Google Cloud Professional Cloud Security Engineer — Question 193

Your organization deploys a large number of containerized applications on Google Kubernetes Engine (GKE). Node updates are currently applied manually. Audit findings show that a critical patch has not been installed due to a missed notification. You need to design a more reliable, cloud-first, and scalable process for node updates. What should you do?

Answer options

• A. Configure node auto-upgrades for node pools in the maintenance windows.
• B. Develop a custom script to continuously check for patch availability, download patches, and apply the patches across all components of the cluster.
• C. Migrate the cluster infrastructure to a self-managed Kubernetes environment for greater control over the patching process.
• D. Schedule a daily reboot for all nodes to automatically upgrade.

Correct answer: A

Explanation

The correct answer is A, as configuring node auto-upgrades ensures that patches are applied automatically during designated maintenance windows, reducing the risk of missed updates. Option B, while proactive, involves manual scripting and does not guarantee timely updates. Option C introduces additional complexity by migrating to a self-managed environment, which may not be necessary for effective patch management. Option D is not a reliable method for applying patches, as reboots do not ensure that the latest updates are installed.