Crucial Exams

GCP Professional Cloud Architect Practice Question

Your organization has two GKE clusters in the same project: stg-cluster for feature testing and prod-cluster for customer traffic. Images are built by Cloud Build and pushed to Artifact Registry. Compliance requires prod-cluster to block any image that is not signed by Cloud Build, while stg-cluster must still run unsigned images but log any violations. You need the simplest solution with minimal long-term upkeep. What should you do?

  • Enable Binary Authorization only on prod-cluster with a policy that requires an attestation from Cloud Build; leave stg-cluster without Binary Authorization.

  • Create a Gatekeeper constraint template that validates image digests and apply it solely to prod-cluster, leaving stg-cluster unchanged.

  • Enable Binary Authorization on both clusters; set the policy to require a Cloud Build attestation and run in Log-only mode on stg-cluster but in Block and Audit mode on prod-cluster.

  • Restrict Artifact Registry so only prod-cluster's service account can pull images and isolate stg-cluster with VPC Service Controls.

GCP Professional Cloud Architect
Designing for security and compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot