Google Cloud Certification Workshop:
Professional Cloud Security Engineer

 

Google Cloud Certification Training Description

This workshop is designed to help IT professionals prepare for the Google Professional Cloud Security Engineer certification exam. In this workshop, we review the exam guidelines and cover the main topics you may be tested on.  

The Professional Cloud Security Engineer exam assesses your ability to design and implement a secure infrastructure on Google Cloud Platform. The exam, and hence this course, focuses on many aspects of Cloud Security including managing identity and access management, defining organizational structure and policies, using Google technologies to provide data protection, configuring network security defenses, collecting and analyzing Google Cloud Platform logs, managing incident responses, and an understanding of regulatory concerns.

Learning Objectives

  • Prepare for the Google Professional Cloud Security Engineer certification exam
  • Configure access within a cloud solution environment
  • Configure network security
  • Ensure data protection
  • Manage operations within a cloud solution environment
  • Ensure compliance

Prerequisites

This workshop assumes prior knowledge of Google Cloud Platform (GCP) and is not an introduction to GCP. We strongly recommend taking the Architecting with Google Cloud Platform: Infrastructure and Security in Google Cloud Platform courses prior to attending this workshop.

To see the full Google Cloud Platform curriculum, click here.

Prior to taking the Professional Cloud Security Engineer certification exam, students must have experience developing applications and services that run on Google Cloud Platform. The exam tests ability in all aspects of Cloud Security including managing identity and access management, defining organizational structure and policies, using Google technologies to provide data protection, configuring network security defenses, collecting and analyzing Google Cloud Platform logs, managing incident responses, and an understanding of regulatory concerns.

Practice Quizzes and Hands-On Exercises

This workshop includes instructor lecture, demos, labs, practice quizzes, and links to recommended study materials, videos, and tutorials. Homework assignments are also included to help students further prepare for the exam.


Course Outline

 

Module 1: Professional Cloud Security Engineer Certification Overview

  • Exam Overview and Expectations
    • What You are Tested On
    • Exam Format
    • Registering for the Exam

Module 2: Identify and Access Management

  • Google Cloud Identity
    • Centrally Manage Users and Groups
    • Google Admin Console
    • Configuring Google Cloud Directory Sync (GCDS)
    • Google Authentication vs. SAML-based SSO
    • Configuring and Enforcing Two-factor Authentication
    • Setting Password Policy for User Accounts
    • Cloud Identity Best Practices
  • Cloud IAM
    • Managing User Access at the Project and Organization Level
    • Leveraging Primitive, Predefined, and Custom Roles
    • Creating, Authorizing, and Securing Service Accounts
    • Managing Service Accounts and Keys
    • Rotating User-managed Service Account Keys
  • Managing Resource Hierarchy
    • Using Resource Hierarchy for Access Control and Permissions Inheritance
    • Creating and Managing Organizations
    • Resource Structures (orgs, folders, projects, and resources)
    • Defining and Managing Organization Constraints
  • Exam Prep
    • Quiz

Module 3: Network Security

  • Network Design
    • VPCs and Subnets
    • Private vs. Public Addresses
    • DNSSEC
  • Controlling Network Access
    • Firewall Rules
    • Routes
    • Cloud IAP
    • Cloud Interconnect
  • Mitigating DDOS
    • Load Balancing
    • Cloud Armor
  • Connecting Networks
    • VPNs
    • VPC Peering
    • Shared VPCs
    • Accessing Google APIs from Private IPs
  • Exam Prep
    • Quiz

Module 4: Data Security

  • Encryption at Rest
    • Envelope Encryption
    • GCP Default Encryption at Rest
    • Customer-managed Encryption Keys (CMEK)
    • Customer-supplied Encryption Keys (CSEK)
    • Managing Keys in Google’s KMS
    • Key Protection Levels: Software vs. HSM
    • Managing Application Secrets
  • Managing Storage Buckets
    • Understanding Google Cloud Storage IAM Permissions and ACLs
    • Managing Cloud Storage Object Lifecycle
  • Data Loss Prevention
    • Identifying Sensitive or PII Data
    • Defining Custom Info Types
    • Redacting Data from Various File Formats
    • Using Tokenization and Format Preserving Substitution
  • Exam Prep
    • Quiz

Module 5: Managing Operations

  • Application Security
    • Cloud Security Scanner
    • Static Code Analysis
    • Automate Security Scanning with a CI/CD Pipeline
    • Hardening Virtual Machines
    • Creating and Maintaining Container Images
    • Monitoring Application Logs
    • Backup and Data Loss Strategy
  • Stackdriver Logging and Monitoring
    • Cloud Audit Logging
    • Installing Logging and Monitoring Agents in AWS and GCP
    • Integrating Monitoring, Logging, and Diagnostics
    • Exporting Logs for Near Real-time Monitoring and Long-term Storage
    • Monitoring for Security Events
    • Detect Violations of Policies at Scale with Forseti
  • Exam Prep
    • Quiz

Module 6: Compliance

  • Legal and Regulatory Compliance in the Cloud
    • Regulatory Concerns
    • PCI-DSS
    • Determining which Compute Environment is Appropriate Based on Company Compliance Standards  
  • Security Shared Responsibility Model
    • Guarantees and Constraints for Each Compute Environment (Compute Engine, Kubernetes Engine, App Engine)
    • Limiting Compute and Data for Regulatory Compliance
  • Exam Prep
    • Quiz