Topic 1 Question 295
Your organization heavily utilizes serverless applications while prioritizing security best practices. You are responsible for enforcing image provenance and compliance with security standards before deployment. You leverage Cloud Build as your continuous integration and continuous deployment (CI/CD) tool for building container images. You must configure Binary Authorization to ensure that only images built by your Cloud Build pipeline are deployed and that the images pass security standard compliance checks. What should you do?
Create a Binary Authorization attestor that uses a scanner to assess source code management repositories. Deploy images only if the attestor validates results against a security policy.
Create a Binary Authorization attestor that utilizes a scanner to evaluate container image build processes. Define a policy that requires deployment of images only if this attestation is present.
Create a Binary Authorization attestor that retrieves the Cloud Build build ID of the container image. Configure a policy to allow deployment only if there's a matching build ID attestation.
Utilize a custom Security Health Analytics module to create a policy. Enforce the policy through Binary Authorization to prevent deployment of images that do not meet predefined security standards.
ユーザの投票
コメント(5)
C - Image Provenance: By using the Cloud Build build ID as the attestation, you can directly link the deployed image to the specific build process that created it. This ensures that only images built by your trusted CI/CD pipeline are deployed. Security Standards Compliance: You can integrate security checks into your Cloud Build pipeline, such as vulnerability scanning or compliance audits. If an image fails these checks, the build process can be aborted, preventing the creation of a non-compliant image. Policy Enforcement: The Binary Authorization policy ensures that only images with the correct build ID attestation are deployed, effectively enforcing the security standards you've defined in your CI/CD pipeline.
👍 1abdelrahman892024/10/04- 正解だと思う選択肢: C
I think it's C.
👍 1json4u2024/10/15 C:
Binary Authorization (overview) is a Google Cloud product that enforces deploy-time constraints on applications. Its Google Kubernetes Engine (GKE) integration allows users to enforce that containers deployed to a Kubernetes cluster are cryptographically signed by a trusted authority and verified by a Binary Authorization attestor.You can configure Binary Authorization to require attestations based on the location of the source code to prevent container images built from unauthorized source from being deployed.
👍 1jmaquino2024/10/30
シャッフルモード