Topic 1 Question 246
Your organization relies heavily on Cloud Run for its containerized applications. You utilize Cloud Build for image creation, Artifact Registry for image storage, and Cloud Run for deployment. You must ensure that containers with vulnerabilities rated above a common vulnerability scoring system (CVSS) score of "medium" are not deployed to production. What should you do?
Implement vulnerability scanning as part of the Cloud Build process. If any medium or higher vulnerabilities are detected, manually rebuild the image with updated components.
Perform manual vulnerability checks post-build, but before Cloud Run deployment. Implement a manual security-engineer-driven remediation process.
Configure Binary Authorization on Cloud Run to enforce image signatures. Create policies to allow deployment only for images passing a defined vulnerability threshold.
Utilize a vulnerability scanner during the Cloud Build stage and set Artifact Registry permissions to block images containing vulnerabilities above "medium."
ユーザの投票
コメント(3)
- 正解だと思う選択肢: C
I think it's C.
👍 3yokoyan2024/09/05 - 正解だと思う選択肢: C
The best solution is C. Configure Binary Authorization on Cloud Run to enforce image signatures. Create policies to allow deployment only for images passing a defined vulnerability threshold.
Here's why this is the preferred approach:
Binary Authorization: Provides a strong, policy-based control mechanism for deploying containers. It ensures only trusted and verified images can be deployed to Cloud Run. Vulnerability Threshold: By setting a policy within Binary Authorization, you can explicitly block the deployment of any container images that have vulnerabilities exceeding a CVSS score of "medium". Automation: This approach enables automated enforcement of security standards at the deployment stage, preventing vulnerable images from reaching production.
👍 2Mr_MIXER0072024/09/09 - 正解だと思う選択肢: C👍 1JohnDohertyDoe2024/12/29
シャッフルモード