You are managing the production deployment to a set of Google Kubernetes Engine (GKE) clusters. You want to make sure only images which are successfully built by your trusted CI/CD pipeline are deployed to production. What should you do?
A.
Enable Cloud Security Scanner on the clusters.
B.
Enable Vulnerability Analysis on the Container Registry.
C.
Set up the Kubernetes Engine clusters as private clusters.
D.
Set up the Kubernetes Engine clusters with Binary Authorization.
To ensure that only images successfully built by your trusted CI/CD pipeline are deployed to production on Google Kubernetes Engine (GKE) clusters, you should set up the Kubernetes Engine clusters with Binary Authorization. Therefore, the correct answer is:
D. Set up the Kubernetes Engine clusters with Binary Authorization.
D. Set up the Kubernetes Engine clusters with Binary Authorization.
Binary Authorization is a feature of Google Kubernetes Engine that allows you to ensure that only containers that are verified to be from a trusted source are deployed to your clusters. It works by using a policy that checks the signatures of container images before they are deployed. You can configure Binary Authorization to require that all images are signed by a trusted certificate authority (CA) or that they are signed by a trusted key that you manage. This ensures that only images that have been successfully built by your trusted CI/CD pipeline are deployed to your production clusters.
Ans: D
Exam passed and taken on 19/12/2022, 50/50 from this dump without buying the full access and looking for 'devops' word here: https://www.examtopics.com/discussions/google/1/
i will go with D, as there is no vulnerability analysis , it is vulnerability scan in container analysis service. and the binary authorization use metadata store to secure trusted repository.
D is the answer.
https://cloud.google.com/binary-authorization
Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on Google Kubernetes Engine (GKE) or Cloud Run. With Binary Authorization, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
devopsbatch
Highly Voted 3 years, 5 months agoAzureDP900
2 years agoCharun
Highly Voted 3 years, 4 months agotrashbox
Most Recent 6 months, 1 week agodesertlotus1211
6 months, 3 weeks agojomonkp
11 months agocarloscorreia
1 year, 1 month agocarloscorreia
1 year, 1 month agokagami2
11 months agoSarumanMX
1 year, 2 months agosamuelmorher
1 year, 4 months agoJonathanSJ
1 year, 9 months agofloppino
1 year, 10 months agoshivanisarthi
1 year, 11 months agohanweiCN
1 year, 11 months agozellck
2 years agoGCP72
2 years, 3 months agoHalimb
2 years, 4 months agoxtxrtx
2 years, 4 months ago