Google Cloud Professional Cloud Security Engineer Practice Exam

Which type of logs should be analyzed to detect possible intrusions when using Identity-Aware Proxy (IAP)?

• A. System logs
• B. Data Access audit logs
• C. Admin audit logs
• D. IAM policy logs

The correct answer is: Data Access audit logs

Analyzing Data Access audit logs is essential for detecting possible intrusions when using Identity-Aware Proxy (IAP) because these logs contain records of user interactions with protected resources and services. When IAP is employed, it safeguards applications by enforcing identity and access management policies. Data Access audit logs specifically capture attempts to access application resources, including successful and failed access attempts. By reviewing these logs, security professionals can identify unusual patterns of access that may indicate unauthorized attempts to retrieve sensitive data or gain access to protected applications. This includes analyzing anomalies such as repeated failed attempts by a user or accessing resources that are atypical for a specific user profile. In contrast, system logs typically record operating system-level events and may not provide details specific to user access patterns related to IAP. Admin audit logs document changes made by administrators to resources and configurations but are less focused on user-level access to applications. IAM policy logs primarily track changes to identity and access management policies, which while important for governance, may not directly reveal access attempts indicative of security incidents. Therefore, Data Access audit logs are crucial for monitoring and improving security in environments utilizing Identity-Aware Proxy.