GCP Network Audit: Discovering the Origin of a New Network

Discovering the Origin of a New Network in Your GCP Project

Prev Question Next Question

Question

A recent audit revealed that a new network was created in your GCP project.

In this network, a GCE instance has an SSH port open to the world.

You want to discover this network's origin.

What should you do?

Answers

A. Search for Create VM entry in the Stackdriver alerting console

B. Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry

C. In the Logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry

D. Connect to the GCE instance using project SSH keys. Identify previous logins in system logs, and match these with the project owners list.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Incorrect Answers: A: To use the Stackdriver alerting console we must first set up alerting policies.

B: Data access logs only contain read-only operations.

Audit logs help you determine who did what, where, and when.

Cloud Audit Logging returns two types of logs: -> Admin activity logs -> Data access logs: Contains log entries for operations that perform read-only operations do not modify any data, such as get, list, and aggregated list methods.

The correct answer to this question is C. In the Logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry.

Explanation: In this scenario, an audit revealed that a new network was created in your GCP project and a GCE instance has an SSH port open to the world. To discover the origin of this network, you need to investigate the logs generated by the GCP services.

GCP provides a central logging service called Stackdriver Logging, which captures logs from various GCP services, including Compute Engine (GCE). Stackdriver Logging allows you to search and analyze logs from one central location.

To investigate the origin of the network, you should navigate to the Logging section of the console, which is where you can search for logs generated by GCE. In the Logging section, you should specify "GCE Network" as the logging section, which will filter the logs to only show events related to network creation and deletion.

Once you have specified the logging section, you should search for the "Create Insert" entry, which indicates the creation of a new network. The logs will contain information about who created the network, when it was created, and other details that can help you identify the origin of the network.

Option A, "Search for Create VM entry in the Stackdriver alerting console," is not the correct answer because it refers to creating a VM, not creating a network.

Option B, "Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry," is not the correct answer because it also refers to creating a VM, not creating a network.

Option D, "Connect to the GCE instance using project SSH keys. Identify previous logins in system logs, and match these with the project owners list," is not the correct answer because it does not provide a way to identify the origin of the network. It only allows you to identify who logged in to the instance.

Prev Question Next Question