What this book covers
Chapter 1, About the Google Professional Cloud Security Engineer Exam, focuses on the Google Professional Cloud Security Engineer Certification and provides guidance on how to register for the exam. This chapter also covers the outline of the exam.
Chapter 2, Google Cloud Security Concepts, covers how Google secures its cloud infrastructure. You will learn how shared security responsibility is applied to the different Google Cloud services, the defense-in-depth model that Google deploys in securing its infrastructure at various layers, and how the isolation and security of data are achieved. Other areas covered include threat and vulnerability management, security monitoring, and data residency.
Chapter 3, Trust and Compliance, looks at two essential aspects of cloud architecture. The first part of the chapter focuses how Google builds security and privacy and provides customers with full transparency. Data security is all about control, and you will learn about how Google Cloud empowers its consumers to own, control, and protect their data. The second part of the chapter covers the different compliance standards and programs that Google Cloud is compliant with and how you can gain access to compliance reports. It also gives an introduction to some advanced topics that will be discussed later in the book when covering continuous monitoring and continuous compliance.
Chapter 4, Resource Management, covers Google Cloud Resource Manager and how resources are organized. It also covers of IAM policies, organizational policy controls, Cloud Asset Inventory, and firewall rules that can be applied and inherited via the resource hierarchy.
Chapter 5, Understanding Google Cloud Identity, introduces Google Cloud Identity. You will learn how to design and build your authentication strategy on Google Cloud using Cloud Identity. The topics include user lifecycle management, device security, cloud directory, account security, app management, identity federation, and single sign-on.
Chapter 6, Google Cloud Identity and Access Management, takes a deep dive into Google Cloud Identity and Access Management. It covers IAM roles, permissions and conditions, service accounts, how to manage service account keys, and IAM policy intelligence, along with best practices and design considerations.
Chapter 7, Virtual Private Cloud, covers network security concepts within Google Cloud. You will look at what a VPC is and the different types of VPC models, as well as how to do micro-segmentation using subnets, custom routing, and firewall rules. Furthermore, you will also look at DNSSEC in Google Cloud and different types of load balancers.
Chapter 8, Advanced Network Security, teaches you how to secure your content by using the advanced network security features that are available on Google Cloud. This chapter also covers Identity-Aware Proxy, Private Google Access, VPC Service Controls, DDoS, and the web application firewall.
Chapter 9, Google Cloud Key Management Service, lays the foundation for understanding the key hierarchy in Google Cloud Key Management Service (KMS) and how envelope encryption works. In this chapter, you will look at different types of encryption keys, their purpose, and how Google does encryption and key management, including coverage of the underlying cryptographic operation. The chapter also covers concepts such as bringing your own key to the cloud.
Chapter 10, Cloud Data Loss Prevention, guides you on how to use Google Cloud Data Loss Prevention (DLP) to secure sensitive data. It covers techniques used to scan for sensitive data by creating scan jobs and also how to enforce DLP rules to redact sensitive data using techniques such as masking, redaction, and tokenization.
Chapter 11, Secret Manager, guides you on how to use Google Cloud Secret Manager to create secrets that are used during runtime by your applications.
Chapter 12, Cloud Logging, covers how Cloud Logging works on Google Cloud. You will look at the different log types and key components for logging and learn how to build a centralized logging system for continuous monitoring.
Chapter 13, Image Hardening and CI/CD Security, teaches you how to harden compute images for both virtual machines and containers. It covers how to manage, secure, patch, and harden images, and how to build image management pipelines. Furthermore, you will look at building security scanning of the CI/CD pipeline. Finally, this chapter covers some Google Cloud Compute Engine security capabilities such as Shielded VMs and confidential computing.
Chapter 14, Security Command Center, explores the capabilities offered by Security Command Center and teaches you how to configure and use Security Command Center’s capabilities to detect threats, vulnerabilities, and misconfigurations. You will also look at how Security Command Center can be used to build automated incident response and ingest its findings with third-party security information and event management tools such as Splunk.
Chapter 15, Container Security, covers how to design, develop, and deploy containers securely on Google Cloud. The topics covered include various aspects of container security, such as image hardening, isolation, implementing a security policy, scanning containers, and Binary Authorization. It also covers various security features of Google Kubernetes Engine (GKE) and some best practices.
Mock Exam 1 is a full-length exam covering all certification areas. Pay attention to the language of the questions.
Mock Exam 2 is another full-length exam covering all certification areas. This exam should increase your confidence in passing the exam.