Answer-first summary for fast verification
Answer: Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.
The security audit identified vulnerabilities in the containerized environment, requiring a solution tailored to containers rather than VMs. Option A is the correct approach because Container Analysis (part of Google Cloud's Container Registry or Artifact Registry) scans container images for Common Vulnerabilities and Exposures (CVEs) during the CI/CD pipeline. It provides automated vulnerability reporting, integrates seamlessly with Google Cloud DevOps tools, and ensures code security before deployment. Option B is risky as automatic updates in containers can introduce instability or new vulnerabilities. Option C is ineffective because VM-based tools aren't designed for container isolation and ephemeral nature. Option D only checks Dockerfile syntax and best practices but doesn't scan the actual container images for vulnerabilities in dependencies or runtime components.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you ensure the security and patch level of all containerized applications in your automated build pipeline, given that existing VM vulnerability tools are no longer applicable after a recent security audit flagged potential vulnerabilities in production code?
A
Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.
B
Configure the containers in the build pipeline to always update themselves before release.
C
Reconfigure the existing operating system vulnerability software to exist inside the container.
D
Implement static code analysis tooling against the Docker files used to create the containers.
No comments yet.