GCP Professional Cloud Architect Practice Question
Developers at a financial-services firm push code for several microservices to GitHub Enterprise. Company policy requires that every container image be vulnerability-scanned before deployment. Operations wants a declarative release pipeline that automatically promotes releases from a staging GKE cluster to production, includes manual approval gates, supports automated rollback on failure, and demands minimal platform maintenance. Which Google Cloud-based design best satisfies all requirements?
Orchestrate the workflow in Cloud Composer: one DAG task runs docker build, a second task uploads to Artifact Registry, and subsequent tasks invoke Cloud Functions that execute kubectl commands after support engineers manually update the DAG to promote between environments.
Use Cloud Build with a GitHub trigger to build and push images, then add a build step that runs kubectl apply to deploy directly to the staging and production GKE clusters, relying on GKE rollout history for manual rollback if needed.
Run a self-hosted Jenkins pipeline on a dedicated GKE node pool to build images, store them in Container Registry, scan them with an open-source Clair server, and deploy with Helm charts to both clusters.
Trigger Cloud Build from GitHub Enterprise to build and test each commit, push the resulting image to Artifact Registry for automatic vulnerability scanning, then use Cloud Deploy with staged targets (staging → production) that include approval gates and built-in rollback to GKE.
Cloud Build can be triggered directly from GitHub Enterprise to compile, test, and build container images. Pushing those images to Artifact Registry automatically invokes Container Analysis vulnerability scanning, meeting the security mandate without extra tooling. Cloud Deploy consumes the image and a Skaffold-based manifest to create a release that is promoted through a staging and production delivery pipeline. Cloud Deploy natively supports approval gates between targets and can initiate rollback if a deployment fails a health check, all delivered as a fully managed service that minimizes operational overhead. The other options either lack native vulnerability scanning, do not provide managed approval/rollback capabilities, or require substantial self-managed infrastructure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Cloud Build integrate with GitHub Enterprise for automation?
Open an interactive chat with Bash
What features does Cloud Deploy offer for managing approval gates and rollbacks?
Open an interactive chat with Bash
Why is Artifact Registry preferred over Container Registry for vulnerability scanning?
Open an interactive chat with Bash
How does Artifact Registry's vulnerability scanning work?
Open an interactive chat with Bash
What is Cloud Deploy, and how does it support approval gates and rollback?
Open an interactive chat with Bash
What is the difference between Cloud Build and Jenkins for CI/CD pipelines?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Analyzing and optimizing technical and business processes
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .