PROFESSIONAL-CLOUD-DEVELOPER Question #358: Real Exam Question with Answer & Explanation

Question

Your application named ecom-web-app is deployed in three GKE clusters: ecom-web-app-dev, ecom-web-app-qa, and ecom-web-app-prod. You need to ensure that only trusted container images are deployed to the ecom-web-app-prod GKE cluster in the production environment while following Google-recommended practices. What should you do?

Options

• ASet up Binary Authorization, and define cluster-specific rules in clusterAdmissionRules nodes in
• BSet up Binary Authorization, and exempt any container images that are not deployed to the ecom-
• CSet up an image verification process that scans the container images in Artifact Registry for
• DSet up an image verification process by using Cloud Functions where the function is invoked

Explanation

Binary Authorization is a Google-recommended security feature that enforces deploy-time security policies for containerized applications running on GKE. By setting up Binary Authorization and defining cluster-specific rules using the clusterAdmissionRules in the policy YAML file, you can ensure that only trusted and verified container images are deployed to the ecom-web-app-prod GKE cluster. This setup allows you to configure specific rules for the production environment, providing an added layer of security and control over which images can Other options, like using an image verification process alone, do not enforce strict deploy-time policies directly at the cluster level and thus may not prevent untrusted images from being

No community discussion yet for this question.