Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Architect (PR000213) Exam - Topic 10 Question 2 Discussion

Your company has an application running on a deployment in a GKE cluster. You have a separate cluster for development, staging and production. You have discovered that the team is able to deploy a Docker image to the production cluster without first testing the deployment in development and then staging. You want to allow the team to have autonomy but want to prevent this from happening. You want a Google Cloud solution that can be implemented quickly with minimal effort. What should you do?
D) Configure the binary authorization policies for the development, staging and production clusters. Create attestations as part of the continuous integration pipeline''
A) Create a Kubernetes admission controller to prevent the container from starting if it is not approved for usage in the given environment
B) Configure a Kubernetes lifecycle hook to prevent the container from starting if it is not approved for usage in the given environment
C) Implement a corporate policy to prevent teams from deploying Docker image to an environment unless the Docker image was tested in an earlier environment

Google Professional Cloud Architect (PR000213) Exam - Topic 10 Question 2 Discussion

Actual exam question for Google's Professional Cloud Architect (PR000213) exam
Question #: 2
Topic #: 10
[All Professional Cloud Architect (PR000213) Questions]

Your company has an application running on a deployment in a GKE cluster. You have a separate cluster for development, staging and production. You have discovered that the team is able to deploy a Docker image to the production cluster without first testing the deployment in development and then staging. You want to allow the team to have autonomy but want to prevent this from happening. You want a Google Cloud solution that can be implemented quickly with minimal effort. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

https://cloud.google.com/architecture/prep-kubernetes-engine-for-prod#binary-authorization

The most common Binary Authorization use cases involve attestations. An attestation certifies that a specific image has completed a previous stage, as described previously. You configure the Binary Authorization policy to verify the attestation before allowing the image to be deployed. At deploy time, instead of redoing activities that were completed in earlier stages, Binary Authorization only needs to verify the attestation. https://cloud.google.com/binary-authorization/docs/overview


by Nickolas at May 06, 2022, 01:12 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Architect (PR000213) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Daron
7 months ago
I like option A, but it might add extra overhead.
upvoted 0 times
...
Audry
7 months ago
Implementing a corporate policy sounds too rigid for our team.
upvoted 0 times
...
Kenny
8 months ago
Wait, can you really prevent deployments with an admission controller?
upvoted 0 times
...
Arlene
8 months ago
Totally agree, binary authorization is key!
upvoted 0 times
...
Rocco
8 months ago
I think option D is the best choice for security.
upvoted 0 times
...
Arlean
8 months ago
Implementing a corporate policy seems too manual. I feel like there should be a more automated way, like using admission controllers or binary authorization.
upvoted 0 times
...
Margot
8 months ago
I'm a bit confused about lifecycle hooks. I don't recall them being used for deployment approvals, but maybe I missed something in my notes.
upvoted 0 times
...
Chantell
8 months ago
I think option D sounds familiar; it might be related to binary authorization, which I practiced in a similar question about securing deployments.
upvoted 0 times
...
Jesusita
8 months ago
I remember studying about admission controllers, but I'm not entirely sure if they can enforce deployment policies effectively.
upvoted 0 times
...
Wilford
8 months ago
Hmm, I'm a bit unsure about the differences between these Citrix ADC features. I'll need to refresh my memory on when to use each one. Maybe I can find some examples in the course materials to help me decide.
upvoted 0 times
...
Ceola
8 months ago
This looks like a straightforward question about software model lifecycles. I'll carefully read through the options and select the one that best fits the question.
upvoted 0 times
...
Barney
8 months ago
I vaguely recall something about Types 0 and 9 but not sure if they apply here. Should we be looking at the standard ones instead?
upvoted 0 times
...

Save Cancel