Google Professional Cloud Developer

Get started today

Ultimate access to all questions.

Explanation:

The requirements are to ensure only images from the build pipeline are deployed and to protect code/artifacts from exfiltration. Option B addresses both by using a private Cloud Build worker pool (keeping builds within the VPC), VPC Service Controls (creating a security perimeter to block data exfiltration), and Binary Authorization (enforcing image signing for deployment). Other options fall short: A uses the default worker pool (public), C lacks Binary Authorization, and D uses the default worker pool (public) and omits VPC Service Controls.

Explanation:

Comments (0)

No comments yet.

How can you design a container build pipeline for a GKE-hosted application with these requirements:

• Only images generated by your build pipeline should be deployable to your GKE cluster.

• All source code and build artifacts must stay within your environment and be secured against data exfiltration?

Exam-Like

Create a build pipeline by using Cloud Build with the default worker pool. 2. Deploy container images to a private container registry in your VPC. 3. Create a VPC firewall policy in your project that denies all egress and ingress traffic to public networks.

7.3%

Create a build pipeline by using Cloud Build with a private worker pool. 2. Use VPC Service Controls to place all components and services in your CI/CD pipeline inside a security perimeter. 3. Configure your GKE cluster to only allow container images signed by Binary Authorization.

53.7%

Create a build pipeline by using Cloud Build with a private worker pool. 2. Configure the CI/CD pipeline to build container images and store them in Artifact Registry. 3. Configure Artifact Registry to encrypt container images by using customer-managed encryption keys (CMEK).

17.1%