Answer-first summary for fast verification
Answer: Use Binary Authorization to enforce a policy that only allows images that have been signed with a trusted key to be deployed to production.
The question focuses on ensuring only secure container images are deployed to production. Option D is correct because Binary Authorization enforces deployment policies that require images to be signed with a trusted key. This ensures only verified images (e.g., those passing vulnerability scans or other checks) are deployed. Options A, B, and C are incorrect: Cloud Armor (A) protects applications post-deployment, Artifact Analysis (B) scans for vulnerabilities but doesn't enforce deployment policies by itself, and Secret Manager (C) is not designed for storing container images. Binary Authorization directly addresses the requirement by enforcing policy-based deployment controls.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you ensure that only secure container images are deployed to production when using Cloud Build to build images, Artifact Registry for storage, and Cloud Deploy for deployment to Cloud Run?
A
Use Cloud Armor in front of Cloud Run to protect the container image from threats.
B
Use Artifact Analysis to scan the image for vulnerabilities. Use Cloud Key Management Service to encrypt the image to be deployed to production.
C
Use Secret Manager to store the encrypted image. Deploy this image to production.
D
Use Binary Authorization to enforce a policy that only allows images that have been signed with a trusted key to be deployed to production.
No comments yet.