Topic 1 Question 252
You work for a financial services company that has a container-first approach. Your team develops microservices applications. A Cloud Build pipeline creates the container image, runs regression tests, and publishes the image to Artifact Registry. You need to ensure that only containers that have passed the regression tests are deployed to Google Kubernetes Engine (GKE) clusters. You have already enabled Binary Authorization on the GKE clusters. What should you do next?
Create an attestor and a policy. After a container image has successfully passed the regression tests, use Cloud Build to run Kritis Signer to create an attestation for the container image.
Deploy Voucher Server and Voucher Client components. After a container image has successfully passed the regression tests, run Voucher Client as a step in the Cloud Build pipeline.
Set the Pod Security Standard level to Restricted for the relevant namespaces. Use Cloud Build to digitally sign the container images that have passed the regression tests.
Create an attestor and a policy. Create an attestation for the container images that have passed the regression tests as a step in the Cloud Build pipeline.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: A👍 2TNT872023/01/31
took my exam yesterday (01-03-2023) and this question was there
👍 2Pime132023/03/02- 正解だと思う選択肢: A
Binary Authorization in GKE provides a way to enforce that only verified container images are deployed in a cluster. In this scenario, to ensure that only containers that have passed the regression tests are deployed, you would create an attestor and a policy in Binary Authorization, and use Kritis Signer to create an attestation for the container image after it has passed the tests. The attestation verifies that the image meets the policy's criteria and is authorized to be deployed. This provides a secure and automated way to enforce that only containers that have passed the required tests are deployed in the cluster.
👍 1mrvergara2023/02/04
シャッフルモード