Google Cloud Professional Cloud Security Engineer Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Google Cloud Professional Cloud Security Engineer Exam with our interactive quiz. Study with flashcards and multiple-choice questions, complete with hints and explanations. Ace your exam with confidence!

Practice this question and more.

What method should be used to audit new resources created by a compromised service account?

Check the Admin Activity logs
Review the Resource Manager
Use Cloud DLP logs
Consult the Cloud Function logs

The correct answer is: Check the Admin Activity logs

To audit new resources created by a compromised service account, checking the Admin Activity logs is the most effective method. Admin Activity logs in Google Cloud capture the administrative actions taken on resources within your Google Cloud project. This includes operations such as the creation, modification, or deletion of resources, which means if a compromised service account is being used to create new resources, those actions will be recorded in the Admin Activity logs. These logs provide detailed information about who performed the action, the timestamp of the activity, and the type of resource involved. By reviewing these logs, you can trace back the actions taken by the compromised service account and identify any unauthorized or unexpected resource creations. In contrast, reviewing the Resource Manager primarily provides a view of existing resources and their configurations rather than historical actions taken on them. Cloud DLP logs focus on data loss prevention activities and may not provide direct insights into resource creation by service accounts. Consulting Cloud Function logs would only reveal activities specific to Cloud Functions and not a broader range of resources created by a service account. Therefore, Admin Activity logs are the most comprehensive and suitable choice for auditing resource creation by a compromised service account.