ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 139 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 139
Topic #: 1
[All Professional Cloud Developer Questions]

Your company’s development teams want to use various open source operating systems in their Docker builds. When images are created in published containers in your company’s environment, you need to scan them for Common Vulnerabilities and Exposures (CVEs). The scanning process must not impact software development agility. You want to use managed services where possible. What should you do?

  • A. Enable the Vulnerability scanning setting in the Container Registry.
  • B. Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs.
  • C. Disallow the use of non-commercially supported base images in your development environment.
  • D. Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by zellck at Dec. 18, 2022, 3:46 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
09bd94b
2 months ago
Selected Answer: A
A is the obvious choice
upvoted 1 times
...
__rajan__
7 months, 2 weeks ago
Selected Answer: A
A is correct.
upvoted 1 times
...
purushi
9 months ago
Selected Answer: A
A is a very straight forward option. One more choice would be using vulnerability scanning tools like Grype ( open source ) in the build step itself with cloud build.
upvoted 1 times
...
omermahgoub
1 year, 3 months ago
Selected Answer: A
A. Enable the Vulnerability scanning setting in the Container Registry would be the best solution in this case. It would allow you to automatically scan images for known vulnerabilities and detect any issues as soon as they're pushed to the registry. This will help to identify vulnerabilities early in the development cycle, allowing the development teams to take action before images are deployed to production. This approach is automated, does not impact development agility and since it is a built-in feature of the Container Registry, it is a managed service and therefore, it does not require additional maintenance and management.
upvoted 2 times
omermahgoub
1 year, 3 months ago
Option B, Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs, would impact development agility as it would add an additional step to the development process which can slow down the development teams and impact the development process. Option C, Disallow the use of non-commercially supported base images in the development environment, would limit the flexibility of the development teams, and they may not be able to use the best tools for the job which can negatively impact the quality of the end-product. Option D, Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used, is a good practice to detect and alert on potential issues as soon as possible, but it is an additional step that needs to be set up and maintained. Additionally, it does not handle the vulnerability scanning on its own but rather acts as an additional layer of security.
upvoted 2 times
...
...
TNT87
1 year, 4 months ago
https://docs.docker.com/engine/scan/ Answer A
upvoted 1 times
...
zellck
1 year, 4 months ago
Selected Answer: A
A is the answer. https://cloud.google.com/container-analysis/docs/os-overview
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago