Ensure Auditor Access to Data in Google Cloud Storage

D.

The best solution for allowing the auditor to view your organization's use of data in Google Cloud, specifically who accessed data in Cloud Storage buckets, is to turn on Data Access Logs for the buckets they want to audit, and then build a query in the log viewer that filters on Cloud Storage.

Option A is the correct answer because enabling Data Access Logs allows for granular, fine-grained logging of all access to objects within Cloud Storage buckets. This includes both successful and failed attempts to access objects, as well as information about the requester such as their IP address, identity, and other metadata.

Once Data Access Logs are enabled, you can use the Cloud Logging Viewer to build a query that filters specifically on Cloud Storage activity, making it easier for the auditor to quickly identify the relevant logs they need to review.

Option B is not the best choice because while Admin Activity Audit Logs do capture information about who is accessing Cloud Storage buckets, they do not provide the level of detail that Data Access Logs do. Additionally, creating a Data Studio report on Admin Activity Audit Logs may not be the most efficient way for the auditor to access the information they need.

Option C is not ideal because Cloud Monitoring provides information about system performance and uptime, but does not capture the same level of detail about who is accessing Cloud Storage buckets that Data Access Logs do.

Option D is not the best choice because while the export logs API can provide access to Admin Activity Audit Logs, as mentioned earlier, these logs do not provide the level of detail about data access that Data Access Logs do.

In summary, the best solution is to enable Data Access Logs and use the Cloud Logging Viewer to build a query that filters specifically on Cloud Storage activity to allow the auditor to view your organization's use of data in Google Cloud.