1. You are building a product on top of Google Kubernetes Engine (GKE). You have a single GKE cluster. For
each of your customers, a Pod is running in that cluster, and your customers can run arbitrary code inside their
Pod. You want to maximize the isolation between your customers Pods. What should you do?

• A. Use Binary Authorization and whitelist only the container images used by your customers Pods.
• B. Use the Container Analysis API to detect vulnerabilities in the containers used by your customers Pods.
• C. Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName:gvisor to the specification of your customers Pods.
• D. Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers Pods.