Google Cloud Professional Cloud DevOps Engineer — Question 174

You receive a Cloud Monitoring alert indicating potential malicious activity on a node in your Google Kubernetes Engine (GKE) cluster. The alert suggests a possible compromised container running on that node. You need to isolate this node to prevent further compromise while investigating the issue. You also want to minimize disruption to applications running on the cluster. What should you do?

Answer options

• A. Taint the suspicious node to prevent Pods that have interacted with it from being scheduled on other nodes in the cluster
• B. Scale down the deployment associated with the compromised container to zero other nodes
• C. Restart the node to disrupt the malicious activity, and force all Pods to be restructured on other nodes.
• D. Cordon the node to prevent new Pods from being scheduled, the drain the node to safely remove existing Pods and reschedule them to other nodes.

Correct answer: D

Explanation

The correct answer is D because cordoning the node prevents new Pods from being scheduled on it, and draining it safely relocates existing Pods, minimizing disruption. Option A incorrectly suggests tainting, which doesn't effectively isolate the node. Option B would stop the deployment but doesn't address the compromised node directly. Option C may disrupt services unnecessarily by rebooting the node without ensuring safe relocation of Pods.