Google Cloud Professional Cloud Developer — Question 287

You use Cloud Build to build and test container images prior to deploying them to Cloud Run. Your images are stored in Artifact Registry. You need to ensure that only container images that have passed testing are deployed. You want to minimize operational overhead. What should you do?

Answer options

• A. Deploy a new revision to a Cloud Run service. Assign a tag that allows access to the revision at a specific URL without serving traffic. Test that revision again. Migrate the traffic to the Cloud Run service after you confirm that the new revision is performing as expected.
• B. Enable Binary Authorization on your Cloud Run service. Create an attestation if the container image has passed all tests. Configure Binary Authorization to allow only images with appropriate attestation to be deployed to the Cloud Run service.
• C. Create a GKE cluster. Verify that all tests have passed, and then deploy the image to the GKE cluster.
• D. Configure build provenance on your Cloud Build pipeline. Verify that all the tests have passed, and then deploy the image to a Cloud Run service.

Correct answer: B

Explanation

The correct answer is B because Binary Authorization ensures that only images that have passed specific tests can be deployed, thus enhancing security and compliance. Option A does not enforce testing prior to deployment, while C requires additional infrastructure with a GKE cluster, increasing operational overhead. Option D, while useful, does not provide the same level of enforcement as Binary Authorization.