Google Cloud Professional Cloud Developer — Question 335

You are responsible for improving the security of your Cloud Run services to protect these services against supply chain threats. You need to ensure that there are adequate security controls such as SLSA Level 3 builds for container images and non-falsifiable provenance for container images by using Google Cloud tools. What should you do?

Answer options

• A. Ask developers to build container images locally and ensure strict version controls by using Container Registry.
• B. Use Cloud Build to build container images. Configure a Binary Authorization policy on the Cloud Run job.
• C. Use Cloud Deploy to generate authenticated and non-falsifiable build provenance for container images.
• D. Use Cloud Build to build container images. Use Cloud Scheduler to automate delivery of your applications to a series of target environments in a defined sequence.

Correct answer: B

Explanation

The correct answer is B because using Cloud Build along with Binary Authorization ensures that only verified builds are deployed to Cloud Run, which aligns with SLSA Level 3 requirements. Option A is incorrect as local builds do not provide the necessary security guarantees. Option C, while useful for provenance, does not specifically address the need for Binary Authorization. Option D focuses on deployment automation rather than securing the build process.