PROFESSIONAL-CLOUD-DEVELOPER Question #359: Real Exam Question with Answer & Explanation

Question

You are responsible for improving the security of your Cloud Run services to protect these services against supply chain threats. You need to ensure that there are adequate security controls such as SLSA Level 3 builds for container images and non-falsifiable provenance for container images by using Google Cloud tools. What should you do?

Options

• AAsk developers to build container images locally and ensure strict version controls by using
• BUse Cloud Build to build container images. Configure a Binary Authorization policy on the Cloud
• CUse Cloud Deploy to generate authenticated and non-falsifiable build provenance for container
• DUse Cloud Build to build container images. Use Cloud Scheduler to automate delivery of your

Explanation

Cloud Build supports SLSA (Supply-chain Levels for Software Artifacts) Level 3 by providing verifiable, non-falsifiable provenance for container images. By configuring Binary Authorization on the Cloud Run job, you can enforce deploy-time policies that ensure only trusted, verified container images (with provenance) are deployed. This setup addresses both the security requirements for non-falsifiable provenance and adherence to supply chain best practices against Other options, like using Container Registry or Cloud Deploy, do not directly provide the same level of provenance and control required to meet SLSA Level 3 and Binary Authorization standards for security in Cloud Run deployments.

No community discussion yet for this question.