Search
humburger delete
  • Course overview
  • Course details
  • Prerequisites

Course overview

About this course

This training course gives you a broad study of security controls and techniques in Google Cloud. Through lectures, demonstrations, and labs, you explore and deploy the components of a secure Google Cloud solution. You use services including Cloud Identity, Identity and Access Management (IAM), Cloud Load Balancing, Cloud IDS, Web Security Scanner, BeyondCorp Enterprise, and Cloud DNS.

Audience

  • Cloud information security analysts, architects, and engineers
  • Information security or cybersecurity specialists
  • Cloud infrastructure architects

Show More Show Less

Course details

Module 1: Foundations of Google Cloud Security
  • The approach of Google Cloud to security
  • The shared security responsibility model
  • Threats mitigated by Google and Google Cloud
  • Access transparency
Module 2: Securing Access to Google Cloud
  • Cloud Identity
  • Google Cloud Directory Sync
  • Managed Microsoft AD
  • Google authentication versus SAML-based SSO
  • Identity Platform
  • Authentication best practices
Module 3: Identity and Access Management (IAM)
  • Resource Manager
  • IAM roles
  • Service accounts
  • IAM and Organization policies
  • Workload identity federation
  • Policy Intelligence
  • Lab: Configuring IAM
Module 4: Configuring Virtual Private Cloud for Isolation and Security
  • VPC firewalls
  • Load balancing and SSL policies
  • Cloud Interconnect
  • VPC Network Peering
  • VPC Service Controls
  • Access Context Manager
  • VPC Flow Logs
Module 5: Securing Compute Engine: Techniques and Best Practices
  • Service accounts, IAM roles, and API scopes
  • Managing VM logins
  • Organization policy controls
  • Shielded VMs and Confidential VMs
  • Certificate Authority Service
  • Compute Engine best practices
  • Lab: Configuring, Using, and Auditing VM Service Accounts and Scopes
Module 6: Securing Cloud Data: Techniques and Best Practices
  • Cloud Storage IAM permissions and ACLs
  • Auditing cloud data
  • Signed URLs and policy documents
  • Encrypting with Customer-managed encryption keys (CMEK) and Customer-supplied encryption keys (CSEK)
  • Cloud HSM
  • BigQuery IAM roles and authorized views
  • Storage best practices
  • Lab: Using Customer-Supplied Encryption Keys with Cloud Storage
  • Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS
Module 7: Securing Applications: Techniques and Best Practices
  • Types of application security vulnerabilities
  • Web Security Scanner
  • Threat Identity and OAuth phishing
  • Identity-Aware Proxy
  • Secret Manager
  • Lab: Identity Application Vulnerabilities with Security Command Center
  • Lab: Securing Compute Engine Applications with BeyondCorp Enterprise
  • Lab: Configuring and Using Credentials with Secret Manager
Module 8: Securing Google Kubernetes Engine: Techniques and Best Practices
  • Types of application security vulnerabilities
  • Web Security Scanner
  • Threat: Identity and OAuth phishing
  • Identity-Aware Proxy
Module 9: Protecting against Distributed Denial of Service Attacks (DDoS)
  • How DDoS attacks work
  • Google Cloud mitigations
  • Types of complementary partner products
  • Lab: Configuring Traffic Blocklisting with Google Cloud Armor
Module 10: Content-Related Vulnerabilities: Techniques and Best Practices
  • Threat: Ransomware
  • Ransomware mitigations
  • Threats: data misuse, privacy violations, sensitive content
  • Content-related mitigation
  • Redacting Sensitive Data with the DLP API
  • Lab: Redacting Sensitive Data with DLP API
Module 11: Monitoring, Logging, Auditing, and Scanning
  • Security Command Center
  • Cloud Monitoring and Cloud Logging
  • Cloud Audit Logs
  • Cloud security automation
  • Lab: Configuring and Using Cloud Monitoring and Cloud Logging

Show More Show Less

Prerequisites

Before attending this course, students should have:

  • Prior completion of Google Cloud Fundamentals: Core Infrastructure (GCF-CI)or equivalent experience
  • Prior completion of Networking in Google Cloud Platform (NGCP)or equivalent experience
  • Knowledge of foundational concepts in information security, through experience or through online training such as SANS's SEC301: Introduction to Cyber Security
  • Basic proficiency with command-line tools and Linux operating system environments
  • Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
  • Reading comprehension of code in Python or JavaScript

Basic understanding of Kubernetes terminology (preferred but not required)

Show More Show Less

Enquiry

Course : Security in Google Cloud (SGCP-3D)

close

request for : Security in Google Cloud (SGCP-3D)

close

Our Technology Partners

Spectrum Networks is the Authorised Learning Partner for some of the leaders in IT technology for Digital Transformation