GCP Professional Cloud Architect Practice Question
A fintech company keeps its microservice source code in Cloud Source Repositories. Every merge to the main branch must automatically build container images, run unit tests, perform vulnerability scans, and then promote the same signed image through three environments: a GKE dev cluster, a Cloud Run UAT service (after manual approval), and a GKE production cluster with automatic rollback on failure. Operations wants a fully managed solution that requires the least custom scripting while providing release tracking and auditability. Which design best satisfies these requirements?
Configure a single Cloud Build trigger that builds, tests, scans, and sequentially deploys the image to each environment using kubectl and gcloud run deploy steps, referencing the latest tag in Artifact Registry.
Use a Cloud Build trigger to build, test, scan, and sign the image, store it in Artifact Registry, and then call Cloud Deploy to promote the signed image through a delivery pipeline that targets dev GKE, UAT Cloud Run (with an approval gate), and production GKE with automatic rollback enabled.
Have Cloud Build build and push images to Container Registry, then rely on a self-managed Spinnaker deployment running on GKE to promote releases to GKE and Cloud Run targets.
Replace Cloud Build with a Jenkins server on Compute Engine to run builds and scripts that deploy directly to GKE and Cloud Run, while storing images in Artifact Registry.
Using Cloud Build for the "build" stage and Cloud Deploy for the "release" stage cleanly separates concerns while relying only on managed GCP services. Cloud Build triggers on each merge, runs tests, scans, and pushes the image into Artifact Registry. The image is then signed so that Binary Authorization policies can protect the clusters. Cloud Build next invokes Cloud Deploy, which natively supports multi-target delivery pipelines to GKE and Cloud Run, configurable manual approval gates, and automatic rollback if health checks fail. The other options either lack managed release orchestration (Cloud Build alone), introduce self-hosted tooling that increases operational burden (Spinnaker or Jenkins), or fail to provide integrated gating and rollback features, so they do not meet the stated goals.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Cloud Build in GCP?
Open an interactive chat with Bash
What is the role of Cloud Deploy in the release pipeline?
Open an interactive chat with Bash
What is Binary Authorization and how does it ensure security?
Open an interactive chat with Bash
What does Cloud Build do?
Open an interactive chat with Bash
What is Cloud Deploy, and how does it work?
Open an interactive chat with Bash
What is Artifact Registry and why is it used here?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Analyzing and optimizing technical and business processes
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .