Answer-first summary for fast verification
Answer: • Enable the Container Scanning API to perform vulnerability scanning • Programmatically review vulnerability reporting through the Container Scanning API, and provide an attestation that the container is free of known critical vulnerabilities • Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
To prevent the deployment of containers with known critical vulnerabilities in a CI/CD environment on Google Kubernetes Engine, the best practice is to enable the Container Scanning API for automated vulnerability scanning of container images stored in Container Registry. This allows for programmatic review of vulnerability reports, ensuring that only containers free of known critical vulnerabilities are deployed. Binary Authorization is then used to enforce a policy that requires an attestation of the container's security before deployment. This approach is fully automated and integrates seamlessly with CI/CD pipelines, making option D the correct choice. Options A and B are incorrect because Web Security Scanner is designed for scanning web applications, not container images. Option C involves manual review via the Cloud Console, which is less efficient for automated CI/CD processes.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How can you ensure that containers with known critical vulnerabilities are not deployed when running a containerized application on Google Kubernetes Engine, using images stored in Container Registry and following CI/CD practices?
A
• Use Web Security Scanner to automatically crawl your application • Review your application logs for scan results, and provide an attestation that the container is free of known critical vulnerabilities • Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
B
• Use Web Security Scanner to automatically crawl your application • Review the scan results in the scan details page in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities • Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
C
• Enable the Container Scanning API to perform vulnerability scanning • Review vulnerability reporting in Container Registry in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities • Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
D
• Enable the Container Scanning API to perform vulnerability scanning • Programmatically review vulnerability reporting through the Container Scanning API, and provide an attestation that the container is free of known critical vulnerabilities • Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed