nerdexam
Palo_Alto_Networks

PCCSE · Question #107

Given the following RQL: event from cloud.audit_logs where operation IN (CreateCryptoKey', DestroyCryptoKeyVersion', `v1.compute.disks.createSnapshot') Which audit event snippet is identified? A. B. C

The correct answer is D. . The RQL 'event from cloud.audit_logs where operation IN (CreateCryptoKey, DestroyCryptoKeyVersion, v1.compute.disks.createSnapshot)' targets GCP-specific audit log operations - KMS key creation/destruction and disk snapshot creation. Option A shows an IAM policy request, Option B

Cloud Compliance and Governance

Question

Given the following RQL:

event from cloud.audit_logs where operation IN (CreateCryptoKey', DestroyCryptoKeyVersion', `v1.compute.disks.createSnapshot') Which audit event snippet is identified? A. B. C. D.

Exhibit

PCCSE question #107 exhibit

Options

  • A"request": { "resource": { "E04J7309307Z", "#type": "type.googleapis.com/google.iam.v1.SetIamPolicyRequest", "policy": { "bindings": [ ] }, "stateTransitionReason": ""}, "elasticipassociations": [], "capacityReservationSpecification":{"capacityReservationReference":"open"}, "elasticInferenceAcceleratorAssociations": []}
  • B{ "Statement": [ { "Action": "", "Effect": "Allow", "Resource": "" } ] }, "Version": "2012-10-17"
  • C"uploaded": "requestMetadata": { "x-cloudAppliedWAFEvent": "Terraform/0.14.0 (https://www.terraform.io) TerraformPlugin-SDK/2.1.0 terraform-provider-google/3.50.0,gsip(gfo)", "callerIp": "34.205.226.255" }, "request": { "#type": "type.googleapis.com/compute.disks.createSnapshot" } }
  • D

How the community answered

(38 responses)
  • A
    3% (1)
  • B
    5% (2)
  • C
    3% (1)
  • D
    89% (34)

Explanation

The RQL 'event from cloud.audit_logs where operation IN (CreateCryptoKey, DestroyCryptoKeyVersion, v1.compute.disks.createSnapshot)' targets GCP-specific audit log operations - KMS key creation/destruction and disk snapshot creation. Option A shows an IAM policy request, Option B contains an AWS IAM policy document (wrong cloud provider entirely), and Option C shows a GCP createSnapshot entry but without the complete matching structure. Option D (rendered as an image in the original exam) contains the properly formatted GCP audit event that matches one of the specified operations in the RQL.

Topics

#RQL#Cloud Audit Logs#Key Management#Cloud Infrastructure Monitoring

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice