Answer-first summary for fast verification
Answer: Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline., Configure Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload.
The correct answers are A and D. Enabling Binary Authorization on GKE and signing containers as part of a CI/CD pipeline (Option A) ensures that only verified containers are deployed. Configuring Container Registry to use vulnerability scanning before deploying the workload (Option D) helps ensure that no vulnerabilities are present in the containers being deployed. Together, these options enforce the deployment of secure and verified containers. Options B and C, while they add security, do not fully ensure that only verified containers are deployed as required in the prompt.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
For this question, refer to the EHR Healthcare case study. EHR Healthcare is moving their infrastructure to Google Cloud to support rapid growth, improve disaster recovery, and enable continuous deployment. Their software is currently hosted in multiple colocation facilities, using a mix of relational and NoSQL databases, with containerized applications running on Kubernetes clusters. They want to securely deploy workloads to Google Cloud and ensure that only verified containers are deployed using Google Cloud services. What should you do? (Choose two.)
A
Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline.
B
Configure Jenkins to utilize Kritis to cryptographically sign a container as part of a CI/CD pipeline.
C
Configure Container Registry to only allow trusted service accounts to create and deploy containers from the registry.
D
Configure Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload.
No comments yet.