Google Cloud Professional Cloud DevOps Engineer — Question 50

Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to a Kubernetes cluster in the production environment. The security auditor is concerned that developers or operators could circumvent automated testing and push code changes to production without approval. What should you do to enforce approvals?

Answer options

• A. Configure the build system with protected branches that require pull request approval.
• B. Use an Admission Controller to verify that incoming requests originate from approved sources.
• C. Leverage Kubernetes Role-Based Access Control (RBAC) to restrict access to only approved users.
• D. Enable binary authorization inside the Kubernetes cluster and configure the build pipeline as an attestor.

Correct answer: D

Explanation

Enabling binary authorization in the Kubernetes cluster allows you to enforce policies that require images to be signed by trusted sources before they can be deployed, ensuring that only approved changes go to production. The other options do provide security, but they do not specifically enforce the approval process for code changes in the way binary authorization does.