Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Enable container image vulnerability scanning during development and pre-deployment. Enforce Binary Authorization on images deployed from Artifact Registry to your continuous integration and continuous deployment (CVCD) pipeline.

The question specifically focuses on securing the ML model supply chain and development/deployment pipeline. Option A directly addresses supply chain security by implementing container image vulnerability scanning and Binary Authorization, which ensures only trusted, verified images are deployed through the CI/CD pipeline. This prevents malicious or compromised ML models from being deployed. The community discussion shows strong consensus for A (75% of answers, with upvoted comments supporting it), while D focuses on runtime network security rather than the supply chain pipeline. Options B and C address data security and dependency management but don't specifically target the deployment pipeline security that the question emphasizes.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization is building a real-time recommendation engine using ML models that process live user activity data from BigQuery and Cloud Storage. New models are stored in Artifact Registry and deployed to Google Kubernetes Engine, with Pub/Sub used for message queues. Due to recent attacks targeting ML model supply chains, you must enhance the security of this serverless development and deployment pipeline. What should you do?

Exam-Like

Enable container image vulnerability scanning during development and pre-deployment. Enforce Binary Authorization on images deployed from Artifact Registry to your continuous integration and continuous deployment (CVCD) pipeline.

Thoroughly sanitize all training data prior to model development to reduce risk of poisoning attacks. Use IAM for authorization, and apply role-based restrictions to code repositories and cloud services.

Limit external libraries and dependencies that are used for the ML models as much as possible. Continuously rotate encryption keys that are used to access the user data from BigQuery and Cloud Storage.

Develop strict firewall rules to limit external traffic to Cloud Run instances. Integrate intrusion detection systems (IDS) for real-time anomaly detection on Pub/Sub message flows.