Google Professional Cloud Architect Exam - Topic 10 Question 2 Discussion

Actual exam question for Google's Professional Cloud Architect exam

Question #: 2
Topic #: 10

[All Professional Cloud Architect Questions]

Your company has an application running on a deployment in a GKE cluster. You have a separate cluster for development, staging and production. You have discovered that the team is able to deploy a Docker image to the production cluster without first testing the deployment in development and then staging. You want to allow the team to have autonomy but want to prevent this from happening. You want a Google Cloud solution that can be implemented quickly with minimal effort. What should you do?

ACreate a Kubernetes admission controller to prevent the container from starting if it is not approved for usage in the given environment

BConfigure a Kubernetes lifecycle hook to prevent the container from starting if it is not approved for usage in the given environment

CImplement a corporate policy to prevent teams from deploying Docker image to an environment unless the Docker image was tested in an earlier environment

DConfigure the binary authorization policies for the development, staging and production clusters. Create attestations as part of the continuous integration pipeline''

Show Suggested Answer

Suggested Answer: D

https://cloud.google.com/architecture/prep-kubernetes-engine-for-prod#binary-authorization

The most common Binary Authorization use cases involve attestations. An attestation certifies that a specific image has completed a previous stage, as described previously. You configure the Binary Authorization policy to verify the attestation before allowing the image to be deployed. At deploy time, instead of redoing activities that were completed in earlier stages, Binary Authorization only needs to verify the attestation. https://cloud.google.com/binary-authorization/docs/overview

by Nickolas at May 06, 2022, 01:12 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Architect Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Daron

4 months ago

I like option A, but it might add extra overhead.

upvoted 0 times

...

Audry

4 months ago

Implementing a corporate policy sounds too rigid for our team.

upvoted 0 times

...

Kenny

4 months ago

Wait, can you really prevent deployments with an admission controller?

upvoted 0 times

...

Arlene

4 months ago

Totally agree, binary authorization is key!

upvoted 0 times

...

Rocco

5 months ago

I think option D is the best choice for security.

upvoted 0 times

...

Arlean

5 months ago

Implementing a corporate policy seems too manual. I feel like there should be a more automated way, like using admission controllers or binary authorization.

upvoted 0 times

...

Margot

5 months ago

I'm a bit confused about lifecycle hooks. I don't recall them being used for deployment approvals, but maybe I missed something in my notes.

upvoted 0 times

...

Chantell

5 months ago

I think option D sounds familiar; it might be related to binary authorization, which I practiced in a similar question about securing deployments.

upvoted 0 times

...

Jesusita

5 months ago

I remember studying about admission controllers, but I'm not entirely sure if they can enforce deployment policies effectively.

upvoted 0 times

...

Wilford

5 months ago

Hmm, I'm a bit unsure about the differences between these Citrix ADC features. I'll need to refresh my memory on when to use each one. Maybe I can find some examples in the course materials to help me decide.

upvoted 0 times

...

Ceola

5 months ago

This looks like a straightforward question about software model lifecycles. I'll carefully read through the options and select the one that best fits the question.

upvoted 0 times

...

Barney

5 months ago

I vaguely recall something about Types 0 and 9 but not sure if they apply here. Should we be looking at the standard ones instead?

upvoted 0 times

...