Google Exam Professional Cloud DevOps Engineer Topic 5 Question 65 Discussion

Actual exam question for Google's Professional Cloud DevOps Engineer exam

Question #: 65
Topic #: 5

[All Professional Cloud DevOps Engineer Questions]

Your company operates in a highly regulated domain. Your security team requires that only trusted container images can be deployed to Google Kubernetes Engine (GKE). You need to implement a solution that meets the requirements of the security team, while minimizing management overhead. What should you do?

AGrant the roles/artifactregistry. writer role to the Cloud Build service account. Confirm that no employee has Artifact Registry write permission.

BUse Cloud Run to write and deploy a custom validator Enable an Eventarc trigger to perform validations when new images are uploaded.

CConfigure Kritis to run in your GKE clusters to enforce deploy-time security policies.

DConfigure Binary Authorization in your GKE clusters to enforce deploy-time security policies

Show Suggested Answer

Suggested Answer: D

by Marvel at Apr 25, 2024, 10:23 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud DevOps Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Azalee

5 months ago

That's a valid point, but I still think Binary Authorization is more comprehensive.

upvoted 0 times

...

Ria

5 months ago

I prefer option A, granting specific roles seems more straightforward.

upvoted 0 times

...

Ellsworth

5 months ago

True, but Binary Authorization is specifically designed for GKE clusters.

upvoted 0 times

...

Tuyet

6 months ago

But what about option C? Kritis can also enforce security policies.

upvoted 0 times

...

Azalee

7 months ago

I agree with Option D ensures deploy-time security policies.

upvoted 0 times

...

Ellsworth

7 months ago

I think option D is the best choice.

upvoted 0 times

...

Aretha

7 months ago

Exactly, it will meet the security team's requirements while minimizing management overhead.

upvoted 0 times

...

Angelo

7 months ago

That sounds like a solid choice. It will ensure only trusted container images are deployed.

upvoted 0 times

...

Aretha

7 months ago

I think we should go with option D) Configure Binary Authorization in our GKE clusters.

upvoted 0 times

Elbert

7 months ago

I'll make sure to implement Binary Authorization to meet the security requirements.

upvoted 0 times

...

Kirk

7 months ago

Agreed, that way we can ensure only trusted container images are deployed to GKE.

upvoted 0 times

...

Marvel

7 months ago

Let's go with option D) Configure Binary Authorization in our GKE clusters then.

upvoted 0 times

...

Jettie

7 months ago

I don't think we need to consider option C, option D seems like the most secure and efficient choice.

upvoted 0 times

...

Temeka

7 months ago

Should we also consider option C) Configure Kritis to run in our GKE clusters to enforce deploy-time security policies?

upvoted 0 times

...

Donte

7 months ago

Option D) Configure Binary Authorization in your GKE clusters to enforce deploy-time security policies sounds like the best choice.

upvoted 0 times

...