue i icon. Unauthorized access has an orange !! icon. " https://cloud.google.com/iap/docs/audit-log-howto

desertlotus1211Option: B
Feb 12, 2024

Answer is B

glb2Option: B
Mar 19, 2024

B. Policy Denied audit logs: These logs contain records of access attempts that were denied by IAP policies. Analyzing these logs can help identify unauthorized access attempts and potential intrusion attempts blocked by IAP.

Mithung30Option: A
Aug 6, 2023

https://cloud.google.com/iap/docs/audit-log-howto#viewing_audit

cyberpunk21Option: A
Aug 24, 2023

A is fire

jujanosoOption: B
Jul 10, 2024

B. Policy Denied audit logs can show when unauthorized users or devices tried to access protected applications and were blocked, which is crucial for identifying and responding to threats. As part of a zero trust strategy, leveraging Identity-Aware Proxy (IAP) involves closely monitoring and analyzing logs to detect potential intrusions and unauthorized activities.

3d9563bOption: B
Jul 22, 2024

To effectively monitor and detect possible intrusions related to IAP-protected applications, focusing on Policy Denied audit logs provides the most relevant insights into access control and denial events. These logs help you track access violations and unauthorized attempts, aligning with your zero trust strategy and enabling timely alerts in your SIEM system.