Exam Professional Cloud Security Engineer topic 1 question 331 discussion

Actual exam question from Google's Professional Cloud Security Engineer

Question #: 331
Topic #: 1

[All Professional Cloud Security Engineer Questions]

Your organization uses a microservices architecture based on Google Kubernetes Engine (GKE). Recent security reviews recommend tighter controls around deployed container images to reduce potential vulnerabilities and maintain compliance. You need to implement an automated system by using managed services to ensure that only approved container images are deployed to the GKE clusters. What should you do?

A. Develop custom organization policies that restrict GKE cluster deployments to container images hosted within a specific Artifact Registry project where your approved images reside.
B. Enforce Binary Authorization in your GKE clusters. Integrate container image vulnerability scanning into the CI/CD pipeline and require vulnerability scan results to be used for Binary Authorization policy decisions.
C. Automatically deploy new container images upon successful CI/CD builds by using Cloud Build triggers. Set up firewall rules to limit and control access to instances to mitigate malware injection.
D. Build a system using third-party vulnerability databases and custom scripts to identify potential Common Vulnerabilities and Exposures (CVEs) in your container images. Prevent image deployment if the CVE impact score is beyond a specified threshold.

Show Suggested Answer

Suggested Answer: B 🗳️

by Tag at July 14, 2025, 5:22 a.m.

Comments

Submit Cancel

kharakbeer

2 weeks, 4 days ago

Selected Answer: B

B is correct

upvoted 1 times

...