Google Professional Cloud DevOps Engineer Exam - Topic 8 Question 38 Discussion

Actual exam question for Google's Professional Cloud DevOps Engineer exam

Question #: 38
Topic #: 8

[All Professional Cloud DevOps Engineer Questions]

Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to ensure the security and patch level of all code running through the pipeline. What should you do?

ASet up Container Analysis to scan and report Common Vulnerabilities and Exposures.

BConfigure the containers in the build pipeline to always update themselves before release.

CReconfigure the existing operating system vulnerability software to exist inside the container.

DImplement static code analysis tooling against the Docker files used to create the containers.

Show Suggested Answer

Suggested Answer: A

by Nobuko at May 09, 2022, 05:27 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud DevOps Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Beatriz

4 months ago

Wait, can containers really have that many vulnerabilities?

upvoted 0 times

...

Stephanie

4 months ago

D is smart, static analysis can catch issues early.

upvoted 0 times

...

Meaghan

4 months ago

C sounds like a bad idea, it won't work in containers.

upvoted 0 times

...

Darci

4 months ago

I think B is risky, auto-updating can break things.

upvoted 0 times

...

Minna

5 months ago

A is the way to go for scanning vulnerabilities!

upvoted 0 times

...

Paris

5 months ago

I recall that reconfiguring OS vulnerability tools inside containers, as in option C, might not be effective since they’re designed for VMs.

upvoted 0 times

...

Delmy

5 months ago

I think we practiced something similar where we talked about static code analysis. Option D sounds familiar, but I wonder if it’s enough on its own.

upvoted 0 times

...

Melissa

5 months ago

I'm not entirely sure, but I feel like just updating containers before release, like in option B, might not catch all vulnerabilities.

upvoted 0 times

...

Jade

5 months ago

I remember we discussed the importance of scanning for vulnerabilities in containers, so I think option A makes sense.

upvoted 0 times

...

Stefany

5 months ago

I've seen this permission used before, so I'm confident that option A is the correct answer. It allows the app to access information about the device's Wi-Fi network.

upvoted 0 times

...

Jesusa

5 months ago

I'm a bit confused by the code fragment. I'll need to analyze the relationships between the classes and interfaces to figure out the correct answer.

upvoted 0 times

...