Answer-first summary for fast verification
Answer: Build small containers using small base images.
The question asks how to minimize the attack surface of an internet-facing container on GKE. Option B (Build small containers using small base images) is the correct answer because it directly reduces the attack surface by eliminating unnecessary tools, libraries, and dependencies that could contain vulnerabilities. This aligns with Google Cloud best practices, as smaller images have fewer components that attackers can exploit. The community discussion strongly supports B with 70% consensus and high upvotes, citing official Google documentation that emphasizes building minimal images to enhance security. Other options are less suitable: A and D focus on build/deployment tools but don't inherently reduce the container's attack surface; C addresses registry management but doesn't affect the security of the running container, as unused images aren't exploitable.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A DevOps team is deploying a new internet-facing container on Google Kubernetes Engine and wants to minimize its attack surface. What should they do?
A
Use Cloud Build to build the container images.
B
Build small containers using small base images.
C
Delete non-used versions from Container Registry.
D
Use a Continuous Delivery tool to deploy the application.