🔥 3-day streak
Professional Cloud Security Engineer19 / 152
Question 19 of 152
Your organization enforces a Binary Authorization policy on a GKE cluster requiring attestations from your CI/CD pipeline. A security review reveals a concern: images that passed admission weeks ago may later be found to contain newly disclosed vulnerabilities, but they continue running in the cluster because the policy is only evaluated at Pod creation time. The security team wants ongoing assurance that running Pods still comply with the Binary Authorization policy, and to be alerted when they drift out of compliance, without blocking currently running workloads. What should you do?
Reviewed for accuracy · Report an issueNext question