Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Google Discussions

Exam Professional Cloud Security Engineer topic 1 question 188 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 188
Topic #: 1
[All Professional Cloud Security Engineer Questions]

A company is using Google Kubernetes Engine (GKE) with container images of a mission-critical application. The company wants to scan the images for known security issues and securely share the report with the security team without exposing them outside Google Cloud.

What should you do?

  • A. 1. Enable Container Threat Detection in the Security Command Center Premium tier.
    2. Upgrade all clusters that are not on a supported version of GKE to the latest possible GKE version.
    3. View and share the results from the Security Command Center.
  • B. 1. Use an open source tool in Cloud Build to scan the images.
    2. Upload reports to publicly accessible buckets in Cloud Storage by using gsutil.
    3. Share the scan report link with your security department.
  • C. 1. Enable vulnerability scanning in the Artifact Registry settings.
    2. Use Cloud Build to build the images.
    3. Push the images to the Artifact Registry for automatic scanning.
    4. View the reports in the Artifact Registry.
  • D. 1. Get a GitHub subscription.
    2. Build the images in Cloud Build and store them in GitHub for automatic scanning.
    3. Download the report from GitHub and share with the Security Team.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by a190d62 at Aug. 3, 2023, 12:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
espressoboy
Highly Voted 7 months, 2 weeks ago
C Seems like the best fit. I initially chose A but: "The service evaluates all changes and remote access attempts to detect runtime attacks in near-real time." : https://cloud.google.com/security-command-center/docs/concepts-container-threat-detection-overview This has nothing to do with KNOWN security Vulns in images
upvoted 5 times
...
dija123
Most Recent 1 month ago
Selected Answer: C
100% C
upvoted 1 times
...
Andrei_Z
7 months, 3 weeks ago
Selected Answer: C
it is C
upvoted 1 times
...
ArizonaClassics
8 months ago
C. Enable vulnerability scanning in Artifact Registry, use Cloud Build, push images for scanning, view reports: This option fulfills all the requirements. It scans images for vulnerabilities using Google Cloud's Artifact Registry and allows viewing of reports securely within the Google Cloud environment. Cloud Build can also be used to build the images before they are pushed for scanning, which adds an extra layer of validation.
upvoted 1 times
...
cyberpunk21
8 months, 1 week ago
Selected Answer: C
i am going with option C all things considered like cost, time and all. option A sounds sound but to implement we need to update the tier and the security issues are already known so not worth it with option C we can do vuln scan without paying extra
upvoted 2 times
...
ymkk
8 months, 2 weeks ago
Selected Answer: A
https://cloud.google.com/security-command-center/docs/concepts-container-threat-detection-overview
upvoted 2 times
Nachtwaker
1 month, 3 weeks ago
Don't agree, should be C since it is requesting scans from images (so not running container images). The images are static, stored in container registry, not (yet) deployed in GKE.
upvoted 1 times
...
...
a190d62
9 months ago
Selected Answer: C
C: B & D are out due to fact that exposes the results of the scan A & C remains - but to be honest I don't see how updating GKE to the latest version (A) would provide me better vulnerability scan result
upvoted 2 times
a190d62
9 months ago
and (never forget about it people) link: https://cloud.google.com/artifact-registry/docs/analysis
upvoted 1 times
...
akilaz
8 months, 1 week ago
"To detect potential threats to your containers, make sure that your clusters are on a supported version of Google Kubernetes Engine (GKE)" https://cloud.google.com/security-command-center/docs/how-to-use-container-threat-detection Additionaly Answer C doesn't include sharing the report. So in my opinion A
upvoted 3 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel