Design a solution infrastructure that meets technical requirements — GCP PCA Practice Question 41

How to approach this question

Identify the services for storing containers, signing them, and enforcing deployment policies.

Full Answer

Artifact Registry., Binary Authorization., Cloud KMS.

To secure a software supply chain on GCP: 1) Artifact Registry stores the images and runs vulnerability scans. 2) If the scan passes, a CI/CD tool uses a key from Cloud KMS to create a cryptographic signature (attestation). 3) Binary Authorization is configured on the GKE cluster to verify that signature before allowing the pod to start.

Common mistakes

Missing Cloud KMS, which is required to generate the asymmetric keys used for the Binary Authorization attestations.

You are designing a CI/CD pipeline using Cloud Build. You want to ensure that container images are only deployed to GKE if they have been scanned for vulnerabilities and signed by a trusted authority. Which THREE GCP services are required to implement this? (Select THREE)

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 1

More questions from this exam