Practice Test 2 | Google Cloud Certified Professional Cloud Architect | Dumps | Mock Test
One of your primary business objectives is being able to trust the data stored in your application. You want to log all changes to the application data. How can you design your logging system to verify the authenticity of your logs?
A. Create a JSON dump of each log entry and store it in Google Cloud Storage.
B. Write the log concurrently in the cloud and on premises.
C. Digitally sign each timestamp and log entry and store the signature.
D. Use an SQL database and limit who can modify the log table.
Correct Answer: C
C (Correct answer) – Digitally sign each timestamp and log entry and store the signature.
Answers A, B, and D don’t have any added value to verify the authenticity of your logs. Besides, Logs are mostly suitable for exporting to Cloud storage, BigQuery, and PubSub. SQL database is not the best way to be exported or store log data.
Simplified Explanation:-
To verify the authenticity of your logs if they are tampered with or forged, you can use a certain algorithm to generate a digest by hashing each timestamp or log entry and then digitally sign the digest with a private key to generate a signature. Anybody with your public key can verify that signature to confirm that it was made with your private key and they can tell if the timestamp or log entry was modified.
You can put the signature files into a folder separate from the log files. This separation enables you to enforce granular security policies.
Reference:
Comments are closed, but trackbacks and pingbacks are open.