Google Exam Professional Cloud Security Engineer Topic 1 Question 64 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 64
Topic #: 1

[All Professional Cloud Security Engineer Questions]

Your organization is using GitHub Actions as a continuous integration and delivery (Cl/CD) platform. You must enable access to Google Cloud resources from the Cl/CD pipelines in the most secure way.

What should you do?

ACreate a service account key and add it to the GitHub pipeline configuration file.

BCreate a service account key and add it to the GitHub repository content.

CConfigure a Google Kubernetes Engine cluster that uses Workload Identity to supply credentials to GitHub.

DConfigure workload identity federation to use GitHub as an identity pool provider.

Show Suggested Answer

Suggested Answer: B

by Glory at Apr 23, 2023, 08:37 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Felicidad

17 days ago

Option C with a GKE cluster and Workload Identity is also a good choice. But if I had to pick one, I'd go with D. Gotta keep those cloud credentials secure, ya know?

upvoted 0 times

Yan

2 days ago

A) Create a service account key and add it to the GitHub pipeline configuration file.

upvoted 0 times

...

Pamella

19 days ago

Haha, storing a service account key in the repo? That's like leaving your house keys under the doormat. Option D is the clear winner here.

upvoted 0 times

...

I agree, option D is the way to go. Workload identity federation is the recommended approach for this use case. Storing sensitive service account keys in the pipeline config or repository is a big no-no.

upvoted 0 times

...

Janey

27 days ago

Option D seems like the most secure way to enable access to Google Cloud resources from the CI/CD pipelines. Using workload identity federation to integrate GitHub as an identity provider is a best practice.

upvoted 0 times

...