nerdexam
ExamsPROFESSIONAL-CLOUD-DEVELOPERQuestions#336
GoogleGoogle

PROFESSIONAL-CLOUD-DEVELOPER · Question #336

PROFESSIONAL-CLOUD-DEVELOPER Question #336: Real Exam Question with Answer & Explanation

The correct answer is C: Create an attestor and a policy. Create an attestation for the container images that have passed. Attestation: By creating an attestation for container images that have successfully passed regression tests, you can enforce deployment policies that only allow images with valid attestations to be deployed to your GKE clusters. Integration with Binary Authorization: This approac

Implementing Security for Applications

Question

You work for a financial services company that has a container-first approach. Your team develops microservices applications. You have a Cloud Build pipeline that creates a container image, runs regression tests, and publishes the image to Artifact Registry. You need to ensure that only containers that have passed the regression tests are deployed to GKE clusters. You have already enabled Binary Authorization on the GKE clusters. What should you do next?

Options

  • ADeploy Voucher Server and Voucher Client components. After a container image has passed the
  • BCreate an attestor and a policy. Run a vulnerability scan to create an attestation for the container
  • CCreate an attestor and a policy. Create an attestation for the container images that have passed
  • DSet the Pod Security Standard level to Restricted for the relevant namespaces. Digitally sign the

Explanation

Attestation: By creating an attestation for container images that have successfully passed regression tests, you can enforce deployment policies that only allow images with valid attestations to be deployed to your GKE clusters. Integration with Binary Authorization: This approach directly integrates with Binary Authorization, allowing it to enforce the deployment policy based on the attestations created during the Cloud Control and Security: This method ensures that only thoroughly tested and verified images are deployed, enhancing the security and reliability of your applications. Options “Deploy Voucher Server and Voucher Client components. After a container image has passed the regression tests, run Voucher Client as a step in the Cloud Build pipeline” and “Set the Pod Security Standard level to Restricted for the relevant namespaces. Digitally sign the container images that have passed the regression tests as a step in the Cloud Build pipeline” do not specifically leverage the attestation mechanism necessary for Binary Authorization. Option “Create an attestor and a policy. Run a vulnerability scan to create an attestation for the container image as a step in the Cloud Build pipeline” focuses on vulnerability scanning, which, while important, does not fulfill the requirement of ensuring that only tested images are deployed.

Topics

#Binary Authorization#GKE Security#Container Security#CI/CD Security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PROFESSIONAL-CLOUD-DEVELOPER PracticeBrowse All PROFESSIONAL-CLOUD-DEVELOPER Questions