For near real-time detection when a Cloud Run service agent modifies the IAM policy of an Artifact Registry repository, what is the recommended approach?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

Multiple Choice

For near real-time detection when a Cloud Run service agent modifies the IAM policy of an Artifact Registry repository, what is the recommended approach?

Explanation:
The key idea is using a security monitoring service that detects sensitive API activity in near real time. Cloud Audit Logs capture IAM policy changes to Artifact Registry, and Event Threat Detection can be configured with a rule that flags an unexpected Cloud API call when a specific principal (like the Cloud Run service agent) calls a method that modifies IAM policy on a repository. When this rule triggers, it creates a finding in Security Command Center, enabling fast incident response and alerting. This approach is superior because it uses purpose-built threat detection that continuously analyzes security events and integrates with SCC for instant visibility and remediation, without needing custom code to poll logs or wire together triggers. It also allows you to tailor the rule to a particular principal and resource, so you get focused, near-real-time alerts. Other options involve more manual or slower approaches. A custom detector or scanning approach isn’t a standard, real-time solution for IAM policy changes. Routing logs to BigQuery dashboards provides visibility but not immediate alerts. Building a Cloud Run function to react to policy changes adds development and maintenance overhead and slower, bespoke detection compared to the built-in ETD rule.

The key idea is using a security monitoring service that detects sensitive API activity in near real time. Cloud Audit Logs capture IAM policy changes to Artifact Registry, and Event Threat Detection can be configured with a rule that flags an unexpected Cloud API call when a specific principal (like the Cloud Run service agent) calls a method that modifies IAM policy on a repository. When this rule triggers, it creates a finding in Security Command Center, enabling fast incident response and alerting.

This approach is superior because it uses purpose-built threat detection that continuously analyzes security events and integrates with SCC for instant visibility and remediation, without needing custom code to poll logs or wire together triggers. It also allows you to tailor the rule to a particular principal and resource, so you get focused, near-real-time alerts.

Other options involve more manual or slower approaches. A custom detector or scanning approach isn’t a standard, real-time solution for IAM policy changes. Routing logs to BigQuery dashboards provides visibility but not immediate alerts. Building a Cloud Run function to react to policy changes adds development and maintenance overhead and slower, bespoke detection compared to the built-in ETD rule.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy