ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 134 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 134
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

As part of your company's initiative to shift left on security, the InfoSec team is asking all teams to implement guard rails on all the Google Kubernetes Engine (GKE) clusters to only allow the deployment of trusted and approved images. You need to determine how to satisfy the InfoSec team's goal of shifting left on security. What should you do?

  • A. Enable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images
  • B. Use Binary Authorization to attest images during your CI/CD pipeline
  • C. Configure Identity and Access Management (IAM) policies to create a least privilege model on your GKE clusters.
  • D. Deploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by koo_kai at Oct. 28, 2023, 7:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mzansikiller
10 months, 3 weeks ago
Question 134 is question 119.
upvoted 1 times
...
xhilmi
1 year, 6 months ago
Selected Answer: B
To satisfy the goal of shifting left on security and implement guardrails to only allow the deployment of trusted and approved images on Google Kubernetes Engine (GKE) clusters, the recommended approach is (option B) Use Binary Authorization to attest images during your CI/CD pipeline. Binary Authorization allows you to define and enforce policies that determine which container images can run in your GKE environment based on image signatures. By integrating Binary Authorization into your CI/CD pipeline, you can ensure that only trusted and approved images, with the correct attestations, are deployed to the GKE clusters. This proactive security measure aligns with the concept of shifting security left, as it establishes controls early in the development and deployment process, minimizing the risk of deploying compromised or unapproved images in production.
upvoted 2 times
...
mshafa
1 year, 7 months ago
B is the answer.
upvoted 2 times
...
lelele2023
1 year, 7 months ago
Selected Answer: B
using binary authorization
upvoted 1 times
...
koo_kai
1 year, 7 months ago
Selected Answer: B
https://cloud.google.com/binary-authorization/docs/overview
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel