Answer: Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) authenticated through Workload Identity.

To ensure that only builds that have passed the load test are deployed to production in a Google Kubernetes Engine (GKE) environment using Binary Authorization, the recommended practice by Google involves creating an attestation for the builds that pass the load test. This attestation should be created using a private key stored in Cloud Key Management Service (Cloud KMS) authenticated through Workload Identity. This approach leverages Google's best practices for security and automation, ensuring that the attestation process is both secure and does not require manual intervention by individuals, such as the lead quality assurance engineer. Options A and D involve manual steps which are not recommended for automation purposes. Option B, while secure, involves storing a service account JSON key as a Kubernetes Secret, which is less secure and less recommended than using Workload Identity for authentication. Therefore, the correct answer is C, as it aligns with Google's recommended practices for security and automation in CI/CD pipelines.

Author: LeetQuiz Editorial Team