Your company sends all Google Cloud logs to Cloud Logging. Your security team wants to monitor the logs. You want to ensure that the security team can react quickly if an anomaly such as an unwanted firewall change or server breach is detected. You want to follow Google-recommended practices. What should you do?
Choose an answer
Tap an option to check your answer.
Correct answer: Export logs to a Pub/Sub topic, and trigger Cloud Function with the relevant log events..
Why this is the answer
Exporting logs to a Pub/Sub topic and triggering a Cloud Function is the recommended practice for real-time anomaly detection. Pub/Sub provides a low-latency, scalable messaging service that can immediately deliver log entries to a subscriber. A Cloud Function can then be triggered by these Pub/Sub messages, allowing for instant processing and alerting based on specific log events (e.g., unwanted firewall changes or server breaches). This reactive approach ensures the security team can respond quickly. Scheduling a cron job with Cloud Scheduler introduces latency, as it only queries periodically, missing real-time detection. Exporting logs to BigQuery is suitable for analytical queries and historical analysis, not real-time event processing. Exporting to Cloud Storage also introduces latency, as it's designed for archival storage, and triggering Cloud Run from new objects in a bucket isn't as immediate or efficient for log processing as Pub/Sub and Cloud Functions.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed