Your company is developing a web-based application. You need to make sure that production deployments are linked to source code commits and are fully auditable. What should you do?
Choose an answer
Tap an option to check your answer.
Correct answer: Make the container tag match the source code commit hash..
Why this is the answer
To ensure production deployments are linked to source code commits and are fully auditable, matching the container tag to the source code commit hash is the most effective method. This creates an immutable, direct, and verifiable link between the deployed artifact (the container image) and the exact code version used to build it. This practice is crucial for traceability, debugging, and compliance, as it allows you to precisely identify the source code that corresponds to any deployed instance. Tagging the code commit with date/time or adding a comment linking to the deployment are less reliable and easily forgeable or prone to human error, making auditing difficult. Tagging commits with "latest" is problematic because "latest" is a mutable tag that can point to different versions over time, breaking the immutable link required for auditing.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed