Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

Your organization will enforce Binary Authorization so only container images that pass vulnerability scanning can run on production GKE clusters. Cloud Build already signs each image digest with an asymmetric Cloud KMS key, and the policy requires an attestation from an attestor named prod-vuln-scan. To finish configuring prod-vuln-scan so GKE can verify the CI/CD signatures at deployment, what must you add to the attestor?

  • The public key that corresponds to the private key the CI/CD pipeline uses to sign the image digest.

  • The Artifact Registry repository URI that hosts the image so the attestor can locate its layers.

  • The private key from Cloud KMS so Binary Authorization can decrypt the signature during deployment.

  • The Cloud Build trigger ID that built the image so Binary Authorization can look up its provenance.

GCP Professional Cloud Security Engineer
Managing operations
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot