Google Cloud Professional Cloud Security Engineer Practice Exam

What is the best way for a customer to reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?

• A. Export logs manually from Stackdriver
• B. Configure Organizational Log Sinks to export to Cloud Pub/Sub
• C. Use Cloud Storage to hold logs for download
• D. Send logs via email alerts

The correct answer is: Configure Organizational Log Sinks to export to Cloud Pub/Sub

The best way for a customer to reliably deliver Stackdriver logs from Google Cloud Platform (GCP) to their on-premises Security Information and Event Management (SIEM) system is to configure Organizational Log Sinks to export to Cloud Pub/Sub. When logs are exported using Cloud Pub/Sub, it allows for real-time, asynchronous transmission of logs. This approach ensures that logs are reliably sent to a specified destination, which can include custom endpoints. The Pub/Sub service facilitates flexible handling of logs, as it can accommodate various consumers that need to process the logs further. By integrating this with on-premises systems, the customer can set up subscribers that pull data from the Cloud Pub/Sub topic and forward it to their SIEM system, facilitating a robust pipeline for log data that can scale and handle potential bursts in log generation. The other approaches lack reliability or scalability. For instance, exporting logs manually from Stackdriver is labor-intensive and prone to human error, making it an unreliable method for consistent logging. Using Cloud Storage for downloading logs is more suitable for ad hoc access rather than continuous delivery, thus not optimal for real-time or nearly real-time logging needs. Sending logs via email alerts is also not feasible for large volumes or structured logging data, leading to potential