Answer-first summary for fast verification
Answer: Configure Binary Authorization on Cloud Run to enforce image signatures. Create policies to allow deployment only for images passing a defined vulnerability threshold.
Option C is the correct answer because it provides automated, policy-based enforcement at the deployment stage using Binary Authorization on Cloud Run. This approach ensures that only images meeting the defined vulnerability threshold (CVSS score ≤ medium) can be deployed to production, aligning with security best practices for containerized applications. The community discussion strongly supports C with 100% consensus and upvoted comments highlighting its automation and enforcement capabilities. Option A relies on manual intervention after detection, which is error-prone. Option B is entirely manual and inefficient. Option D blocks images in Artifact Registry but doesn't prevent deployment of existing vulnerable images or enforce policies at runtime, making it less comprehensive than C.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization uses Cloud Run for containerized applications, with Cloud Build for building images and Artifact Registry for storing them. You need to prevent the deployment of any container to production if it contains vulnerabilities with a CVSS score higher than "medium." What should you do?
A
Implement vulnerability scanning as part of the Cloud Build process. If any medium or higher vulnerabilities are detected, manually rebuild the image with updated components.
B
Perform manual vulnerability checks post-build, but before Cloud Run deployment. Implement a manual security-engineer-driven remediation process.
C
Configure Binary Authorization on Cloud Run to enforce image signatures. Create policies to allow deployment only for images passing a defined vulnerability threshold.
D
Utilize a vulnerability scanner during the Cloud Build stage and set Artifact Registry permissions to block images containing vulnerabilities above "medium."