Your organization is migrating to Google Cloud and needs to ensure that only trusted, centrally managed container images are deployed on Google Kubernetes Engine (GKE). The images must be signed by a trusted authority.

What should you do? (Choose two.)

Exam-Like

Enable Container Threat Detection in the Security Command Center (SCC) for the project.

Configure the trusted image organization policy constraint for the project.

Create a custom organization policy constraint to enforce Binary Authorization for Google Kubernetes Engine (GKE).

Enable PodSecurity standards, and set them to Restricted.

Configure the Binary Authorization policy with respective attestations for the project.

Google Professional Cloud Security Engineer