ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Architect All Questions

View all questions & answers for the Professional Cloud Architect exam
Go to Exam

Exam Professional Cloud Architect topic 1 question 145 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 145
Topic #: 1
[All Professional Cloud Architect Questions]

Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster. You have separate clusters for development, staging, and production. You have discovered that the team is able to deploy a Docker image to the production cluster without first testing the deployment in development and then staging. You want to allow the team to have autonomy but want to prevent this from happening. You want a Google Cloud solution that can be implemented quickly with minimal effort. What should you do?

  • A. Configure a Kubernetes lifecycle hook to prevent the container from starting if it is not approved for usage in the given environment.
  • B. Implement a corporate policy to prevent teams from deploying Docker images to an environment unless the Docker image was tested in an earlier environment.
  • C. Configure binary authorization policies for the development, staging, and production clusters. Create attestations as part of the continuous integration pipeline.
  • D. Create a Kubernetes admissions controller to prevent the container from starting if it is not approved for usage in the given environment.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by SweetieS at Aug. 24, 2021, 5:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
diaga2
Highly Voted 1 year, 10 months ago
C is s fine.
upvoted 15 times
...
[Removed]
Highly Voted 1 year, 4 months ago
Selected Answer: C
I got similar question on my exam. Answered C.
upvoted 11 times
...
Deb2293
Most Recent 3 months, 3 weeks ago
Selected Answer: C
C it is
upvoted 2 times
...
omermahgoub
6 months, 1 week ago
A good option for quickly implementing a solution to prevent deployments to the production cluster without first testing in development and staging would be to configure binary authorization policies for the development, staging, and production clusters. You can then create attestations as part of the continuous integration pipeline. Option C, "Configure binary authorization policies for the development, staging, and production clusters. Create attestations as part of the continuous integration pipeline," would be the correct choice for this scenario. Binary authorization is a feature of Google Kubernetes Engine that allows you to enforce policies on the images that are deployed to your clusters. By configuring binary authorization policies for the development, staging, and production clusters, you can ensure that only images that have been attested by an authorized entity are allowed to be deployed to those clusters. You can create the attestations as part of the continuous integration pipeline, which will allow you to verify that the image has been tested before it is deployed to the next environment.
upvoted 10 times
omermahgoub
6 months, 1 week ago
Option A, "Configure a Kubernetes lifecycle hook to prevent the container from starting if it is not approved for usage in the given environment," would not be a good choice because it would not prevent the deployment of the container to the cluster in the first place. Option D, "Create a Kubernetes admissions controller to prevent the container from starting if it is not approved for usage in the given environment," would also not be a good choice because it would not prevent the deployment of the container to the cluster in the first place. Option B, "Implement a corporate policy to prevent teams from deploying Docker images to an environment unless the Docker image was tested in an earlier environment," would be a good option, but it would not be as effective as using binary authorization policies, as it would rely on the team following the policy rather than enforcing it automatically.
upvoted 2 times
...
...
megumin
7 months, 2 weeks ago
Selected Answer: C
C is ok
upvoted 1 times
...
Thornadoo
11 months ago
Why not A? Need something to be implemented quickly is what the q asks.
upvoted 1 times
...
AzureDP900
12 months ago
C is right.. Binary Authorization implements a policy model, where a policy is a set of rules that governs the deployment of container images. Rules in a policy provide specific criteria that an image must satisfy before it can be deployed. For more information about the Binary Authorization policy model and other concepts, see Key concepts.
upvoted 4 times
AzureDP900
12 months ago
https://cloud.google.com/binary-authorization/docs/overview#policy_model
upvoted 3 times
...
...
yogi_508
1 year, 6 months ago
where the case study questions are available in this website?
upvoted 1 times
...
vincy2202
1 year, 7 months ago
C is the correct answer https://cloud.google.com/binary-authorization/docs/overview
upvoted 6 times
...
Jimjiang
1 year, 8 months ago
C is fine
upvoted 1 times
...
danielfootc
1 year, 8 months ago
I think C is the correct answer.
upvoted 1 times
...
AnilKr
1 year, 9 months ago
C is correct, binary authorization is the solution.
upvoted 2 times
...
victory108
1 year, 10 months ago
C. Configure binary authorization policies for the development, staging, and production clusters. Create attestations as part of the continuous integration pipeline.
upvoted 2 times
...
serious_user
1 year, 10 months ago
C is ok
upvoted 2 times
...
vladik820
1 year, 10 months ago
C is ok
upvoted 2 times
...
SweetieS
1 year, 10 months ago
Sorry, it's C : Configure binary authorization policies for the development, staging, and production clusters. Create attestations as part of the continuous integration pipeline.
upvoted 3 times
...
SweetieS
1 year, 10 months ago
D is ok. https://cloud.google.com/binary-authorization/docs/overview
upvoted 1 times
cugena
1 year, 9 months ago
You meant C I guess
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago