Answer-first summary for fast verification
Answer: Configure Artifact Registry to automatically scan new images and periodically re-scan all images. Use Cloud Audit Logs to track image uploads and identify the user who pushed each image.
To ensure all existing and new images are continuously scanned for vulnerabilities and to track who pushed each image to the registry, the best approach is to configure Artifact Registry to automatically scan new images and periodically re-scan all images. This ensures continuous vulnerability scanning. Additionally, using Cloud Audit Logs to track image uploads allows you to identify the user who pushed each image, fulfilling both requirements. Option A is the correct choice because it directly addresses both needs: continuous scanning for vulnerabilities and tracking of image uploads. Options B, C, and D either do not fully address the requirement for continuous scanning of all images or do not effectively track who pushed each image.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You use Artifact Registry to store container images built with Cloud Build. You need to ensure continuous vulnerability scanning for all existing and new images, while also tracking which user pushed each image to the registry. What should you do?
A
Configure Artifact Registry to automatically scan new images and periodically re-scan all images. Use Cloud Audit Logs to track image uploads and identify the user who pushed each image.
B
Configure Artifact Registry to send vulnerability scan results to a Cloud Storage bucket. Use a separate script to parse results and notify a security team.
C
Configure Artifact Registry to automatically re-scan images daily. Enable Cloud Audit Logs to track these scans, and use Logs Explorer to identify vulnerabilities.
D
Configure Artifact Registry to automatically trigger vulnerability scans for new image tags, and view scan results. Use Cloud Audit Logs to track image tag creation events.
No comments yet.