Google Cloud – Professional Cloud Security Engineer Certification learning path
Continue on the Google Cloud Journey and just passed the Professional Cloud Security Certification. Google Cloud – Professional Cloud Security Engineer exam covers almost all aspects of Google Cloud security services, including storage, compute, and networking services.
Google Cloud -Professional Cloud Security Engineer Certification Summary
There are 50 questions that need to be answered in two hours.
This covers a wide range Google Cloud services, focusing primarily on network and security services.
As with all exams, hands-on is a must. If you have never worked on GCP before, make sure to do lots of labs. Otherwise, you will be completely clueless about some questions and commands.
I took Coursera and ACloud Guru, which are really deep, but practical or hands-on knowledge is essential. Google Cloud – Professional Cloud Security Engineer Certification Resources
CoursesUdemy – Google Professional Cloud Security Engineer Certification
Coursera – Preparing for Google Cloud Certification: Cloud Security Engineer
Coursera – Security Best practices in Google Cloud
Coursera – Security on Google Cloud Platform
Coursera – Hands-On Labs at Google Cloud for Security Engineers
A Cloud Guru – Google Cloud Certified – Professional Cloud Security Engineer
Practice testsBraincert Google Cloud Certified – Professional Cloud Security Engineer Practice Exams
As much as possible, use Qwiklabs and Google Free Tier.
Google Cloud – Professional Cloud Security Engineer Certification Topics
Security Services
Google Cloud Security Services Cheat Sheet
Cloud Key Management Service – KMSCloud KMS is a centralized, scalable and fast cloud key management service that allows you to manage encryption keys
KMS Key is a named object that contains one or more key versions and metadata.
KMS KeyRing allows you to group keys with related permissions. This allows you to grant, revoke or modify permissions to those keys at key ring level without having to act on each key individually.
Cloud ArmorCloud Armor protects applications from multiple threats, including DDoS attacks as well as application attacks like XSS or SQLi
Works with the external HTTP(S), load balancer to automatically block network protocol or volumetric DDoS attacks like protocol floods (SYN. TCP. HTTP and ICMP), and amplification attacks.
GKE Ingress must be used to configure GKE With GKE
Blacklist IPs can be done with this tool
Preview mode allows users to see patterns in advance without blocking them
Cloud Identity-Aware ProxyIdentity Aware Proxy IAP allows you to manage access to HTTP-based applications both inside and outside of Google Cloud.
IAP uses Google identities, IAM, and can also leverage external identity providers such as OAuth with Facebook, Microsoft and SAML.
In the event that someone attempts to bypass IAP, signed headers using JWT offer secondary security.
Cloud Data Loss Prevention- DLPCloud Data loss Prevention- DLP is a fully managed service that helps to protect, classify and discover the most sensitive data.
provides two key featuresClassification is the process to inspect the data and know what data we have, how sensitive it is, and the likelihood.
De-identification refers to the process of removing data, redacting it, or masking it.
Supports text, image, storage classification, and scans of data stored in Cloud Storage and Datastore.
Supports scanning of binary, text and image files, as well as Microsoft Word, PDF and Apache Avro files
Web Security ScannerWeb Security Scanner detects security flaws in the App Engine, GKE and Compute Engine web apps.
Scans can provide information about application vulnerabilities, such as OWASP, XSS and Flash injection, obsolete libraries, cross-site Scripting, clear text passwords or use of mixed contents.
Security Command Center – SCC
Google Cloud – Professional Cloud Security Engineer Certification learning path
