GCP Professional Cloud Security Engineer Practice Question
Your organization builds container images with Cloud Build and stores them in Artifact Registry. Security requirements state that any image containing Critical or High-severity vulnerabilities must cause the CI pipeline to fail immediately, and all scan findings must be visible in Security Command Center for later review. Which solution best meets these requirements with minimal custom code?
Enable Artifact Registry vulnerability scanning, create a Binary Authorization policy that blocks images with High or Critical CVEs, and add a Cloud Build attestation step that signs only if the scan passes.
Enable vulnerability scanning on the repository and rely on Cloud Build's default build failure when Container Analysis reports Critical CVEs.
Run a custom gcloud step in Cloud Build that polls Container Analysis for scan results and exits with code 1 if any High-severity finding is returned.
Move the build to a Cloud Build private pool and enable Cloud IDS inline scanning to quarantine any images with Critical CVEs before the build finishes.
Enabling vulnerability scanning on the Artifact Registry repository causes every pushed image digest to be scanned automatically by Container Analysis. Scan occurrences are forwarded to Security Command Center, giving centralized visibility. By adding a vulnerability-based deployment rule in a Binary Authorization policy and referencing that policy from a Cloud Build build step that creates an attestation, the build will exit with a non-zero status when Critical or High vulnerabilities are found, which fails the pipeline without the need for custom scripts. Other options either lack automatic pipeline enforcement (enabling scans only) or require extensive custom logic (hand-rolled gcloud/Container Analysis polling). A private build pool does not influence vulnerability scanning behavior.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Artifact Registry vulnerability scanning?
Open an interactive chat with Bash
What is a Binary Authorization policy in GCP?
Open an interactive chat with Bash
How does Cloud Build interact with Security Command Center?
Open an interactive chat with Bash
What is Artifact Registry vulnerability scanning?
Open an interactive chat with Bash
What is Binary Authorization and how does it enforce secure deployments?
Open an interactive chat with Bash
What is Security Command Center and how does it help in vulnerability management?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Managing operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .