PROFESSIONAL-CLOUD-DEVELOPER Question #340: Real Exam Question with Answer & Explanation

Question

Your team is developing a new application that is packaged as a container and stored in Artifact Registry. You are responsible for configuring the CI/CD pipelines that use Cloud Build. Containers may be pushed manually as a local development effort or in an emergency. Every time a new container is pushed to Artifact Registry, you need to trigger another Cloud Build pipeline that executes a vulnerability scan. You want to implement this requirement using the least amount of effort. What should you do?

Options

• AConfigure Artifact Registry to publish a message to a Pub/Sub topic when a new image is
• BConfigure the Cloud Build CI pipeline that publishes the new image to send a message to a
• CConfigure Artifact Registry to publish a message to a Pub/Sub topic when a new image is
• DUse Cloud Scheduler to periodically check for new versions of the container in Artifact Registry

Explanation

This approach requires the least amount of effort and utilizes built-in integrations within Google Cloud. By configuring Artifact Registry to publish a message to a Pub/Sub topic each time a new image is pushed, you can directly trigger the vulnerability scan pipeline with this Pub/Sub message. This solution is efficient because it automates the process without requiring additional components like Cloud Functions or Cloud Scheduler, and it only triggers when new images are pushed, meeting your requirement for scanning upon each image push.

No community discussion yet for this question.