You want to log all API calls and resource changes for audit purposes. Which GCP service should you use?

  1. Cloud Trace
  2. Cloud Monitoring
  3. Cloud Audit Logs ✓
  4. Cloud Logging

Correct answer: Cloud Audit Logs

Cloud Audit Logs is the GCP service specifically designed to record all administrative activity, data access, and system events across GCP services, providing a tamper-evident audit trail required for compliance, security investigations, and governance. Option A, Cloud Trace, is a distributed tracing service used to measure application latency and debug performance issues, not to log API calls for audit purposes. Option B, Cloud Monitoring, collects metrics and uptime data for observability and alerting, but does not provide the structured audit trail of API calls and resource changes that compliance scenarios require. Option D, Cloud Logging, is a broader log management service that ingests and stores logs from many sources; Cloud Audit Logs is a specific capability within the GCP logging infrastructure dedicated to audit records, making it the precise answer for this use case.

Topic: · cloud audit logs, gcp compliance, api logging, security audit

Practice Google Cloud Professional Cloud Architect Questions Free