ExpertMedium1 markMultiple Choice
Domain 4: Analyzing and Optimizing Technical and Business ProcessesCI/CDSecurityBinary Authorization
GCP PCA · Question 31 · Domain 4: Analyzing and Optimizing Technical and Business Processes
To ensure software supply chain security, your CISO requires that only container images verified by the QA team can be deployed to the production GKE cluster. Which combination of services achieves this?
To ensure software supply chain security, your CISO requires that only container images verified by the QA team can be deployed to the production GKE cluster. Which combination of services achieves this?
Answer options:
A.
Cloud Source Repositories and Cloud Armor.
B.
Cloud Build, Artifact Registry, and Binary Authorization.
C.
Jenkins and Identity-Aware Proxy.
D.
Security Command Center and Cloud DLP.
How to approach this question
Identify the GCP service for container deployment enforcement.
Full Answer
B.Cloud Build, Artifact Registry, and Binary Authorization.✓ Correct
Cloud Build, Artifact Registry, and Binary Authorization.
Binary Authorization works with GKE to ensure only trusted, signed container images (attested by QA via Cloud Build/Artifact Registry) are deployed.
Common mistakes
Thinking IAM alone can prevent untrusted image deployment.
Practice the full GCP Professional Cloud Architect Practice Exam 2
50 questions · hints · full answers · grading
More questions from this exam
Q01CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ02CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ03CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...HardQ04CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ05CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Easy