Google Professional Cloud DevOps Engineer

Get started today

Ultimate access to all questions.

Explanation:

The correct approach is to enable binary authorization on the clusters and apply a policy to govern the allowed images. Binary authorization provides a way to allow or block the deployment of images based on policies, which is exactly what's needed in this scenario.

Why other options are not suitable:
- IAM permissions can grant access to services like GKE or Container Registry but cannot control the images deployed on a GKE cluster.
- Custom routes are designed for network-level traffic routing and do not address image deployment restrictions.
- Firewall rules control network traffic flow but cannot restrict the images used for deployment.

For more details, refer to the Binary Authorization documentation.

Explanation:

Why other options are not suitable:
- IAM permissions can grant access to services like GKE or Container Registry but cannot control the images deployed on a GKE cluster.
- Custom routes are designed for network-level traffic routing and do not address image deployment restrictions.
- Firewall rules control network traffic flow but cannot restrict the images used for deployment.

For more details, refer to the Binary Authorization documentation.

Comments (0)

No comments yet.

As a DevOps engineer for a financial organization, you're tasked with setting up an automated CI/CD pipeline to deploy applications to GKE clusters in production. A key requirement is to restrict the types and sources of container images that can be deployed. How would you implement this restriction?

Real Exam

Apply IAM permissions to restrict the container images that can be deployed on clusters

0.0%

Create custom routes to control traffic to the clusters

0.0%

Enable binary authorization on the clusters and apply a policy to govern the allowed images

100.0%

Apply firewall rules to the VPCs