ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Subtask 4.1: Technical ProcessesBinary AuthorizationGKEDevSecOpsCI/CD

GCP PCA · Question 28 · Technical Processes

Your company is adopting a DevSecOps culture. The security team wants to ensure that only container images that have been built by the official CI/CD pipeline and scanned for vulnerabilities can be deployed to the production GKE cluster. How should you enforce this?

Answer options:

A.

Write a Kubernetes Mutating Admission Webhook to check the image registry URL before allowing the pod to start.

B.

Implement Binary Authorization on the GKE cluster and require attestations from Cloud Build and Container Analysis.

C.

Use IAM to restrict access to the GKE cluster so only the Cloud Build service account can run 'kubectl apply'.

D.

Enable Google Cloud Armor on the GKE ingress to block malicious traffic.

How to approach this question

Look for the GCP service designed specifically for container supply chain security and deploy-time enforcement.

Full Answer

B.Implement Binary Authorization on the GKE cluster and require attestations from Cloud Build and Container Analysis.✓ Correct
Implement Binary Authorization on the GKE cluster and require attestations from Cloud Build and Container Analysis.
Binary Authorization is a service that provides software supply-chain security for applications that run in the cloud. It works with GKE to enforce policies that require images to be signed by trusted authorities (like a vulnerability scanner or a CI/CD pipeline) before they can be deployed. If an image lacks the required attestations, Binary Authorization blocks the deployment.

Common mistakes

Assuming IAM restrictions (Option C) are enough. IAM controls who can deploy, but Binary Authorization controls WHAT can be deployed.
27All questions29

Practice the full GCP Professional Cloud Architect Practice Exam 7

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...HardQ02CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ03CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ04CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ05CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...Medium
View all 50 questions →