Exam4Training

What should you do?

Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to ensure the security and patch level of all code running through the pipeline.

What should you do?
A . Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.
B . Configure the containers in the build pipeline to always update themselves before release.
C . Reconfigure the existing operating system vulnerability software to exist inside the container.
D . Implement static code analysis tooling against the Docker files used to create the containers.

Answer: D

Explanation:

https://cloud.google.com/binary-authorization

Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on Google Kubernetes Engine (GKE) or Cloud Run. With Binary Authorization, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process.

Exit mobile version