Google Professional Cloud DevOps Engineer Exam - Topic 2 Question 104 Discussion

Actual exam question for Google's Professional Cloud DevOps Engineer exam

Question #: 104
Topic #: 2

[All Professional Cloud DevOps Engineer Questions]

Your company operates in a highly regulated domain. Your security team requires that only trusted container images can be deployed to Google Kubernetes Engine (GKE). You need to implement a solution that meets the requirements of the security team, while minimizing management overhead. What should you do?

AGrant the roles/artifactregistry. writer role to the Cloud Build service account. Confirm that no employee has Artifact Registry write permission.

BUse Cloud Run to write and deploy a custom validator Enable an Eventarc trigger to perform validations when new images are uploaded.

CConfigure Kritis to run in your GKE clusters to enforce deploy-time security policies.

DConfigure Binary Authorization in your GKE clusters to enforce deploy-time security policies

Show Suggested Answer

Suggested Answer: D

by Ligia at Apr 10, 2026, 06:51 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud DevOps Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Luis

4 days ago

I remember studying about Binary Authorization and how it helps enforce security policies at deployment time. It seems like a solid choice here.

upvoted 0 times

...