Google Cloud Professional Cloud Security Engineer — Question 181
Your organization is building a real-time recommendation engine using ML models that process live user activity data stored in BigQuery and Cloud Storage. Each new model developed is saved to Artifact Registry. This new system deploys models to Google Kubernetes Engine, and uses Pub/Sub for message queues. Recent industry news have been reporting attacks exploiting ML model supply chains. You need to enhance the security in this serverless architecture, specifically against risks to the development and deployment pipeline. What should you do?
Answer options
- A. Enable container image vulnerability scanning during development and pre-deployment. Enforce Binary Authorization on images deployed from Artifact Registry to your continuous integration and continuous deployment (CVCD) pipeline.
- B. Thoroughly sanitize all training data prior to model development to reduce risk of poisoning attacks. Use IAM for authorization, and apply role-based restrictions to code repositories and cloud services.
- C. Limit external libraries and dependencies that are used for the ML models as much as possible. Continuously rotate encryption keys that are used to access the user data from BigQuery and Cloud Storage.
- D. Develop strict firewall rules to limit external traffic to Cloud Run instances. Integrate intrusion detection systems (IDS) for real-time anomaly detection on Pub/Sub message flows.
Correct answer: A
Explanation
Option A is correct because enabling container image vulnerability scanning and enforcing Binary Authorization ensures that only verified and secure images are deployed, protecting the pipeline from malicious attacks. Option B, while it enhances data security, does not directly address the supply chain risk in the development and deployment pipeline. Option C focuses on limiting dependencies and key rotation, which is important but not specific to the pipeline security enhancement. Option D addresses traffic security but does not target the vulnerabilities in the model supply chain.