🔥 3-day streak
Professional Cloud DevOps Engineer19 / 165
Question 19 of 165

Your platform team runs a Cloud Build pipeline that builds container images, pushes them to Artifact Registry, and then deploys to a GKE cluster via Cloud Deploy. A recent security audit found that a developer was able to manually deploy an image that had never passed through the official build pipeline. Leadership now requires that only images produced by your trusted Cloud Build pipeline can ever be deployed to the production GKE cluster, and that this rule is enforced at admission time regardless of who or what initiates the deployment. Which approach best satisfies this requirement?

Reviewed for accuracy · Report an issueNext question