Google Cloud Professional Cloud Security Engineer — Question 258

A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE).
How should the DevOps team accomplish this?

Answer options

• A. Use Puppet or Chef to push out the patch to the running container.
• B. Verify that auto upgrade is enabled; if so, Google will upgrade the nodes in a GKE cluster.
• C. Update the application code or apply a patch, build a new image, and redeploy it.
• D. Configure containers to automatically upgrade when the base image is available in Container Registry.

Correct answer: C

Explanation

The correct answer is C because the DevOps team needs to create a new container image that includes the patch and then redeploy it to ensure the application runs the updated version. Options A and D are incorrect as they do not involve rebuilding the container image, and option B does not address patching the application itself.