Topic 1 Question 119
You are building and running client applications in Cloud Run and Cloud Functions. Your client requires that all logs must be available for one year so that the client can import the logs into their logging service. You must minimize required code changes. What should you do?
Deploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods.
Configure Identity and Access Management (IAM) policies to create a least privilege model on your GKE clusters.
Use Binary Authorization to attest images during your CI/CD pipeline.
Enable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images.
ユーザの投票
コメント(7)
it seems that the question doesn't match the answers.
👍 4florian_cartron2023/10/09It seems like questions doesnt match with the answers given
👍 3Jason_Cloud_at2023/10/26- 正解だと思う選択肢: C
Maybe this is the correct question for them:
As part of your company's initiative to shift left on security, the InfoSec team is asking all teams to implement guard rails on all the Google Kubernetes Engine (GKE) clusters to only allow the deployment of trusted and approved images. You need to determine how to satisfy the InfoSec team's goal of shifting left on security. What should you do?
And the answer should be option C:
Binary Authorization allows you to define and enforce policies that determine which container images can run in your GKE environment based on image signatures. By integrating Binary Authorization into your CI/CD pipeline, you can ensure that only trusted and approved images, with the correct attestations, are deployed to the GKE clusters.
👍 2xhilmi2023/12/06
シャッフルモード