Google Cloud Professional Cloud Developer — Question 290

You are migrating a containerized application to Cloud Run. You plan to use Cloud Build to build your container image and push it to Artifact Registry, and you plan to use Cloud Deploy to deploy the image to production. You need to ensure that only secure images are deployed to production. What should you do?

Answer options

• A. Use Cloud Armor in front of Cloud Run to protect the container image from threats.
• B. Use Artifact Analysis to scan the image for vulnerabilities. Use Cloud Key Management Service to encrypt the image to be deployed to production.
• C. Use Secret Manager to store the encrypted image. Deploy this image to production.
• D. Use Binary Authorization to enforce a policy that only allows images that have been signed with a trusted key to be deployed to production.

Correct answer: D

Explanation

The correct answer is D because Binary Authorization allows you to enforce deployment policies based on image signatures, ensuring only trusted images are used. Options A and C do not specifically address the need for secure image deployment, while option B, although it involves scanning for vulnerabilities, does not provide the necessary enforcement mechanism for production deployment security.