Answer-first summary for fast verification
Answer: Enable Binary Authorization and create attestations of scans.
The question requires automatically scanning the deployment pipeline for vulnerabilities and ensuring only scanned and verified containers can run. Option D (Enable Binary Authorization and create attestations of scans) directly addresses both requirements: Binary Authorization enforces that only approved containers can be deployed, and attestations verify that vulnerability scans have been performed. This aligns with Google Cloud best practices for securing container deployments. The community discussion shows 100% consensus on D, with references to official Google documentation. Option B only performs vulnerability scanning but doesn't enforce deployment restrictions. Option C focuses on development-time feedback rather than pipeline enforcement. Option A deals with access control rather than vulnerability scanning and container verification.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization is concerned about application vulnerabilities in production that have led to security breaches. You need to automatically scan your deployment pipeline for vulnerabilities and ensure only approved, scanned containers can run in your environment. What should you do?
A
Use Kubernetes role-based access control (RBAC) as the source of truth for cluster access by granting “container.clusters.get” to limited users. Restrict deployment access by allowing these users to generate a kubeconfig file containing the configuration access to the GKE cluster.
B
Use gcloud artifacts docker images describe LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE_ID@sha256:HASH --show-package-vulnerability in your CI/CD pipeline, and trigger a pipeline failure for critical vulnerabilities.
C
Enforce the use of Cloud Code for development so users receive real-time security feedback on vulnerable libraries and dependencies before they check in their code.
D
Enable Binary Authorization and create attestations of scans.