Your company operates in a highly regulated industry. The security team mandates that only approved container images can be deployed on Google Kubernetes Engine (GKE). You must implement a solution that complies with these security requirements while minimizing administrative effort. What is the best approach?

Exam-Like

Configure Binary Authorization in your GKE clusters to enforce deploy-time security policies.

100.0%

Grant the roles/artifactregistry.writer role to the Cloud Build service account. Confirm that no employee has Artifact Registry write permission.

0.0%

Use Cloud Run to write and deploy a custom validator. Enable an Eventarc trigger to perform validations when new images are uploaded.

0.0%

Configure Kritis to run in your GKE clusters to enforce deploy-time security policies.

0.0%

Google Professional Cloud DevOps Engineer