Google Cloud Professional Cloud Developer — Question 219

Your company’s development teams want to use various open source operating systems in their Docker builds. When images are created in published containers in your company’s environment, you need to scan them for Common Vulnerabilities and Exposures (CVEs). The scanning process must not impact software development agility. You want to use managed services where possible. What should you do?

Answer options

• A. Enable the Vulnerability scanning setting in the Container Registry.
• B. Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs.
• C. Disallow the use of non-commercially supported base images in your development environment.
• D. Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used.

Correct answer: A

Explanation

The correct answer is A because enabling the Vulnerability scanning setting in the Container Registry allows for an automated and managed way to scan images for CVEs without disrupting development workflows. Option B involves manual intervention and may slow down the process, while option C restricts flexibility by not allowing open-source images. Option D relies on manual review of Cloud Build outputs, which is not as efficient as an automated scanning solution.