Medium1 markMultiple Choice

Subtask 1.2: Design a solution infrastructure that meets technical requirementsSecurityCI/CDBinary AuthorizationArtifact Registry

GCP PCA · Question 41 · Design a solution infrastructure that meets technical requirements

You are designing a CI/CD pipeline using Cloud Build. You want to ensure that container images are only deployed to GKE if they have been scanned for vulnerabilities and signed by a trusted authority. Which THREE GCP services are required to implement this? (Select THREE)

Answer options:

Artifact Registry.

Binary Authorization.

Cloud KMS.

Cloud Data Loss Prevention (DLP).

VPC Service Controls.

Secret Manager.

How to approach this question

Identify the services for storing containers, signing them, and enforcing deployment policies.

Full Answer

To secure a software supply chain on GCP: 1) Artifact Registry stores the images and runs vulnerability scans. 2) If the scan passes, a CI/CD tool uses a key from Cloud KMS to create a cryptographic signature (attestation). 3) Binary Authorization is configured on the GKE cluster to verify that signature before allowing the pod to start.

Common mistakes

Missing Cloud KMS, which is required to generate the asymmetric keys used for the Binary Authorization attestations.

Question 40 All questions Question 42

Practice the full GCP Professional Cloud Architect Practice Exam 1

50 questions · hints · full answers · grading

More questions from this exam

Q01**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Hard Q02**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium Q03**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Hard Q04**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium Q05**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium

View all 50 questions →