Google Professional Cloud Developer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create an attestor and a policy. After a container image has successfully passed the regression tests, use Cloud Build to run Kritis Signer to create an attestation for the container image.

Binary Authorization is a security feature that ensures only trusted container images are deployed on Google Kubernetes Engine (GKE). To implement this, you need to create an attestor and a policy. The attestor is responsible for signing attestations, and the policy defines the rules for deployment. After a container image passes the regression tests, Cloud Build should use Kritis Signer to create an attestation for the image. This process is correctly outlined in option A. Option D also mentions creating an attestation but does not specify the use of Kritis Signer, which is crucial for the attestation process. Options B and C suggest using Voucher components or setting Pod Security Standards, which are not directly related to the Binary Authorization process for ensuring only tested containers are deployed.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Create an attestor and a policy. After a container image has successfully passed the regression tests, use Cloud Build to run Kritis Signer to create an attestation for the container image.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

To enforce that only container images that have passed regression tests are deployed to your GKE clusters with Binary Authorization enabled, what steps should you take next?

(Note: The original question's context implies a container-first approach with Cloud Build pipelines handling image creation, testing, and publishing to Artifact Registry.)

Exam-Like

Last updated: March 18, 2026 at 14:03

Create an attestor and a policy. After a container image has successfully passed the regression tests, use Cloud Build to run Kritis Signer to create an attestation for the container image.

50.0%

Deploy Voucher Server and Voucher Client components. After a container image has successfully passed the regression tests, run Voucher Client as a step in the Cloud Build pipeline.

0.0%

Set the Pod Security Standard level to Restricted for the relevant namespaces. Use Cloud Build to digitally sign the container images that have passed the regression tests.

10.5%

Create an attestor and a policy. Create an attestation for the container images that have passed the regression tests as a step in the Cloud Build pipeline.