Google Professional Cloud Security Engineer
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
Your organization prioritizes security and heavily uses serverless applications. You need to enforce image provenance and ensure compliance with security standards before deployment. Using Cloud Build as your CI/CD tool for building container images, how should you configure Binary Authorization to guarantee that only images built by your Cloud Build pipeline are deployed and that these images have passed security compliance checks?
A
Create a Binary Authorization attestor that uses a scanner to assess source code management repositories. Deploy images only if the attestor validates results against a security policy.
B
Create a Binary Authorization attestor that utilizes a scanner to evaluate container image build processes. Define a policy that requires deployment of images only if this attestation is present.
C
Create a Binary Authorization attestor that retrieves the Cloud Build build ID of the container image. Configure a policy to allow deployment only if there's a matching build ID attestation.
D
Utilize a custom Security Health Analytics module to create a policy. Enforce the policy through Binary Authorization to prevent deployment of images that do not meet predefined security standards.