You are building a product on top of Google Kubernetes Engine (GKE) . You have a single GKE cluster. For each of your customers, a Pod is running in that cluster, and your customers can run arbitrary code inside their Pod. You want to maximize the isolation between your customers' Pods. What should you do?
A) Use Binary Authorization and whitelist only the container images used by your customers' Pods.
B) Use the Container Analysis API to detect vulnerabilities in the containers used by your customers' Pods.
C) Create a GKE node pool with a sandbox type configured to gvisor . Add the parameter runtimeClassName: gviso r to the specification of your customers' Pods. Create a GKE node pool with a sandbox type configured to gvisor . Add the parameter runtimeClassName: gviso r to the specification of your customers' Pods.
D) Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers' Pods. Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers' Pods.
Correct Answer:
Verified
Q144: A Solutions Architect must design a web
Q145: A customer is deploying a production portal
Q146: A photo-sharing website running on AWS allows
Q147: A Solutions Architect is reviewing an application
Q148: A company has a website running on
Q150: A Solutions Architect is designing a high-performance
Q151: A company has many applications on Amazon
Q152: Users submit requests to a service that
Q153: A website keeps a record of user
Q154: You built an application on Google Cloud
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents