Answer-first summary for fast verification
Answer: Configure Binary Authorization in your GKE clusters to enforce deploy-time security policies.
Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on Google Kubernetes Engine (GKE). It allows you to enforce security policies that require images to be signed by trusted authorities during the development process. This solution directly addresses the requirement of deploying only trusted container images while minimizing management overhead, as it integrates seamlessly with GKE and does not require additional infrastructure or custom code. Option A is the correct answer because it specifically meets the security team's requirements with minimal overhead. Options B, C, and D either do not directly address the requirement of enforcing deploy-time security policies for container images or introduce unnecessary complexity.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company operates in a highly regulated industry. The security team mandates that only approved container images can be deployed on Google Kubernetes Engine (GKE). You must implement a solution that complies with these security requirements while minimizing administrative effort. What is the best approach?
A
Configure Binary Authorization in your GKE clusters to enforce deploy-time security policies.
B
Grant the roles/artifactregistry.writer role to the Cloud Build service account. Confirm that no employee has Artifact Registry write permission.
C
Use Cloud Run to write and deploy a custom validator. Enable an Eventarc trigger to perform validations when new images are uploaded.
D
Configure Kritis to run in your GKE clusters to enforce deploy-time security policies.
No comments yet.