Security in Google Cloud

Module 1) Foundations of Google Cloud Security

• Introduction to Google Cloud Operations Suite
• Explain the shared security responsibility model of Google Cloud.
• Describe how Google Cloud approaches security.
• Recognize threats mitigated by Google and Google Cloud.
• Identify Google Cloud’s commitments to regulatory compliance.

Module 2) Securing Access to Google Cloud

• Describe what Cloud Identity is and what it does.
• Explain how Google Cloud Directory Sync securely syncs users and permissions between your on-premises LDAP or AD server and the cloud.
• Explore and apply best practices for managing groups, permissions, domains, and administrators with Cloud Identity

Module 3) Identity and Access Management (IAM)

• Identify IAM roles and permissions that can be used to organize resources in Google Cloud.
• Explain the management-related features of Google Cloud projects.
• Define IAM policies, including organization policies.
• Implement access control with IAM.
• Provide access to Google Cloud resources by using predefined and custom IAM roles.

Module 4) Configuring Virtual Private Cloud for Isolation and Security

• Describe the function of VPC networks.
• Recognize and implement best practices for configuring VPC firewalls (both ingress and egress rules).
• Secure projects with VPC Service Controls.
• Apply SSL policies to load balancers.
• Enable VPC flow logging, and then use Cloud Logging to access logs.
•  Deploy Cloud IDS, and view threat details in the Google Cloud console.

Module 5) Securing Compute Engine: Techniques and Best Practices

• Create and manage service accounts for Compute Engine instances (default and customer-defined).
• Detail IAM roles and scopes for VMs.
• Explore and apply best practices for Compute Engine instances.
• Explain the function of the Organization Policy Service.

Module 6) Securing Cloud Data: Techniques and Best Practices

• Use IAM permissions and roles to secure cloud resources.
• Create and wrap encryption keys using the Compute Engine RSA public key certificate.
• Encrypt and attach persistent disks to Compute Engine instances.
• Manage keys and encrypted data by using Cloud Key Management Service (Cloud KMS) and Cloud HSM.
• Create BigQuery authorized views.
• Recognize and implement best practices for configuring storage options.

Module 7) Securing Applications: Techniques and Best Practices

• Recall various types of application security vulnerabilities.
• Detect vulnerabilities in App Engine applications by using Web Security Scanner.
• Secure Compute Engine Applications by using BeyondCorp Enterprise.
• Secure application credentials by using Secret Manager.
• Identify the threats of OAuth and Identity Phishing.

Module 8) Securing Google Kubernetes Engine: Techniques and Best Practices

• Explain the differences between Kubernetes service accounts and Google service accounts.
• Recognize and implement best practices for securely configuring GKE.
• Explain logging and monitoring options in Google Kubernetes Engine

Module 9) Protecting against Distributed Denial-of-Service Attacks (DDoS)

• Identify the four layers of DDoS Mitigation.
• Identify methods Google Cloud uses to mitigate the risk of DDoS for its customers.
• Use Google Cloud Armor to blocklist an IP address and restrict access to an HTTP Load Balancer

Module 10: Content-Related Vulnerabilities: Techniques and Best Practices

• Discuss the threat of ransomware.
• Explain ransomware mitigations strategies (backups, IAM, Cloud Data Loss Prevention API).
• Highlight common threats to content (data misuse; privacy violations; sensitive, restricted, or unacceptable content).
• Identify solutions for threats to content (classification, scanning, and redacting).
• Detect and redact sensitive data by using the Cloud DLP API.

Module 11: Monitoring, Logging, Auditing, and Scanning

• Explain and use the Security Command Center.
• Apply Cloud Monitoring and Cloud Logging to a project.
• Apply Cloud Audit Logs to a project.
• Identify methods for automating security in Google Cloud environments.