Multiple Choice
You are building a product on top of Google Kubernetes Engine (GKE) . You have a single GKE cluster. For each of your customers, a Pod is running in that cluster, and your customers can run arbitrary code inside their Pod. You want to maximize the isolation between your customers' Pods. What should you do?
A) Use Binary Authorization and whitelist only the container images used by your customers' Pods.
B) Use the Container Analysis API to detect vulnerabilities in the containers used by your customers' Pods.
C) Create a GKE node pool with a sandbox type configured to gvisor . Add the parameter runtimeClassName: gviso r to the specification of your customers' Pods. Create a GKE node pool with a sandbox type configured to gvisor . Add the parameter runtimeClassName: gviso r to the specification of your customers' Pods.
D) Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers' Pods. Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers' Pods.
Correct Answer:
Verified
Correct Answer:
Verified
Q42: You need to create a copy of
Q43: You are running an application on multiple
Q44: You have a project for your App
Q45: Users submit requests to a service that
Q46: You want to configure 10 Compute Engine
Q48: Your company wants to standardize the creation
Q49: A customer is running a critical payroll
Q50: Your company has a single sign-on (SSO)
Q51: You recently deployed a new version of
Q52: You created several resources in multiple Google