Explanation:
Option C is the correct choice because it directly addresses the requirement to scan container images for known vulnerabilities using Artifact Registry's built-in vulnerability scanning feature, which is specifically designed for this purpose. The process involves enabling vulnerability scanning in Artifact Registry, using Cloud Build to build images, pushing them to Artifact Registry for automatic scanning, and viewing reports within Google Cloud—ensuring the report is not exposed externally. This approach is cost-effective and aligns with Google Cloud best practices. Option A is less suitable as Container Threat Detection focuses on runtime threats in GKE clusters, not static image vulnerability scanning. Options B and D are incorrect because they involve storing reports in publicly accessible buckets or external services (GitHub), which violates the requirement to keep reports within Google Cloud.
Ultimate access to all questions.
A company is running a mission-critical application on Google Kubernetes Engine (GKE) and needs to scan its container images for known vulnerabilities. The resulting security report must be shared with the security team internally without being exposed outside of Google Cloud.
What should you do?
A
B
C
D
No comments yet.