Exam Professional Cloud Developer topic 1 question 341 discussion

Actual exam question from Google's Professional Cloud Developer

Question #: 341
Topic #: 1

[All Professional Cloud Developer Questions]

Your application named ecom-web-app is deployed in three GKE clusters: ecom-web-app-dev, ecom-web-app-qa, and ecom-web-app-prod. You need to ensure that only trusted container images are deployed to the ecom-web-app-prod GKE cluster in the production environment while following Google-recommended practices. What should you do?

A. Set up Binary Authorization, and define cluster-specific rules in clusterAdmissionRules nodes in the policy YAML file.
B. Set up Binary Authorization, and exempt any container images that are not deployed to the ecom-web-app-prod GKE cluster.
C. Set up an image verification process that scans the container images in Artifact Registry for vulnerabilities and tags the image versions that fail the scan as untrusted.
D. Set up an image verification process by using Cloud Functions where the function is invoked when a container image is built in Cloud Build and ensures that only trusted container images are stored in Artifact Registry.

Show Suggested Answer

Suggested Answer: A 🗳️

by Pime13 at July 16, 2025, 4:05 p.m.

Comments

Submit Cancel

Pime13

3 weeks, 6 days ago

Selected Answer: A

Binary Authorization is a Google Cloud service that ensures only trusted container images are deployed to GKE. You can define cluster-specific rules using the clusterAdmissionRules section in the Binary Authorization policy YAML. This allows you to enforce stricter policies (e.g., only signed and verified images) for the ecom-web-app-prod cluster, while allowing more flexibility in dev and qa. https://cloud.google.com/binary-authorization/docs/policy-yaml-reference https://cloud.google.com/binary-authorization/docs/setting-up

upvoted 1 times

...