ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 213 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 213
Topic #: 1
[All Professional Cloud Developer Questions]

You are deploying a microservices application to Google Kubernetes Engine (GKE). The application will receive daily updates. You expect to deploy a large number of distinct containers that will run on the Linux operating system (OS). You want to be alerted to any known OS vulnerabilities in the new containers. You want to follow Google-recommended best practices. What should you do?

  • A. Use the gcloud CLI to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.
  • B. Enable Container Analysis, and upload new container images to Artifact Registry. Review the vulnerability results before each deployment.
  • C. Enable Container Analysis, and upload new container images to Artifact Registry. Review the critical vulnerability results before each deployment.
  • D. Use the Container Analysis REST API to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by melisargh at Dec. 2, 2022, 8:31 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zanhsieh
9 months, 3 weeks ago
Selected Answer: B
B. Actually the tricky part for this question is: Is the Container Analysis enabled by default? Can Container Analysis be called on-demand via REST without specifically enabled it? By default GCP does not enable Container Analysis; that's why D is out.
upvoted 2 times
...
Pime13
1 year, 1 month ago
Selected Answer: B
https://cloud.google.com/artifact-registry/docs/analysis Vulnerability scanning can occur automatically or on-demand: When automatic scanning is enabled, scanning triggers automatically every time you push a new image to Artifact Registry or Container Registry. Vulnerability information is continuously updated when new vulnerabilities are discovered. When On-Demand Scanning is enabled, you must run a command to scan a local image or an image in Artifact Registry or Container Registry. On-Demand Scanning gives you more flexibility around when you scan containers. For example, you can scan a locally-built image and remediate vulnerabilities before storing it in a registry. Scanning results are available for up to 48 hours after the scan is completed, and vulnerability information is not updated after the scan.
upvoted 1 times
...
TNT87
1 year, 3 months ago
https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry
upvoted 1 times
...
TNT87
1 year, 3 months ago
Selected Answer: B
Container Analysis is a service that provides vulnerability scanning and metadata storage for containers. The scanning service performs vulnerability scans on images in Container Registry and Artifact Registry, then stores the resulting metadata and makes it available for consumption through an API. Metadata storage allows storing information from different sources, including vulnerability scanning, other Google Cloud services, and third-party providers. https://cloud.google.com/container-analysis/docs/container-analysis
upvoted 1 times
...
sharath25
1 year, 4 months ago
Selected Answer: B
option B
upvoted 1 times
...
zellck
1 year, 4 months ago
Selected Answer: B
B is the answer. https://cloud.google.com/container-analysis/docs/automated-scanning-howto
upvoted 1 times
...
TNT87
1 year, 4 months ago
Answer B If you have done Devops you will understand
upvoted 1 times
...
TNT87
1 year, 4 months ago
Selected Answer: B
Answer B
upvoted 1 times
...
kisswd
1 year, 4 months ago
Selected Answer: B
"Container Analysis REST API" doesn't exist. https://cloud.google.com/container-analysis/docs/os-overview says: The Container Scanning API allows you to automate OS vulnerability detection, scanning each time you push an image to Container Registry or Artifact Registry. Enabling this API also triggers language package scans for Go and Java vulnerabilities (Preview).
upvoted 1 times
TNT87
1 year, 3 months ago
Do not confuse yourself, there is Container analysis API, it exists. check what the question requires, ok https://cloud.google.com/container-analysis/docs/reference/rest
upvoted 1 times
...
kisswd
1 year, 4 months ago
After reviewing the document again, I changed my answer to D.
upvoted 2 times
TNT87
1 year, 3 months ago
It cant be D,thats not how the Container analysis API works
upvoted 1 times
...
...
...
ladannylondo
1 year, 4 months ago
Selected Answer: B
https://cloud.google.com/container-analysis/docs/enable-container-scanning
upvoted 1 times
...
melisargh
1 year, 4 months ago
Selected Answer: D
https://cloud.google.com/container-analysis/docs/os-overview
upvoted 1 times
gardislan18
1 year, 4 months ago
Answer is B https://cloud.google.com/container-analysis/docs/automated-scanning-howto
upvoted 2 times
melisargh
1 year, 4 months ago
after re review i think B is correct too but im still not sure
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago