About This Domain
Domain 5 — Secure and Optimize Automation — accounts for 10–15% of the GH-ACTIONS certification exam. This domain evaluates your understanding of oidc token for cloud federation (eliminate long-lived credentials), github_token lifecycle and least-privilege permissions, script injection prevention and input sanitization, and related concepts. Security hardening and performance optimization.
What You'll Be Tested On
- OIDC token for cloud federation (eliminate long-lived credentials)
- GITHUB_TOKEN lifecycle and least-privilege permissions
- Script injection prevention and input sanitization
- Pinning actions to full commit SHAs
- Artifact attestations and SLSA provenance
Key GitHub Features in This Domain
Study Strategy for Domain 5
While 10–15% might seem like a smaller portion, every point counts toward the passing score.
Exam Tips for Domain 5
Use OIDC over long-lived secrets. Pin third-party actions to commit SHAs, not floating tags.
Frequently Asked Questions
How many questions come from Domain 5?
Domain 5 (Secure and Optimize Automation) makes up 10–15% of the GH-ACTIONS exam.
What should I focus on for Domain 5?
Key features include Security.
How should I prepare for Secure and Optimize Automation questions?
Review key topics, then practice with domain-specific questions focusing on real-world scenarios.
What's the best order to study GH-ACTIONS domains?
Start with highest-weighted: Author and Manage Workflows (20–25%), Consume and Troubleshoot Workflows (15–20%), Author and Maintain Actions (15–20%), Manage GitHub Actions for the Enterprise (20–25%), Secure and Optimize Automation (10–15%).
Practice Domain 5 Questions
Test your knowledge of Secure and Optimize Automation with practice questions from our GH-ACTIONS question bank.
Start Practice Quiz →