Topic 1 Question 135
Your company operates in a highly regulated domain. Your security team requires that only trusted container images can be deployed to Google Kubernetes Engine (GKE). You need to implement a solution that meets the requirements of the security team while minimizing management overhead. What should you do?
Configure Binary Authorization in your GKE clusters to enforce deploy-time security policies.
Grant the roles/artifactregistry.writer role to the Cloud Build service account. Confirm that no employee has Artifact Registry write permission.
Use Cloud Run to write and deploy a custom validator. Enable an Eventarc trigger to perform validations when new images are uploaded.
Configure Kritis to run in your GKE clusters to enforce deploy-time security policies.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: A👍 2koo_kai2023/10/28
- 正解だと思う選択肢: A
using binary-authorization
👍 1lelele20232023/11/01 A is the answer.
👍 1mshafa2023/11/03
シャッフルモード