Google Professional Cloud Developer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
To ensure only tested container images are deployed to Cloud Run from Artifact Registry using Cloud Build while minimizing operational overhead, what is the recommended approach?
Explanation:
Binary Authorization is a service that ensures only trusted container images are deployed. By enabling it on Cloud Run and creating attestations for images that pass tests, you enforce a policy that blocks untested images. This approach minimizes operational overhead as it automates the enforcement. Option D's build provenance provides metadata but doesn't enforce deployment policies. Options A and C introduce manual steps or unnecessary infrastructure, increasing overhead.