Practice free →
HomeGCP Associate Cloud Engineercloudcomputinggcpsecurity › An organisation wants to enforce that only signe…

An organisation wants to enforce that only signed and approved container images can be deployed to GKE. Which Google Cloud product does this?

ABinary Authorization (with attestation policies on the container's image digest)
BCloud NAT (network egress filtering)
CCloud DNS query policies
DCloud Build (signing source repos)
Answer & Solution
Correct answer: A. Binary Authorization (with attestation policies on the container's image digest)
Binary Authorization sits in the GKE / Cloud Run deploy path and blocks deployment unless the image has the required attestations. Cloud Build builds artifacts, Cloud NAT routes traffic, DNS query policies aren't a deployment gate.
Solve this in the app — GCP Associate Cloud Engineer practice & 24k+ MCQs →
Related questions