You are part of a security team investigating a compromised service account key.
You need to audit which new resources were created by the service account.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
https://cloud.google.com/iam/docs/audit-logging/examples-service-accountsTo audit the new resources created by a compromised service account key, you should query the Admin Activity logs. The Admin Activity logs provide a record of actions performed by administrators and service accounts in a Google Cloud project, including resource creation, deletion, and modification.
Option A: Querying Data Access logs would not provide information on new resources created by a service account. Data Access logs record accesses to user and system data, such as reads and writes to Cloud Storage objects or changes to BigQuery tables.
Option B: Querying Admin Activity logs is the correct answer as it would provide the necessary information on the new resources created by the service account.
Option C: Querying Access Transparency logs would not provide the necessary information on new resources created by a service account. Access Transparency logs provide visibility into actions taken by Google Cloud employees or contractors who may access customer data or systems.
Option D: Querying Stackdriver Monitoring Workspace would not provide the necessary information on new resources created by a service account. Stackdriver Monitoring provides monitoring and alerting for Google Cloud resources, but it does not provide information on who created the resources or when they were created.
Therefore, the correct answer is B: Query Admin Activity logs.