Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide (eBook)
496 Seiten
Packt Publishing (Verlag)
978-1-80056-655-2 (ISBN)
Google Cloud security offers powerful controls to assist organizations in establishing secure and compliant cloud environments. With this book, you'll gain in-depth knowledge of the Professional Cloud Security Engineer certification exam objectives, including Google Cloud security best practices, identity and access management (IAM), network security, data security, and security operations.
The chapters go beyond the exam essentials, helping you explore advanced topics such as Google Cloud Security Command Center, the BeyondCorp Zero Trust architecture, and container security. With step-by-step explanations, practical examples, and practice exams to help you tighten up your skills for the exam, you'll be able to efficiently review and apply key concepts of the shared security responsibility model. Finally, you'll get to grips with securing access, organizing cloud resources, network and data security, and logging and monitoring.
By the end of this book, you'll be proficient in designing, developing, and operating security controls on Google Cloud and gain insights into emerging concepts for future exams.
Master designing, developing, and operating secure infrastructures on Google cloudKey FeaturesPrepare for the certification exam with clear explanations, real-world examples, and self-assessment questionsReview Google Cloud security best practices for building a secure and compliant cloud environmentExplore advanced concepts like Security Command Center, BeyondCorp Zero Trust, and container securityBook DescriptionGoogle Cloud security offers powerful controls to assist organizations in establishing secure and compliant cloud environments. With this book, you'll gain in-depth knowledge of the Professional Cloud Security Engineer certification exam objectives, including Google Cloud security best practices, identity and access management (IAM), network security, data security, and security operations. The chapters go beyond the exam essentials, helping you explore advanced topics such as Google Cloud Security Command Center, the BeyondCorp Zero Trust architecture, and container security. With step-by-step explanations, practical examples, and practice exams to help you tighten up your skills for the exam, you'll be able to efficiently review and apply key concepts of the shared security responsibility model. Finally, you'll get to grips with securing access, organizing cloud resources, network and data security, and logging and monitoring. By the end of this book, you'll be proficient in designing, developing, and operating security controls on Google Cloud and gain insights into emerging concepts for future exams.What you will learnUnderstand how Google secures infrastructure with shared responsibilityUse resource hierarchy for access segregation and implementing policiesUtilize Google Cloud Identity for authentication and authorizationsBuild secure networks with advanced network featuresEncrypt/decrypt data using Cloud KMS and secure sensitive dataGain visibility and extend security with Google's logging and monitoring capabilitiesWho this book is forThis book is for IT professionals, cybersecurity specialists, system administrators, and any technology enthusiasts aspiring to strengthen their understanding of Google Cloud security and elevate their career trajectory. We delve deep into the core elements needed to successfully attain the Google Cloud Professional Security Engineer certification-a credential that stands as a testament to your proficiency in leveraging Google Cloud technologies to design, develop, and manage a robust, secure infrastructure. As businesses increasingly migrate their operations to the cloud, the demand for certified professionals in this field has skyrocketed. Earning this certification not only validates your expertise but also makes you part of an elite group of GCP Security Engineers, opening doors to opportunities that can significantly advance your career. Whether you're seeking to gain a competitive edge in the job market, earn higher pay, or contribute at a higher level to your current organization, this book will guide you every step of the way on your journey to becoming a certified Google Cloud Professional Security Engineer.]]>
Table of Contents
Preface
1
About the GCP Professional Cloud Security Engineer Exam
Benefits of being certified
Registering for the exam
Some useful tips on how to prepare
Summary
Further reading
2
Google Cloud Security Concepts
Overview of Google Cloud security
Shared security responsibility
Addressing compliance on Google Cloud
Security by design
Operational security
Network security
Data security
Services and identity
Physical and hardware security
Threat and vulnerability management
Summary
Further reading
3
Trust and Compliance
Establishing and maintaining trust
Access Transparency and Access Approval
Access Transparency
Enabling Access Transparency
Access Approval
Configuring Access Approval
Security and privacy of data
Third-party risk assessments
Compliance in the cloud
Compliance reports
Continuous compliance
Summary
Further reading
4
Resource Management
Overview of Google Cloud Resource Manager
Understanding resource hierarchy
Organization
Folders
Projects
Applying constraints using the Organization Policy Service
Organization policy constraints
Policy inheritance
Asset management using Cloud Asset Inventory
Asset search
Asset export
Asset monitoring
Asset analyzer
Best practices and design considerations
Summary
Further reading
5
Understanding Google Cloud Identity
Overview of Cloud Identity
Cloud Identity domain setup
Super administrator best practices
Securing your account
2-step verification
User security settings
Session length control for Google Cloud
SAML-based SSO
Additional security features
Directory management
Google Cloud Directory Sync
GCDS features and capabilities
How does GCDS work?
