Answer-first summary for fast verification
Answer: Configure Identity and Access Management (IAM) policies to create a least privilege model on your GKE clusters.
The question focuses on ensuring logs are available for one year with minimal code changes for client applications running in Cloud Run and Cloud Functions. None of the provided options directly address log retention or export capabilities. However, the question seems to have been mistakenly categorized under vulnerability monitoring or image security, which are unrelated to the log retention requirement. The correct approach for log retention would involve using Google Cloud's operations suite (formerly Stackdriver) to set up log sinks or retention policies, but since that's not among the options, it's important to note that the question might be misaligned with the provided choices. Given the options, none correctly answer the question as stated. However, if we must choose from the given options, the closest in context to managing logs (though not directly) would be configuring IAM policies (B) to ensure proper access controls are in place for logging services, but this does not address the log retention requirement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are developing client applications on Cloud Run and Cloud Functions. Your client mandates that all logs must remain accessible for one year to allow importing into their logging service. You need to implement this with minimal code modifications. What is the recommended approach?
A
Deploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods.
B
Configure Identity and Access Management (IAM) policies to create a least privilege model on your GKE clusters.
C
Use Binary Authorization to attest images during your CI/CD pipeline.
D
Enable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images.
No comments yet.