Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 2 Question 104 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 104
Topic #: 2
[All Professional Cloud Security Engineer Questions]

Your organization is building a real-time recommendation engine using ML models that process live user activity data stored in BigQuery and Cloud Storage. Each new model developed is saved to Artifact Registry. This new system deploys models to Google Kubernetes Engine and uses Pub/Sub for message queues. Recent industry news has been reporting attacks exploiting ML model supply chains. You need to enhance the security in this serverless architecture, specifically against risks to the development and deployment pipeline. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

To enhance the security of your machine learning (ML) model supply chain within a serverless architecture, it's crucial to implement measures that protect both the development and deployment pipelines.

Option A: While limiting external dependencies and rotating encryption keys are good security practices, they do not directly address the risks associated with the ML model supply chain.

Option B: Implementing container image vulnerability scanning during development and pre-deployment helps identify and mitigate known vulnerabilities in your container images. Enforcing Binary Authorization ensures that only trusted and verified images are deployed in your environment. This combination directly strengthens the security of the ML model supply chain by validating the integrity of container images before deployment.

Option C: Sanitizing training data and applying role-based access controls are important security practices but do not specifically safeguard the deployment pipeline against compromised container images.

Option D: While strict firewall rules and intrusion detection systems enhance network security, they do not specifically address vulnerabilities within the container images or the deployment process.

Therefore, Option B is the most effective approach, as it directly addresses the security of the development and deployment pipeline by ensuring that only vetted and secure container images are used in your environment.


Container Scanning Overview

Binary Authorization Overview

by Olen at Jul 07, 2025, 07:29 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jerry
3 months ago
C is important too, but can we really sanitize all training data effectively?
upvoted 0 times
...
Viki
3 months ago
I agree, vulnerability scanning is crucial!
upvoted 0 times
...
Moon
4 months ago
Limiting dependencies is good, but B is definitely the way to go!
upvoted 0 times
...
Millie
4 months ago
Wait, are we really at risk of model supply chain attacks?
upvoted 0 times
...
Elliott
4 months ago
B seems like a solid choice for security.
upvoted 0 times
...
Hester
4 months ago
I’m leaning towards option B as well. The idea of enforcing Binary Authorization really stood out to me during our practice questions, especially for CI/CD pipelines.
upvoted 0 times
...
Lai
5 months ago
Option C sounds familiar; I recall we talked about data sanitization and IAM roles. But I wonder if that alone would cover all the risks mentioned in the question.
upvoted 0 times
...
Luisa
5 months ago
I think limiting external libraries is a good practice, but I feel like it might not be enough on its own. We need to think about the whole pipeline security.
upvoted 0 times
...
Emeline
5 months ago
I remember we discussed the importance of vulnerability scanning in our last study session. It seems like option B might be the right choice, but I'm not entirely sure.
upvoted 0 times
...
Glenn
5 months ago
Whoa, this is a lot to consider. Sanitizing training data and using IAM for authorization are important, but I'm not sure if that fully addresses the supply chain risks mentioned in the question. I'll need to think this through carefully.
upvoted 0 times
...
Lavera
5 months ago
Okay, I think I've got a handle on this. Enabling container image scanning and enforcing Binary Authorization seems like a solid way to secure the CI/CD pipeline. I'll make sure to highlight that in my answer.
upvoted 0 times
...
Minna
5 months ago
Hmm, this is a tricky one. I'm not entirely sure about the best approach, but limiting external dependencies and rotating encryption keys sounds like a good start to enhance security. I'll need to review the other options as well.
upvoted 0 times
...
Andrew
6 months ago
This question seems to cover a lot of different security considerations for the ML model development and deployment pipeline. I'll need to carefully read through the options and think about the key risks and mitigation strategies.
upvoted 0 times
...
Detra
8 months ago
Thoroughly sanitizing training data and using IAM for authorization are crucial too.
upvoted 0 times
...
Catarina
8 months ago
Option C is interesting, but sanitizing training data alone won't cut it. We need to secure the entire pipeline, from development to deployment.
upvoted 0 times
...
Virgie
8 months ago
Yes, that would help secure our CI/CD pipeline.
upvoted 0 times
...
Yuette
8 months ago
Haha, I'd love to see the firewall rules that can stop a determined hacker from breaking into a Pub/Sub queue. Option D is a bit overkill, don't you think?
upvoted 0 times
Malcolm
6 months ago
Yeah, security is always a top priority, especially when dealing with sensitive data in a serverless architecture.
upvoted 0 times
...
Kayleigh
6 months ago
Limiting external libraries and continuously rotating encryption keys could also help mitigate risks.
upvoted 0 times
...
Rosendo
6 months ago
True, it's important to consider all possible vulnerabilities and take necessary precautions.
upvoted 0 times
...
Kanisha
6 months ago
I agree, maybe a combination of options A and B would provide a good balance of security measures.
upvoted 0 times
...
Sarina
6 months ago
Option D does seem a bit extreme, but it's better to be safe than sorry.
upvoted 0 times
...
Becky
6 months ago
I agree, we should consider a combination of options to enhance security.
upvoted 0 times
...
Theodora
8 months ago
Option D might be overkill, but it's better to be safe than sorry.
upvoted 0 times
...
...
Aleta
8 months ago
I believe enabling container image vulnerability scanning and enforcing Binary Authorization is also important.
upvoted 0 times
...
Javier
8 months ago
I agree with Virgie. That sounds like a good security measure.
upvoted 0 times
...
Virgie
9 months ago
I think we should limit external libraries and rotate encryption keys.
upvoted 0 times
...
Quentin
9 months ago
I agree, option B is the most comprehensive solution to address the ML supply chain risks. Limiting dependencies and rotating keys are also good practices.
upvoted 0 times
Sharee
8 months ago
C) Thoroughly sanitize all training data prior to model development to reduce risk of poisoning attacks. Use IAM for authorization, and apply role-based restrictions to code repositories and cloud services.
upvoted 0 times
...
Kimbery
8 months ago
A) Limit external libraries and dependencies that are used for the ML models as much as possible. Continuously rotate encryption keys that are used to access the user data from BigQuery and Cloud Storage.
upvoted 0 times
...
Elmira
8 months ago
B) Enable container image vulnerability scanning during development and pre-deployment. Enforce Binary Authorization on images deployed from Artifact Registry to your continuous integration and continuous deployment (CI/CD) pipeline.
upvoted 0 times
...
...
Ernest
9 months ago
Option B seems like the way to go. Scanning containers and enforcing authorization on image deployment is crucial for securing the ML pipeline.
upvoted 0 times
Alisha
8 months ago
A) Limit external libraries and dependencies that are used for the ML models as much as possible. Continuously rotate encryption keys that are used to access the user data from BigQuery and Cloud Storage.
upvoted 0 times
...
Kimi
8 months ago
C) Thoroughly sanitize all training data prior to model development to reduce risk of poisoning attacks. Use IAM for authorization, and apply role-based restrictions to code repositories and cloud services.
upvoted 0 times
...
Carey
9 months ago
B) Enable container image vulnerability scanning during development and pre-deployment. Enforce Binary Authorization on images deployed from Artifact Registry to your continuous integration and continuous deployment (CI/CD) pipeline.
upvoted 0 times
...
...

Save Cancel