Security in Google Cloud

Foundations of Google Cloud Security

• Explain the shared security responsibility model of Google Cloud.
• Describe how Google Cloud approaches security.
• Recognize threats mitigated by Google and Google Cloud.
• Identify Google Cloud’s commitments to regulatory compliance.

Securing Access to Google Cloud

• Describe what Cloud Identity is and what it does.
• Explain how Google Cloud Directory Sync securely syncs users and permissions between your on-premises LDAP or AD server and the cloud.
• Explore and apply best practices for managing groups, permissions, domains and administrators with Cloud Identity.

Identity and Access Management (IAM)

• Identify IAM roles and permissions that can be used to organize resources in Google Cloud.
• Explain the management-related features of Google Cloud projects.
• Define IAM policies, including organization policies.
• Implement access control with IAM.
• Provide access to Google Cloud resources by using predefined and custom IAM roles.

Configuring Virtual Private Cloud for Isolation and Security

• Describe the function of VPC networks.
• Recognize and implement best practices for configuring VPC firewalls (both ingress and egress rules).
• Secure projects with VPC Service Controls.
• Apply SSL policies to load balancers.
• Enable VPC ?ow logging, and then use Cloud Logging to access logs.
• Deploy Cloud IDS, and view threat details in the Google Cloud console.

Securing Compute Engine: Techniques and Best Practices

• Create and manage service accounts for Compute Engine instances (default and customer-defined).
• Detail IAM roles and scopes for VMs.
• Explore and apply best practices for Compute Engine instances.
• Explain the function of the Organization Policy Service.

Securing Cloud Data: Techniques and Best Practices

• Use IAM permissions and roles to secure cloud resources.
• Create and wrap encryption keys using the Compute Engine RSA public key certificate.
• Encrypt and attach persistent disks to Compute Engine instances.
• Manage keys and encrypted data by using Cloud Key Management Service (Cloud KMS) and Cloud HSM.
• Create BigQuery-authorized views.
• Recognize and implement best practices for configuring storage options

Securing Applications: Techniques and Best Practices

• Recall various types of application security vulnerabilities.
• Detect vulnerabilities in App Engine applications by using Web Security Scanner.
• Secure Compute Engine Applications by using BeyondCorp Enterprise.
• Secure application credentials by using Secret Manager.
• Identify the threats of OAuth and Identity Phishing.

Securing Google Kubernetes Engine: Techniques and Best Practices

• Explain the di?erences between Kubernetes service accounts and Google service accounts.
• Recognize and implement best practices for securely configuring GKE.
• Explain logging and monitoring options in Google Kubernetes Engine.

Protecting against Distributed Denial-of-Service Attacks (DDoS)

• Identify the four layers of DDoS Mitigation.
• Identify methods Google Cloud uses to mitigate the risk of DDoS for its customers.
• Use Google Cloud Armor to blocklist an IP address and restrict access to an HTTP Load Balancer.

Content-Related Vulnerabilities: Techniques and Best Practices

• Discuss the threat of ransomware.
• Explain ransomware mitigation strategies (backups, IAM, Cloud Data Loss Prevention API).
• Highlight common threats to content (data misuse; privacy violations; sensitive, restricted, or unacceptable content).
• Identify solutions for threats to content (classification, scanning and redacting).
• Detect and redact sensitive data by using the Cloud DLP API

Monitoring, Logging, Auditing and Scanning

• Explain and use the Security Command Center.
• Apply Cloud Monitoring and Cloud Logging to a project.
• Apply Cloud Audit Logs to a project.
• Identify methods for automating security in Google Cloud environments.