Answering the question from the 'pcse: Professional Cloud Security Engineer' exam from Google.

AC.

The administrator is looking for logs that can provide information on who did what, where, and when within their GCP projects. Here are the descriptions of the log streams that can provide the information:

A. Admin Activity logs: Admin Activity logs record administrative activities performed within a GCP project or organization, such as creating or deleting a resource, modifying a policy, or granting permissions. These logs provide information about the identity of the user who performed the action, the time the action was performed, the affected resource, and the action itself. Therefore, Admin Activity logs can help the administrator keep track of who did what and when.

B. System Event logs: System Event logs record system-level events that occur within GCP services. These logs provide information about system health, such as resource allocation, and other system-level events. While system event logs do not directly provide information about who performed the event or where, they can help provide context for administrative activities recorded in Admin Activity logs.

C. Data Access logs: Data Access logs record access to data within GCP services, such as Cloud Storage and BigQuery. These logs provide information about the identity of the user who accessed the data, the time the data was accessed, and the resource that was accessed. Therefore, Data Access logs can help the administrator keep track of who accessed what and when.

D. VPC Flow logs: VPC Flow logs record network flows within a VPC network. These logs provide information about the source and destination of the network traffic, the protocol used, the number of packets and bytes transferred, and the start and end times of the flow. While VPC Flow logs do not directly provide information about who performed the event or where, they can help provide context for administrative activities recorded in Admin Activity logs.

E. Agent logs: Agent logs record activities performed by agents installed on VM instances within a GCP project. These logs provide information about the identity of the user who performed the action, the time the action was performed, the affected resource, and the action itself. Therefore, Agent logs can help the administrator keep track of who did what and when.

Based on the descriptions above, the two log streams that would provide the information that the administrator is looking for are A. Admin Activity logs and C. Data Access logs. Admin Activity logs would provide information about administrative activities performed within the GCP project, while Data Access logs would provide information about access to sensitive data within GCP services.