Free Google Professional Data Engineer Actual Exam Questions - Question 14 Discussion
allow them to work with multiple GCP products in their projects. Your organization requires that all
BigQuery data access logs be retained for 6 months. You need to ensure that only audit personnel in
your company can access the data access logs for all projects. What should you do?
D Exporting logs with an aggregated sink to one project makes it simpler to control access strictly for audit personnel and ensures compliance uniformly across all projects.
Makes sense to go with D since aggregated export sinks collect logs from all projects in one place, making it easier to control access and meet retention rules. D.
C vs D? Both create a separate project for audit logs, which isolates access well. But D uses aggregated export, so it covers all projects automatically—less manual setup and better for compliance.
D is better for centralized control and meeting the 6-month retention policy.
Reject B, exporting to analysts’ buckets risks exposing logs to them.
D, since centralized export makes managing audit access easier across projects.
Seen questions about restricting audit log access before, but this one’s tricky since it’s about multiple projects and keeping logs secure. Why not a project-level export sink? But then again, an aggregated sink might centralize better. Wonder if they want centralized control or not.