A security engineer needs to ensure that all container images deployed to a GKE cluster are signed by a trusted authority. The organization uses Cloud KMS for key management and wants to enforce the policy at admission time. Which two components are essential to implement this requirement? (Choose two.)
Attestors are used to verify signatures; Cloud KMS keys provide cryptographic signing.
Why this answer
Binary Authorization requires attestors to verify image signatures and a policy that requires at least one attestation. Attestors use Cloud KMS keys for signing, and the policy is enforced at GKE admission time.