Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to a Kubernetes cluster in the production environment. The security auditor is concerned that developers or operators could circumvent automated testing and push code changes to production without approval.
What should you do to enforce approvals?
A . Configure the build system with protected branches that require pull request approval.
B . Use an Admission Controller to verify that incoming requests originate from approved sources.
C . Leverage Kubernetes Role-Based Access Control (RBAC) to restrict access to only approved users.
D . Enable binary authorization inside the Kubernetes cluster and configure the build pipeline as an attestor.
Answer: D
Explanation:
The keywords here is "developers or operators". Option A the operators could push images to production without approval (operators could touch the cluster directly and the cluster cannot do any action against them). Rest same as francisco_guerra.
Latest Professional Cloud DevOps Engineer Dumps Valid Version with 52 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund