Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 1 Question 116 Discussion

Your organization is using GitHub Actions as a continuous integration and delivery (Cl/CD) platform. You must enable access to Google Cloud resources from the Cl/CD pipelines in the most secure way.What should you do?
D) Configure workload identity federation to use GitHub as an identity pool provider.
A) Create a service account key and add it to the GitHub pipeline configuration file.
B) Create a service account key and add it to the GitHub repository content.
C) Configure a Google Kubernetes Engine cluster that uses Workload Identity to supply credentials to GitHub.

Google Professional Cloud Security Engineer Exam - Topic 1 Question 116 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 116
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your organization is using GitHub Actions as a continuous integration and delivery (Cl/CD) platform. You must enable access to Google Cloud resources from the Cl/CD pipelines in the most secure way.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

Challenge:

Ensuring secure access to Google Cloud resources from GitHub Actions CI/CD pipelines without directly managing service account keys.

Workload Identity Federation:

Allows for the delegation of access to Google Cloud resources based on federated identities, such as those from GitHub.

Benefits:

This approach eliminates the need to manage service account keys, reducing the risk of key leakage.

It leverages GitHub's identity provider capabilities to authenticate and authorize access.

Steps to Configure Workload Identity Federation:

Step 1: Create a workload identity pool in Google Cloud.

Step 2: Add GitHub as an identity provider within the pool.

Step 3: Configure the necessary permissions and bindings for the identity pool to allow GitHub Actions to access Google Cloud resources.

Step 4: Update the GitHub Actions workflow to use the identity federation for authentication.


Workload Identity Federation

Configuring Workload Identity Federation with GitHub

by Corinne at May 07, 2026, 07:23 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Stephaine
28 days ago
I'm not entirely sure, but I feel like using Workload Identity with GKE might be more complex than just setting up a service account.
upvoted 0 times
...
Gearldine
1 month ago
I think workload identity federation was mentioned in a practice question. It sounds like a secure way to manage access without exposing keys.
upvoted 0 times
...
Dick
1 month ago
I remember we discussed the importance of not hardcoding credentials in CI/CD pipelines, so options A and B seem risky.
upvoted 0 times
...

Save Cancel