Google Cloud Professional Cloud Architect — Question 203

Your company is rapidly deploying containerized microservices on Google Kubernetes Engine (GKE) using a robust CI/CD pipeline. Security is a top priority, and you need to implement a comprehensive and efficient strategy to prevent container image vulnerabilities from reaching your GKE production environment. What should you do? (Choose two.)

Answer options

• A. Review the security reports generated by Artifact Analysis for each container image before deployment to GKE.
• B. Incorporate vulnerability scanning before building container images, and use Google-maintained base images for your container deployments.
• C. Enable Artifact Analysis for the container images, and stop deployment if critical vulnerabilities are found.
• D. Use a custom security policy within your container image that restricts access to specific network ports and resources.
• E. Enable Shielded GKE Nodes on the production cluster to automatically block the execution of container images with known vulnerabilities.

Correct answer: B, C

Explanation

Options B and C are correct because they both involve proactive measures to identify and mitigate vulnerabilities before they can affect the production environment. Option A, while useful, lacks the proactive scanning aspect, and option D does not address vulnerabilities in the image itself. Option E focuses on runtime protection but does not prevent vulnerabilities from being deployed initially.