Google Cloud Professional Cloud Security Engineer — Question 111

You run applications on Cloud Run. You already enabled container analysis for vulnerability scanning. However, you are concerned about the lack of control on the applications that are deployed. You must ensure that only trusted container images are deployed on Cloud Run.

What should you do? (Choose two.)

Answer options

• A. Enable Binary Authorization on the existing Cloud Run service.
• B. Set the organization policy constraint constraints/run.allowedBinaryAuthorizationPolicies to the list or allowed Binary Authorization policy names.
• C. Enable Binary Authorization on the existing Kubernetes cluster.
• D. Use Cloud Run breakglass to deploy an image that meets the Binary Authorization policy by default.
• E. Set the organization policy constraint constraints/compute.trustedImageProjects to the list of projects that contain the trusted container images.

Correct answer: A, B

Explanation

The correct answers are A and B because enabling Binary Authorization on the Cloud Run service ensures that only approved container images can be deployed, while setting the organization policy constraint allows you to specify which Binary Authorization policies are permitted. Options C and D are irrelevant as they pertain to Kubernetes and temporary deployments, and option E, while related to trusted images, does not directly enforce the use of Binary Authorization for Cloud Run.