Your organization uses a microservices architecture on Google Kubernetes Engine (GKE). To comply with security reviews that recommend stricter controls for deployed container images, you need to implement an automated system using managed services to guarantee that only approved images are deployed to your GKE clusters. What should you do?

Exam-Like

Develop custom organization policies that restrict GKE cluster deployments to container images hosted within a specific Artifact Registry project where your approved images reside.

Enforce Binary Authorization in your GKE clusters. Integrate container image vulnerability scanning into the CI/CD pipeline and require vulnerability scan results to be used for Binary Authorization policy decisions.

Automatically deploy new container images upon successful CI/CD builds by using Cloud Build triggers. Set up firewall rules to limit and control access to instances to mitigate malware injection.

Build a system using third-party vulnerability databases and custom scripts to identify potential Common Vulnerabilities and Exposures (CVEs) in your container images. Prevent image deployment if the CVE impact score is beyond a specified threshold.

Google Professional Cloud Security Engineer

Get started today

Comments