ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 119 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 119
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

You are building and running client applications in Cloud Run and Cloud Functions. Your client requires that all logs must be available for one year so that the client can import the logs into their logging service. You must minimize required code changes. What should you do?

  • A. Deploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods.
  • B. Configure Identity and Access Management (IAM) policies to create a least privilege model on your GKE clusters.
  • C. Use Binary Authorization to attest images during your CI/CD pipeline.
  • D. Enable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by florian_cartron at Oct. 9, 2023, 4:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
florian_cartron
Highly Voted 1 year, 2 months ago
it seems that the question doesn't match the answers.
upvoted 10 times
...
xhilmi
Highly Voted 1 year ago
Selected Answer: C
Maybe this is the correct question for them: As part of your company's initiative to shift left on security, the InfoSec team is asking all teams to implement guard rails on all the Google Kubernetes Engine (GKE) clusters to only allow the deployment of trusted and approved images. You need to determine how to satisfy the InfoSec team's goal of shifting left on security. What should you do? And the answer should be option C: Binary Authorization allows you to define and enforce policies that determine which container images can run in your GKE environment based on image signatures. By integrating Binary Authorization into your CI/CD pipeline, you can ensure that only trusted and approved images, with the correct attestations, are deployed to the GKE clusters.
upvoted 5 times
...
[Removed]
Most Recent 10 months, 3 weeks ago
As part of your company's initiative to shift left on security, the InfoSec team is asking all teams to implement guard rails on all the Google Kubernetes Engine (GKE) clusters to only allow the deployment of trusted and approved images. You need to determine how to satisfy the InfoSec team's goal of shifting left on security. What should you do?
upvoted 2 times
...
activist
1 year ago
Question 119 is a duplicate of question 118.
upvoted 3 times
...
xhilmi
1 year ago
Maybe this is the correct question for them: As part of your company's initiative to shift left on security, the InfoSec team is asking all teams to implement guard rails on all the Google Kubernetes Engine (GKE) clusters to only allow the deployment of trusted and approved images. You need to determine how to satisfy the InfoSec team's goal of shifting left on security. What should you do?
upvoted 2 times
...
Jason_Cloud_at
1 year, 1 month ago
It seems like questions doesnt match with the answers given
upvoted 4 times
...
activist
1 year, 2 months ago
Agreed! The question implies availability: "all logs must be available for one year so that the client can import the logs into their logging service. You must minimize required code changes." However, the answers refer to security (IAM, vulnerabilities, binary authorization, etc.).
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel