Google Cloud Professional Cloud DevOps Engineer — Question 59

Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to ensure the security and patch level of all code running through the pipeline. What should you do?

Answer options

• A. Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.
• B. Configure the containers in the build pipeline to always update themselves before release.
• C. Reconfigure the existing operating system vulnerability software to exist inside the container.
• D. Implement static code analysis tooling against the Docker files used to create the containers.

Correct answer: A

Explanation

Option A is correct because Container Analysis specifically addresses vulnerabilities within containers by identifying Common Vulnerabilities and Exposures. Options B and C do not adequately address the security concerns since they either rely on self-updating or repurposing VM tools which are not effective for containers. Option D focuses on static analysis of Docker files, which is useful but does not provide the comprehensive vulnerability scanning needed for production deployments.