Practice Test 2 | Google Cloud Certified Professional Cloud Security Engineer | Dumps | Mock Test
A company has its applications running on a hardened Compute Engine. The company is considering moving to a containerized platform. There is a compliance requirement to use only hardened container images on the Google Kubernetes Engine clusters.
How can you enforce this requirement?
A. Use Firewall rules to restrict the images that can be used in the Project.
B. Use Access Context Manager to restrict the images that can be used in the Project.
C. Use VPC Service Controls control to restrict the images that can be used in the Project.
D. Use policy-based deployment control to restrict the images that can be used in the Project.
Answer: D
- Option A is incorrect. Firewall rules are used to restrict traffic at a network level.
- Option B is incorrect. Access Context Manager restricts traffic based on attributes such as country of origin.
- Option C is incorrect. VPC Security Controls is used to reduce the risk of data exfiltration.
- Option D is CORRECT. Binary Authorisation uses policy-based deployment controls to restrict the images that can be used by GKE clusters in a Project.
Reference:
Comments are closed, but trackbacks and pingbacks are open.