GCP Professional Cloud Architect Practice Question
Your company is refactoring a monolith into several containerized microservices that will run on two regional Google Kubernetes Engine (GKE) production clusters. Compliance policy requires that only images that have successfully passed unit tests and vulnerability scans, and that carry a signed attestation, may be deployed. The development team also wants automated canary releases with automatic rollback if service-level objectives (SLOs) are violated. Which combination of Google Cloud services and features will satisfy these requirements while minimizing custom code?
Run Cloud Build to build and push images directly to Container Registry, then use an open-source Spinnaker installation on Compute Engine to deploy and manage rollouts, using a Kubernetes admission controller for gating.
Trigger Cloud Build for testing and scanning, push signed images to Artifact Registry with build provenance, enforce Binary Authorization on GKE, and use Cloud Deploy for canary rollout and automated rollback.
Use Jenkins on Compute Engine VMs for builds and tests, store images in Artifact Registry, and invoke kubectl apply from a Cloud Function on a Cloud Scheduler cron job to update both clusters.
Orchestrate builds with Cloud Composer calling Cloud Run jobs, store images in Artifact Registry, and deploy to GKE with Deployment Manager templates.
Cloud Build can be triggered by source changes to execute unit tests and vulnerability scans and then push the resulting container image into Artifact Registry, automatically generating build provenance metadata. Cloud Build can also create a verifiable attestation that the build passed required checks. Binary Authorization on the GKE clusters is configured to admit only images that carry the required attestation, ensuring policy compliance. Cloud Deploy natively consumes images from Artifact Registry and supports progressive delivery strategies such as canary releases with automated SLO-based rollback, eliminating the need to manage custom deployment tooling. The other options either omit signed attestations, lack native progressive rollout and rollback, or rely on self-managed tooling that increases operational overhead.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Binary Authorization in GKE?
Open an interactive chat with Bash
How does Cloud Deploy enable automated rollbacks?
Open an interactive chat with Bash
What are the benefits of using Artifact Registry for container images?
Open an interactive chat with Bash
What is Binary Authorization in Google Cloud?
Open an interactive chat with Bash
How does Cloud Build generate attestations for container images?
Open an interactive chat with Bash
What are canary releases and how does Cloud Deploy support them?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Analyzing and optimizing technical and business processes
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .