You want to enforce that only trusted container images can be deployed to Cloud Run. Your environment already has container vulnerability scanning enabled. Which two actions should you take?

Exam-Like

Enable Binary Authorization on the existing Cloud Run service.

Set the organization policy constraint constraints/run.allowedBinaryAuthorizationPolicies to the list or allowed Binary Authorization policy names.

Enable Binary Authorization on the existing Kubernetes cluster.

Use Cloud Run breakglass to deploy an image that meets the Binary Authorization policy by default.

Set the organization policy constraint constraints/compute.trustedImageProjects to the list of projects that contain the trusted container images.

Google Professional Cloud Security Engineer