ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 135 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 135
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

Your company operates in a highly regulated domain. Your security team requires that only trusted container images can be deployed to Google Kubernetes Engine (GKE). You need to implement a solution that meets the requirements of the security team while minimizing management overhead. What should you do?

  • A. Configure Binary Authorization in your GKE clusters to enforce deploy-time security policies.
  • B. Grant the roles/artifactregistry.writer role to the Cloud Build service account. Confirm that no employee has Artifact Registry write permission.
  • C. Use Cloud Run to write and deploy a custom validator. Enable an Eventarc trigger to perform validations when new images are uploaded.
  • D. Configure Kritis to run in your GKE clusters to enforce deploy-time security policies.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by koo_kai at Oct. 28, 2023, 7:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
xhilmi
4 months, 3 weeks ago
Selected Answer: A
Choose Ooption A: Configure Binary Authorization in your GKE clusters to enforce deploy-time security policies. Binary Authorization allows you to define and enforce policies that determine which container images can be deployed based on image signatures. By configuring Binary Authorization, you can enforce deploy-time security policies, ensuring that only trusted and verified container images are allowed to run in your GKE clusters. This approach provides a robust security mechanism without requiring additional custom validators or complex configurations, minimizing management overhead while meeting the stringent security requirements of a highly regulated domain.
upvoted 2 times
...
mshafa
5 months, 3 weeks ago
A is the answer.
upvoted 2 times
...
lelele2023
5 months, 4 weeks ago
Selected Answer: A
using binary-authorization
upvoted 2 times
...
koo_kai
6 months ago
Selected Answer: A
https://cloud.google.com/binary-authorization/docs/overview
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago