Oracle Exam 1Z0-1084-23 Topic 3 Question 36 Discussion

To mandate image verification when deploying container images to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) clusters, you should enable image verification policies separately for each OKE cluster. This is enforced at the cluster level. Enabling image verification policies at the cluster level ensures that all container images deployed to the OKE cluster are automatically verified against the specified master encryption key (MEK). This helps maintain the security and integrity of the deployed microservices by ensuring that only signed and trusted container images are used. Enabling image verification policies at the cluster level allows for consistent and centralized enforcement of the verification process across all nodes and node pools within the cluster. It provides a standardized approach to image verification for the entire cluster, simplifying management and ensuring compliance with the organization's mandate. Enabling image verification policies separately for each node pool or at the pod level would introduce complexity and potential inconsistencies in the verification process. Therefore, enforcing image verification at the cluster level is the recommended approach.