Google Cloud Professional Cloud Security Engineer — Question 29

A DevOps team will create a new container to run on Google Kubernetes Engine. As the application will be internet-facing, they want to minimize the attack surface of the container.
What should they do?

Answer options

• A. Use Cloud Build to build the container images.
• B. Build small containers using small base images.
• C. Delete non-used versions from Container Registry.
• D. Use a Continuous Delivery tool to deploy the application.

Correct answer: B

Explanation

Building small containers using small base images minimizes the attack surface by including only the essential components needed for the application, reducing potential vulnerabilities. Options A and D focus on the build and deployment processes rather than the container's size and security, while option C addresses image management but does not directly reduce the attack surface.