Google Cloud Professional Cloud Security Engineer — Question 114

A company is using Google Kubernetes Engine (GKE) with container images of a mission-critical application. The company wants to scan the images for known security issues and securely share the report with the security team without exposing them outside Google Cloud.

What should you do?

Answer options

• A. 1. Enable Container Threat Detection in the Security Command Center Premium tier. 2. Upgrade all clusters that are not on a supported version of GKE to the latest possible GKE version. 3. View and share the results from the Security Command Center.
• B. 1. Use an open source tool in Cloud Build to scan the images. 2. Upload reports to publicly accessible buckets in Cloud Storage by using gsutil. 3. Share the scan report link with your security department.
• C. 1. Enable vulnerability scanning in the Artifact Registry settings. 2. Use Cloud Build to build the images. 3. Push the images to the Artifact Registry for automatic scanning. 4. View the reports in the Artifact Registry.
• D. 1. Get a GitHub subscription. 2. Build the images in Cloud Build and store them in GitHub for automatic scanning. 3. Download the report from GitHub and share with the Security Team.

Correct answer: C

Explanation

The correct answer is C because it outlines a method to enable vulnerability scanning directly within the Artifact Registry, which is designed to work seamlessly with GKE. Options A and B do not provide a secure method for sharing results, while option D involves external services (GitHub) that could expose sensitive information.