Google Cloud Professional Cloud Security Engineer — Question 225

The InfoSec team has mandated that all new Cloud Run jobs and services in production must have Binary Authorization enabled. You need to enforce this requirement. What should you do?

Answer options

• A. Configure an organization policy to require Binary Authorization enforcement on images deployed to Cloud Run.
• B. Configure a Security Health Analytics (SHA) custom rule that prevents the execution of Cloud Run jobs and services without Binary Authorization.
• C. Ensure the Cloud Run admin role is not assigned to developers.
• D. Configure a Binary Authorization custom policy that is not editable by developers and auto-attaches to all Cloud Run jobs and services.

Correct answer: A

Explanation

The correct answer is A because configuring an organization policy is the most effective way to enforce Binary Authorization across all Cloud Run deployments. Option B, while it proposes a preventive measure, does not enforce the policy at the organizational level. Option C does not directly enforce Binary Authorization, and option D, while it suggests a useful approach, does not ensure that the policy is uniformly applied across the organization.