Answer-first summary for fast verification
Answer: Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline., Configure Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload.
The question requires two actions: securely deploying workloads and ensuring only verified containers are deployed. Option A (Enable Binary Authorization on GKE and sign containers in CI/CD) directly addresses ensuring only verified containers are deployed by enforcing cryptographic verification at deployment time. Option D (Configure Container Registry vulnerability scanning) ensures containers are free from known vulnerabilities before deployment, which is crucial for secure deployment in a healthcare context like EHR. The community discussion shows strong support for AD (39% of votes, with the top-voted comment by raf2121 having 52 upvotes explicitly recommending A and D, and citing Google documentation that combines Binary Authorization with vulnerability scanning). Option B is redundant with A as Kritis is part of Binary Authorization's attestation process. Option C focuses on access control but doesn't inherently verify container integrity or security, and trusted service accounts could still deploy vulnerable or unverified containers.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To securely deploy workloads and ensure only verified containers are deployed on Google Cloud for the EHR Healthcare case study, which two actions should you take?
A
Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline.
B
Configure Jenkins to utilize Kritis to cryptographically sign a container as part of a CI/CD pipeline.
C
Configure Container Registry to only allow trusted service accounts to create and deploy containers from the registry.
D
Configure Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload.