Google Professional Cloud DevOps Engineer Exam - Topic 12 Question 1 Discussion

Actual exam question for Google's Professional Cloud DevOps Engineer exam

Question #: 1
Topic #: 12

[All Professional Cloud DevOps Engineer Questions]

Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to a Kubernetes cluster in the production environment. The security auditor is concerned that developers or operators could circumvent automated testing and push code changes to production without approval. What should you do to enforce approvals?

AConfigure the build system with protected branches that require pull request approval.

BUse an Admission Controller to verify that incoming requests originate from approved sources.

CLeverage Kubernetes Role-Based Access Control (RBAC) to restrict access to only approved users.

DEnable binary authorization inside the Kubernetes cluster and configure the build pipeline as an attestor.

Show Suggested Answer

Suggested Answer: A

by Lenna at May 08, 2022, 09:52 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud DevOps Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Johna

4 months ago

Wait, can you really enforce all this with just one option?

upvoted 0 times

...

Alesia

4 months ago

B could add an extra layer of security, good idea!

upvoted 0 times

...

Florinda

4 months ago

D sounds interesting, but is it really necessary?

upvoted 0 times

...

Sunny

4 months ago

I think C is more effective for user access control.

upvoted 0 times

...

Aleta

5 months ago

A is a solid choice for ensuring code reviews.

upvoted 0 times

...

Salome

5 months ago

Option D rings a bell; binary authorization could be a strong way to enforce security in Kubernetes. I think we practiced a similar question about it, but I’m not completely confident on the details.

upvoted 0 times

...

Flo

5 months ago

I feel like RBAC (option C) is a solid choice too. We talked about it in relation to limiting access, but I’m not sure if it fully addresses the approval process.

upvoted 0 times

...

Shala

5 months ago

I'm not entirely sure, but I remember something about Admission Controllers from our last study session. They seem relevant for validating requests, but I wonder if they cover all scenarios.

upvoted 0 times

...

Wade

5 months ago

I think option A sounds familiar, like something we discussed about protecting branches in Git. It could help ensure that only approved changes get merged.

upvoted 0 times

...

Desmond

5 months ago

Hmm, I'm a bit confused by the options. I'll need to think through the key benefits of a WAN to determine the right answers.

upvoted 0 times

...

Jeannetta

5 months ago

This seems like a tricky question, but I think I can work through it. Let me think this through step-by-step.

upvoted 0 times

...

Truman

5 months ago

Hmm, this seems like a straightforward question about the types of Multi-KPI Alerts. I'll need to carefully review each option to determine which one is valid.

upvoted 0 times

...