Answer-first summary for fast verification
Answer: Enable Container Analysis, and upload new container images to Artifact Registry. Review the vulnerability results before each deployment.
The best practice recommended by Google for scanning container images for vulnerabilities is to use Container Analysis integrated with Artifact Registry. When images are uploaded to Artifact Registry, Container Analysis automatically scans them for vulnerabilities. Enabling Container Analysis and using Artifact Registry (Option B) ensures automated scanning without manual intervention. Reviewing **all** vulnerability results (not just critical, as in Option C) aligns with the requirement to be alerted to **any** known vulnerabilities. Options A and D involve manual scanning via CLI or REST API, which are less efficient compared to the built-in integration with Artifact Registry.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are deploying a microservices application to Google Kubernetes Engine (GKE) with daily updates. The application will run a large number of distinct Linux-based containers, and you need to be alerted about known OS vulnerabilities in new containers while adhering to Google-recommended best practices. What should you do?
A
Use the gcloud CLI to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.
B
Enable Container Analysis, and upload new container images to Artifact Registry. Review the vulnerability results before each deployment.
C
Enable Container Analysis, and upload new container images to Artifact Registry. Review the critical vulnerability results before each deployment.
D
Use the Container Analysis REST API to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.
No comments yet.