Google Cloud Professional Cloud Developer — Question 131

You are a SaaS provider deploying dedicated blogging software to customers in your Google Kubernetes Engine (GKE) cluster. You want to configure a secure multi-tenant platform to ensure that each customer has access to only their own blog and can't affect the workloads of other customers. What should you do?

Answer options

• A. Enable Application-layer Secrets on the GKE cluster to protect the cluster.
• B. Deploy a namespace per tenant and use Network Policies in each blog deployment.
• C. Use GKE Audit Logging to identify malicious containers and delete them on discovery.
• D. Build a custom image of the blogging software and use Binary Authorization to prevent untrusted image deployments.

Correct answer: B

Explanation

The correct answer is B because deploying a namespace per tenant allows for logical separation of resources, and Network Policies can enforce communication rules, ensuring tenants cannot interfere with each other's workloads. Options A, C, and D do not provide the necessary tenant isolation required for a secure multi-tenant platform.