nerdexam
Google

PROFESSIONAL-CLOUD-DEVELOPER · Question #314

You are developing a container build pipeline for an application hosted on GKE. You have the following requirements: - Only images that are created using your build pipeline should be deployed on your

The correct answer is B. 1. Create a build pipeline by using Cloud Build with a private worker pool.. Option B is correct because it combines two critical controls: (1) Cloud Build with a private worker pool, which runs build jobs inside your own VPC rather than on Google's shared public infrastructure. This keeps source code and build artifacts from traversing the public interne

Building Cloud-Native Applications

Question

You are developing a container build pipeline for an application hosted on GKE. You have the following requirements:

  • Only images that are created using your build pipeline should be

deployed on your GKE cluster.

  • All code and build artifacts should remain within your environment

and protected from data exfiltration. How should you build the pipeline?

Options

  • A
    1. Create a build pipeline by using Cloud Build with the default worker pool.
  • B
    1. Create a build pipeline by using Cloud Build with a private worker pool.
  • C
    1. Create a build pipeline by using Cloud Build with a private worker pool.
  • D
    1. Create a build pipeline by using Cloud Build with the default worker pool.

How the community answered

(40 responses)
  • A
    5% (2)
  • B
    78% (31)
  • C
    5% (2)
  • D
    13% (5)

Explanation

Option B is correct because it combines two critical controls: (1) Cloud Build with a private worker pool, which runs build jobs inside your own VPC rather than on Google's shared public infrastructure. This keeps source code and build artifacts from traversing the public internet, satisfying the data exfiltration requirement. (2) Binary Authorization, which enforces that only images produced and signed by your specific pipeline can be deployed to the GKE cluster, satisfying the image provenance requirement. Options A and D use the default (public) worker pool, meaning build traffic crosses the public internet, which violates the data exfiltration constraint. Option C uses a private worker pool but likely lacks Binary Authorization or uses an incorrect deployment enforcement mechanism.

Topics

#Cloud Build#Private Worker Pool#Data Exfiltration#Network Security

Community Discussion

No community discussion yet for this question.

Full PROFESSIONAL-CLOUD-DEVELOPER Practice