🔥 3-day streak
Professional Cloud DevOps Engineer10 / 165
Question 10 of 165

Your team uses Cloud Build to build container images that are pushed to a Docker repository in Artifact Registry. After a recent incident, an engineer accidentally re-pushed a new image using an existing tag (v1.4.2) that had already been deployed to production, causing confusion about which binary was actually running. You need to guarantee that once a tagged image is published, that exact tag can never be overwritten by a later push, while still allowing new tags. What should you do?

Reviewed for accuracy · Report an issueNext question