New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 3 Question 107 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 107
Topic #: 3
[All Professional Cloud Security Engineer Questions]

Your organization is using GitHub Actions as a continuous integration and delivery (Cl/CD) platform. You must enable access to Google Cloud resources from the Cl/CD pipelines in the most secure way.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

Challenge:

Ensuring secure access to Google Cloud resources from GitHub Actions CI/CD pipelines without directly managing service account keys.

Workload Identity Federation:

Allows for the delegation of access to Google Cloud resources based on federated identities, such as those from GitHub.

Benefits:

This approach eliminates the need to manage service account keys, reducing the risk of key leakage.

It leverages GitHub's identity provider capabilities to authenticate and authorize access.

Steps to Configure Workload Identity Federation:

Step 1: Create a workload identity pool in Google Cloud.

Step 2: Add GitHub as an identity provider within the pool.

Step 3: Configure the necessary permissions and bindings for the identity pool to allow GitHub Actions to access Google Cloud resources.

Step 4: Update the GitHub Actions workflow to use the identity federation for authentication.


Workload Identity Federation

Configuring Workload Identity Federation with GitHub

by Amos at Aug 18, 2025, 08:53 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Eve
2 months ago
Totally agree with D, it’s the best practice for security!
upvoted 0 times
...
Marjory
2 months ago
Wait, why would we use a service account key? Seems risky.
upvoted 0 times
...
Magdalene
2 months ago
I think C is a solid choice too.
upvoted 0 times
...
Annice
3 months ago
I’m not sure about Workload Identity, is it really that reliable?
upvoted 0 times
...
Idella
3 months ago
Option D is the most secure way to handle this!
upvoted 0 times
...
Kris
3 months ago
I’m leaning towards option C, but I’m not entirely clear on how Kubernetes integrates with GitHub Actions for credential management.
upvoted 0 times
...
Lemuel
3 months ago
I feel like option D sounds right, but I’m a bit confused about how identity federation works with GitHub.
upvoted 0 times
...
Nakita
4 months ago
I think we practiced a similar question where using Workload Identity was highlighted as a more secure option.
upvoted 0 times
...
In
4 months ago
I remember discussing service accounts in class, but I’m not sure if creating a key is the best practice for security.
upvoted 0 times
...
Twana
4 months ago
The Kubernetes Engine option sounds interesting, but I'm not as familiar with that service. I'll need to make sure I understand how it integrates with GitHub Actions.
upvoted 0 times
...
Jose
4 months ago
I'm a bit unsure about the differences between the Workload Identity and identity federation options. I'll need to read the question more closely.
upvoted 0 times
...
Justa
4 months ago
Okay, Workload Identity and identity federation seem like more secure approaches. I'll need to research how those work with GitHub Actions.
upvoted 0 times
...
Nicolette
4 months ago
Hmm, adding a service account key to the pipeline config or repo seems risky - that could expose the credentials. I'll need to explore the other options.
upvoted 0 times
...
Joesph
5 months ago
This looks like a security-focused question, so I'll need to think carefully about the implications of each option.
upvoted 0 times
...
Pete
5 months ago
But wouldn't adding the service account key to the GitHub pipeline configuration file provide more control and security?
upvoted 0 times
...
Kerry
5 months ago
Option D is the way to go! Workload identity federation is the most secure way to access Google Cloud resources from GitHub Actions.
upvoted 0 times
...
Ardella
6 months ago
I disagree, I believe option B is better as it keeps the service account key within the GitHub repository.
upvoted 0 times
...
Pete
6 months ago
I think option A is the best choice because it allows for secure access to Google Cloud resources.
upvoted 0 times
...

Save Cancel