Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to ensure the security and patch level of all code running through the pipeline. What should you do?
A. Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.
B. Configure the containers in the build pipeline to always update themselves before release.
C. Reconfigure the existing operating system vulnerability software to exist inside the container.
D. Implement static code analysis tooling against the Docker files used to create the containers.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
A
Explanation
A. Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.
(To ensure the security and patch level of all code running through the pipeline, you should set up Container Analysis to scan and report Common Vulnerabilities and Exposures. Container Analysis is a service on GCP that allows you to scan and analyze container images for vulnerabilities, malware and other issues. This will help you identify vulnerabilities in your container images and take appropriate action to address them.
https://cloud.google.com/container-analysis/docs/container-analysis)
B. Configure the containers in the build pipeline to always update themselves before release.
C. Reconfigure the existing operating system vulnerability software to exist inside the container.
D. Implement static code analysis tooling against the Docker files used to create the containers.