Topic 4 Question 2
2 つ選択For this question, refer to the EHR Healthcare case study. You need to define the technical architecture for securely deploying workloads to Google Cloud. You also need to ensure that only verified containers are deployed using Google Cloud services. What should you do?
Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline.
Configure Jenkins to utilize Kritis to cryptographically sign a container as part of a CI/CD pipeline.
Configure Container Registry to only allow trusted service accounts to create and deploy containers from the registry.
Configure Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload.
ユーザの投票
コメント(17)
A & D
Binary Authorization to ensure only verified containers are deployed To ensure deployment are secure and and consistent, automatically scan images for vulnerabilities with container analysis (https://cloud.google.com/docs/ci-cd/overview?hl=en&skip_cache=true)
👍 35raf21212021/08/23IMHO its A&C
👍 26KillerGoogle2021/08/25Answer is A&C, here's why
A: Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline is a good option because Binary Authorization is a security feature that ensures that only verified containers are deployed to GKE clusters. By signing containers as part of a CI/CD pipeline, you can ensure that all containers deployed to GKE clusters are cryptographically signed, which allows Binary Authorization to verify the authenticity of the containers.
C: Configure Container Registry to only allow trusted service accounts to create and deploy containers from the registry is a good option because it allows you to control which service accounts can create and deploy containers from the registry. By only allowing trusted service accounts to create and deploy containers, you can ensure that only authorized users are able to deploy workloads to Google Cloud.
👍 5omermahgoub2022/12/27
シャッフルモード