Answer-first summary for fast verification
Answer: Create a custom organization policy constraint to enforce Binary Authorization for Google Kubernetes Engine (GKE)., Configure the Binary Authorization policy with respective attestations for the project.
The correct answers are C and E. Option C (Create a custom organization policy constraint to enforce Binary Authorization for GKE) ensures that Binary Authorization is enforced across all GKE clusters in the organization, providing centralized control. Option E (Configure the Binary Authorization policy with respective attestations for the project) directly implements the requirement for signed images by trusted authorities. Option B is incorrect because the trusted image organization policy constraint applies to Compute Engine disk images, not container images in GKE. Option A (Container Threat Detection) is for threat monitoring, not enforcement of trusted images. Option D (PodSecurity standards) enforces pod security policies but does not address image signing or central registry requirements. The community discussion, particularly the highly upvoted comment by pfilourenco, provides clear technical reasoning that B is not applicable to container images, making CE the optimal choice.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization is migrating to Google Cloud and needs to ensure that only trusted, centrally managed container images are deployed on Google Kubernetes Engine (GKE). The images must be signed by a trusted authority.
What should you do? (Choose two.)
A
Enable Container Threat Detection in the Security Command Center (SCC) for the project.
B
Configure the trusted image organization policy constraint for the project.
C
Create a custom organization policy constraint to enforce Binary Authorization for Google Kubernetes Engine (GKE).
D
Enable PodSecurity standards, and set them to Restricted.
E
Configure the Binary Authorization policy with respective attestations for the project.
No comments yet.