Module 1) Foundations of Google Cloud Security
- Introduction to Google Cloud Operations Suite
- Explain the shared security responsibility model of Google Cloud.
- Describe how Google Cloud approaches security.
- Recognize threats mitigated by Google and Google Cloud.
- Identify Google Cloud’s commitments to regulatory compliance.
Module 2) Securing Access to Google Cloud
- Describe what Cloud Identity is and what it does.
- Explain how Google Cloud Directory Sync securely syncs users and permissions between your on-premises LDAP or AD server and the cloud.
- Explore and apply best practices for managing groups, permissions, domains, and administrators with Cloud Identity
Module 3) Identity and Access Management (IAM)
- Identify IAM roles and permissions that can be used to organize resources in Google Cloud.
- Explain the management-related features of Google Cloud projects.
- Define IAM policies, including organization policies.
- Implement access control with IAM.
- Provide access to Google Cloud resources by using predefined and custom IAM roles.
Module 4) Configuring Virtual Private Cloud for Isolation and Security
- Describe the function of VPC networks.
- Recognize and implement best practices for configuring VPC firewalls (both ingress and egress rules).
- Secure projects with VPC Service Controls.
- Apply SSL policies to load balancers.
- Enable VPC flow logging, and then use Cloud Logging to access logs.
- Deploy Cloud IDS, and view threat details in the Google Cloud console.
Module 5) Securing Compute Engine: Techniques and Best Practices
- Create and manage service accounts for Compute Engine instances (default and customer-defined).
- Detail IAM roles and scopes for VMs.
- Explore and apply best practices for Compute Engine instances.
- Explain the function of the Organization Policy Service.
Module 6) Securing Cloud Data: Techniques and Best Practices
- Use IAM permissions and roles to secure cloud resources.
- Create and wrap encryption keys using the Compute Engine RSA public key certificate.
- Encrypt and attach persistent disks to Compute Engine instances.
- Manage keys and encrypted data by using Cloud Key Management Service (Cloud KMS) and Cloud HSM.
- Create BigQuery authorized views.
- Recognize and implement best practices for configuring storage options.
Module 7) Securing Applications: Techniques and Best Practices
- Recall various types of application security vulnerabilities.
- Detect vulnerabilities in App Engine applications by using Web Security Scanner.
- Secure Compute Engine Applications by using BeyondCorp Enterprise.
- Secure application credentials by using Secret Manager.
- Identify the threats of OAuth and Identity Phishing.
Module 8) Securing Google Kubernetes Engine: Techniques and Best Practices
- Explain the differences between Kubernetes service accounts and Google service accounts.
- Recognize and implement best practices for securely configuring GKE.
- Explain logging and monitoring options in Google Kubernetes Engine
Module 9) Protecting against Distributed Denial-of-Service Attacks (DDoS)
- Identify the four layers of DDoS Mitigation.
- Identify methods Google Cloud uses to mitigate the risk of DDoS for its customers.
- Use Google Cloud Armor to blocklist an IP address and restrict access to an HTTP Load Balancer
Module 10: Content-Related Vulnerabilities: Techniques and Best Practices
- Discuss the threat of ransomware.
- Explain ransomware mitigations strategies (backups, IAM, Cloud Data Loss Prevention API).
- Highlight common threats to content (data misuse; privacy violations; sensitive, restricted, or unacceptable content).
- Identify solutions for threats to content (classification, scanning, and redacting).
- Detect and redact sensitive data by using the Cloud DLP API.
Module 11: Monitoring, Logging, Auditing, and Scanning
- Explain and use the Security Command Center.
- Apply Cloud Monitoring and Cloud Logging to a project.
- Apply Cloud Audit Logs to a project.
- Identify methods for automating security in Google Cloud environments.
