Google Cloud Professional Cloud DevOps Engineer — Question 16

You are managing the production deployment to a set of Google Kubernetes Engine (GKE) clusters. You want to make sure only images which are successfully built by your trusted CI/CD pipeline are deployed to production. What should you do?

Answer options

• A. Enable Cloud Security Scanner on the clusters.
• B. Enable Vulnerability Analysis on the Container Registry.
• C. Set up the Kubernetes Engine clusters as private clusters.
• D. Set up the Kubernetes Engine clusters with Binary Authorization.

Correct answer: D

Explanation

The correct answer is D, as Binary Authorization enforces deployment policies to ensure that only trusted images from your CI/CD pipeline are deployed. Option A, Cloud Security Scanner, focuses on identifying vulnerabilities in your application but does not prevent untrusted images from being deployed. Option B, Vulnerability Analysis, helps identify security issues in images but does not enforce deployment restrictions. Option C, setting up private clusters, improves security but does not specifically control which images are allowed for deployment.