Answer-first summary for fast verification
Answer: Use Binary Authorization to attest images during your CI/CD pipeline
To shift left on security means to integrate security practices early in the development lifecycle. The InfoSec team's goal is to ensure only trusted and approved images are deployed on GKE clusters. Option A focuses on identifying vulnerabilities in container images but does not enforce the use of only approved images. Option B, using Binary Authorization, is the correct approach as it allows you to enforce image attestations during the CI/CD pipeline, ensuring only images that meet your organization's policies are deployed. Option C, configuring IAM policies, is about access control and does not directly address the requirement of deploying only approved images. Option D involves monitoring running Pods for vulnerabilities, which is a reactive measure rather than a preventive one like shifting left. Therefore, the correct answer is B.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To comply with your company's shift-left security initiative, the InfoSec team requires all Google Kubernetes Engine (GKE) clusters to enforce guardrails allowing only trusted and approved container images for deployment. How should you implement this requirement?
A
Enable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images
B
Use Binary Authorization to attest images during your CI/CD pipeline
C
Configure Identity and Access Management (IAM) policies to create a least privilege model on your GKE clusters.
D
Deploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods
No comments yet.