Google Cloud Professional Cloud Developer — Question 141

You are deploying a microservices application to Google Kubernetes Engine (GKE). The application will receive daily updates. You expect to deploy a large number of distinct containers that will run on the Linux operating system (OS). You want to be alerted to any known OS vulnerabilities in the new containers. You want to follow Google-recommended best practices. What should you do?

Answer options

• A. Use the gcloud CLI to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.
• B. Enable Container Analysis, and upload new container images to Artifact Registry. Review the vulnerability results before each deployment.
• C. Enable Container Analysis, and upload new container images to Artifact Registry. Review the critical vulnerability results before each deployment.
• D. Use the Container Analysis REST API to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.

Correct answer: B

Explanation

The correct answer is B because it involves enabling Container Analysis and uploading container images to Artifact Registry, which is the recommended approach for vulnerability scanning. While option A suggests using the gcloud CLI, it does not mention Artifact Registry, making it less optimal. Option C restricts the review to only critical vulnerabilities, which is insufficient for comprehensive security. Option D mentions using the REST API, but it lacks the best practice of utilizing Artifact Registry.