GoogleGoogle
PROFESSIONAL-CLOUD-DEVELOPER · Question #306
PROFESSIONAL-CLOUD-DEVELOPER Question #306: Real Exam Question with Answer & Explanation
The correct answer is D: After the UAT phase, sign the attestation with a key stored in Cloud Key Management Service. https://cloud.google.com/binary-authorization/
Implementing secure deployment strategies
Question
You manage an application deployed on GKE clusters across multiple environments. You are using Cloud Build to run user acceptance testing (UAT) tests. You have integrated Cloud Build with Artifact Analysis, and enabled the Binary Authorization API in all Google Cloud projects hosting your environments. You want only container images that have passed certain automated UAT tests to be deployed to the production environment. You have already created an attestor. What should you do next?
Options
- AAfter the UAT phase, sign the attestation with a key stored as a Kubernetes secret. Add a GKE
- BAfter the UAT phase, sign the attestation with a key stored as a Kubernetes secret. Add a GKE
- CAfter the UAT phase, sign the attestation with a key stored in Cloud Key Management Service
- DAfter the UAT phase, sign the attestation with a key stored in Cloud Key Management Service
Explanation
Topics
#Binary Authorization#Cloud KMS#Secure Deployments#CI/CD
Community Discussion
No community discussion yet for this question.