Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: 1. Enable vulnerability scanning in the Artifact Registry settings. 2. Use Cloud Build to build the images. 3. Push the images to the Artifact Registry for automatic scanning. 4. View the reports in the Artifact Registry.

Option C is the correct choice because it directly addresses the requirement to scan container images for known vulnerabilities using Artifact Registry's built-in vulnerability scanning feature, which is specifically designed for this purpose. The process involves enabling vulnerability scanning in Artifact Registry, using Cloud Build to build images, pushing them to Artifact Registry for automatic scanning, and viewing reports within Google Cloud—ensuring the report is not exposed externally. This approach is cost-effective and aligns with Google Cloud best practices. Option A is less suitable as Container Threat Detection focuses on runtime threats in GKE clusters, not static image vulnerability scanning. Options B and D are incorrect because they involve storing reports in publicly accessible buckets or external services (GitHub), which violates the requirement to keep reports within Google Cloud.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company is running a mission-critical application on Google Kubernetes Engine (GKE) and needs to scan its container images for known vulnerabilities. The resulting security report must be shared with the security team internally without being exposed outside of Google Cloud.

What should you do?

Exam-Like

Last updated: February 16, 2026 at 14:03

Enable Container Threat Detection in the Security Command Center Premium tier.
Upgrade all clusters that are not on a supported version of GKE to the latest possible GKE version.
View and share the results from the Security Command Center.

Use an open source tool in Cloud Build to scan the images.
Upload reports to publicly accessible buckets in Cloud Storage by using gsutil.
Share the scan report link with your security department.

Enable vulnerability scanning in the Artifact Registry settings.
Use Cloud Build to build the images.
Push the images to the Artifact Registry for automatic scanning.
View the reports in the Artifact Registry.

Get a GitHub subscription.
Build the images in Cloud Build and store them in GitHub for automatic scanning.
Download the report from GitHub and share with the Security Team.

Google Professional Cloud Security Engineer

Get started today

Quick Answer

Quick Answer

Comments (0)

Get started today

A company is running a mission-critical application on Google Kubernetes Engine (GKE) and needs to scan its container images for known vulnerabilities. The resulting security report must be shared with the security team internally without being exposed outside of Google Cloud. What should you do?

Comments (0)

A company is running a mission-critical application on Google Kubernetes Engine (GKE) and needs to scan its container images for known vulnerabilities. The resulting security report must be shared with the security team internally without being exposed outside of Google Cloud.

What should you do?