Book description
Master the art of designing, developing, and operating secure infrastructures on Google Cloud
Key Features
- Prepare for the certification exam with clear explanations, real-world examples, and self-assessment questions
- Review Google Cloud security best practices for building a secure and compliant cloud environment
- Explore advanced concepts like Security Command Center, BeyondCorp Zero Trust, and container security
Book Description
Google Cloud security offers powerful controls to assist organizations in establishing secure and compliant cloud environments. With this book, you’ll gain in-depth knowledge of the Professional Cloud Security Engineer certification exam objectives, including Google Cloud security best practices, identity and access management (IAM), network security, data security, and security operations.
The chapters go beyond the exam essentials, helping you explore advanced topics such as Google Cloud Security Command Center, the BeyondCorp Zero Trust architecture, and container security. With step-by-step explanations, practical examples, and practice exams to help you improve your skills for the exam, you'll be able to efficiently review and apply key concepts of the shared security responsibility model. Finally, you’ll get to grips with securing access, organizing cloud resources, network and data security, and logging and monitoring.
By the end of this book, you'll be proficient in designing, developing, and operating security controls on Google Cloud and gain insights into emerging concepts for future exams.
What you will learn
- Understand how Google secures infrastructure with shared responsibility
- Use resource hierarchy for access segregation and implementing policies
- Utilize Google Cloud Identity for authentication and authorizations
- Build secure networks with advanced network features
- Encrypt/decrypt data using Cloud KMS and secure sensitive data
- Gain visibility and extend security with Google's logging and monitoring capabilities
Who this book is for
This book is for IT professionals, cybersecurity specialists, system administrators, and tech enthusiasts aspiring to strengthen their understanding of Google Cloud security and elevate their career trajectory. Earning this certification not only validates your expertise but also makes you part of an elite group of GCP security engineers, opening doors to opportunities that can significantly advance your career. Prior knowledge of the foundational concepts of Google Cloud or GCP Associate Engineer Certification is strongly recommended.
Table of contents
- Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide
- Foreword
- Contributors
- About the authors
- About the reviewers
- Preface
- Chapter 1: About the GCP Professional Cloud Security Engineer Exam
- Chapter 2: Google Cloud Security Concepts
- Chapter 3: Trust and Compliance
- Chapter 4: Resource Management
- Chapter 5: Understanding Google Cloud Identity
-
Chapter 6: Google Cloud Identity and Access Management
- Overview of IAM
-
Service accounts
- Creating a service account
- Disabling a service account
- Deleting a service account
- Undeleting a service account
- Service account keys
- Key rotation
- Service account impersonation
- Cross-project service account access
- Configuring Workload Identity Federation with Okta
- Best practices for monitoring service account activity
- Service agents
- IAM policy bindings
- Tag-based access control
- Cloud Storage ACLs
- IAM APIs
- IAM logging
- Summary
- Further reading
- Chapter 7: Virtual Private Cloud
- Chapter 8: Advanced Network Security
-
Chapter 9: Google Cloud Key Management Service
- Overview of Cloud KMS
- Encryption and key management in Cloud KMS
- Key management options
- Symmetric key encryption
- Asymmetric key encryption
- Importing a key (BYOK)
- Key lifecycle management
- Key IAM permissions
- Cloud HSM
- Cloud EKM
- Cloud KMS best practices
- Cloud KMS API
- Cloud KMS logging
- Summary
- Further reading
-
Chapter 10: Cloud Data Loss Prevention
- Overview of Cloud DLP
- DLP architecture options
- Cloud DLP terminology
- Creating a Cloud DLP inspection template
- Best practices for inspecting sensitive data
- Inspecting and de-identifying PII data
-
Tutorial: How to de-identify and tokenize sensitive data
- Step 1: Creating a key ring and a key
- Step 2: Creating a base64-encoded AES key
- Step 3: Wrapping the AES key using the Cloud KMS key
- Step 4: Sending a de-identify request to the Cloud DLP API
- Step 5: Sending a de-identity request to the Cloud DLP API
- Step 6: Sending a re-identify request to the Cloud DLP API
- DLP use cases
- Best practices for Cloud DLP
- Data exfiltration and VPC Service Controls
- Best practices for VPC Service Controls
- Summary
- Further reading
- Chapter 11: Secret Manager
- Chapter 12: Cloud Logging
- Chapter 13: Image Hardening and CI/CD Security
- Chapter 14: Security Command Center
- Chapter 15: Container Security
- Google Professional Cloud Security Engineer Exam – Mock Exam I
- Google Professional Cloud Security Engineer Exam – Mock Exam II
- Other Books You May Enjoy
Product information
- Title: Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide
- Author(s):
- Release date: August 2023
- Publisher(s): Packt Publishing
- ISBN: 9781835468869
You might also like
book
Google Cloud Certified Professional Cloud Network Engineer Guide
Gain practical skills to design, deploy, and manage networks on Google Cloud and prepare to gain …
book
AWS Certified Security Specialty All-in-One Exam Guide (Exam SCS-C01)
This self-study resource offers complete coverage of every topic on the AWS Certified Security Specialty exam …
book
Official Google Cloud Certified Professional Data Engineer Study Guide
The proven Study Guide that prepares you for this new Google Cloud exam The Google Cloud …
book
Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion: Learn and Apply Network Design Concepts to Prepare for the Exam
While many guides exist to help software engineers learn cloud networking design and architecture concepts, and …