GCP Professional Cloud Security Engineer Practice Question
Your organization is tightening identity controls for a new deployment pipeline. One stage runs entirely in GitHub Actions and must push container images to Artifact Registry in a Google Cloud project. Other stages are performed by engineers who log into the Google Cloud console with their workforce identities. To minimize the attack surface and follow Google Cloud guidance, which stage definitively requires a Google Cloud service account to obtain credentials?
The GitHub Actions workflow that pushes images to Artifact Registry.
All stages should authenticate with the same shared service account.
Engineers logging into the Google Cloud console to view logs.
Engineers logging into the Google Cloud console to update IAM policies.
GitHub Actions executes outside of Google Cloud and is a non-human workload. Google recommends authenticating such external workloads with a Google Cloud service account, typically through Workload Identity Federation, so that the workflow can obtain short-lived tokens without storing long-lived keys. Human engineers working in the console should authenticate with their own user identities protected by MFA, not a shared service account. Therefore, only the GitHub Actions stage must be configured to use a service account.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Workload Identity Federation?
Open an interactive chat with Bash
Why are service accounts recommended for non-human workloads?
Open an interactive chat with Bash
Why should engineers authenticate with workforce identities instead of a shared service account?
Open an interactive chat with Bash
What is Workload Identity Federation in Google Cloud?
Open an interactive chat with Bash
Why can't engineers use a shared service account to authenticate in Google Cloud?
Open an interactive chat with Bash
How does GitHub Actions securely authenticate to Artifact Registry using service accounts?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .