Google Cloud Professional Cloud DevOps Engineer — Question 179

You use Artifact Registry to store container images built with Cloud Build. You need to ensure that all existing and new images are continuously scanned for vulnerabilities. You also want to track who pushed each image to the registry. What should you do?

Answer options

• A. Configure Artifact Registry to automatically scan new images and periodically re-scan all images. Use Cloud Audit Logs to track image uploads and identify the user who pushed each image.
• B. Configure Artifact Registry to send vulnerability scan results to a Cloud Storage bucket. Use a separate script to parse results and notify a security team.
• C. Configure Artifact Registry to automatically re-scan images daily. Enable Cloud Audit Logs to track these scans, and use Logs Explorer to identify vulnerabilities.
• D. Configure Artifact Registry to automatically trigger vulnerability scans for new image tags, and view scan results. Use Cloud Audit Logs to track image tag creation events.

Correct answer: A

Explanation

Option A is correct because it ensures continuous scanning of both existing and new images while also using Cloud Audit Logs to track the user who uploaded each image. Options B and C do not provide a complete solution for tracking uploads, and option D only focuses on new image tags without addressing existing images or comprehensive tracking.