Google Cloud Professional Cloud Security Engineer — Question 222

When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)

Answer options

• A. Ensure that the app does not run as PID 1.
• B. Package a single app as a container.
• C. Remove any unnecessary tools not needed by the app.
• D. Use public container images as a base image for the app.
• E. Use many container image layers to hide sensitive information.

Correct answer: B, C

Explanation

The correct answers are B and C because packaging a single app minimizes complexity and security risks, while removing unnecessary tools reduces the attack surface. Options A, D, and E are less relevant to building a secure container image directly, as they either focus on application behavior or use of base images rather than the core principles of minimizing included components.