Exam4Training

What should you do?

You are part of a security team investigating a compromised service account key. You need to audit which new resources were created by the service account.

What should you do?
A . Query Data Access logs.
B . Query Admin Activity logs.
C . Query Access Transparency logs.
D . Query Stackdriver Monitoring Workspace.

Answer: B

Explanation:

Admin activity logs are always created to log entries for API calls or other actions that modify the configuration or metadata of resources. For example, these logs record when users create VM instances or change Identity and Access Management permissions.

Reference: https://cloud.google.com/iam/docs/audit-logging/examples-service-accounts

Exit mobile version