Question 97:
You are building a product on top of Google Kubernetes Engine (GKE). You have a single GKE cluster. For each of your customers, a Pod is running in that cluster, and your customers can run arbitrary code inside their Pod. You want to maximize the isolation between your customers` Pods. What should you do?
Answer options:
A. Use Binary Authorization and whitelist only the container images used by your customers` Pods. B. Use the Container Analysis API to detect vulnerabilities in the containers used by your customers` Pods. C. Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName: gvisor to the specification of your customers` Pods. D. Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers` Pods.