Using GCDS Configuration Manager
User provisioning in Cloud Identity
Automating user lifecycle management with Cloud Identity as the IdP
Administering user accounts and groups programmatically
Summary
Further reading
6
Google Cloud Identity and Access Management
Overview of IAM
IAM roles and permissions
Policy binding
Service accounts
Creating a service account
Disabling a service account
Deleting a service account
Undeleting a service account
Service account keys
Key rotation
Service account impersonation
Cross-project service account access
Configuring Workload Identity Federation with Okta
Best practices for monitoring service account activity
Service agents
IAM policy bindings
Policy structure
Policy inheritance and resource hierarchy
IAM Conditions
Policy best practices
Policy Intelligence for better permission management
Tag-based access control
Tag structure
Best practices for tags
Cloud Storage ACLs
Access Control Lists (ACLs)
Uniform bucket-level access
IAM APIs
IAM logging
Log name
Service account logs
Summary
Further reading
7
Virtual Private Cloud
Overview of VPC
Google Cloud regions and zones
VPC deployment models
VPC modes
Shared VPC
VPC peering
Micro-segmentation
Subnets
Custom routing
Firewall rules
Cloud DNS
Configuring Cloud DNS – create a public DNS zone for a domain name
DNSSEC
Load balancers
Configuring external global HTTP(S) load balancers
Hybrid connectivity options
Best practices and design considerations
VPC best practices
Key decisions
Summary
Further reading
8
Advanced Network Security
Private Google Access
DNS configuration
Routing options
Firewall rules
Identity-Aware Proxy
Enabling IAP for on-premises
Using Cloud IAP for TCP forwarding
Cloud NAT
Google Cloud Armor
Security policies
Named IP lists
Summary
Further reading
9
Google Cloud Key Management Service
Overview of Cloud KMS
Current Cloud KMS encryption offerings
Encryption and key management in Cloud KMS
Key hierarchy
Envelope encryption
Key management options
Google Cloud’s default encryption
Customer-managed encryption keys (CMEKs)
Customer-supplied encryption key
Symmetric key encryption
Creating a symmetric key
Encrypting content with a symmetric key
Decrypting content with a symmetric key
Asymmetric key encryption
Step 1: Creating a key ring
Step 2: Creating an asymmetric decryption key
Step 3: (Optional) Creating an asymmetric signing key
Encrypting data with an asymmetric key
Decrypting data with an asymmetric key
Importing a key (BYOK)
Step 1: Creating a blank key
Step 2: Importing the key using an import job
Step 3: Verifying key encryption and decryption
Key lifecycle management
Key IAM permissions
Cloud HSM
HSM key hierarchy
Key creation flow in HSM
Cryptographic operation flow in HSM
Cloud EKM
The architecture of Cloud EKM
Cloud KMS best practices
Cloud KMS infrastructure decisions
Application data encryption
Integrated Google Cloud encryption
CMEKs
Importing keys into Cloud KMS
Cloud KMS API
Cloud KMS logging
Summary
Further reading
10
Cloud Data Loss Prevention
Overview of Cloud DLP
DLP architecture options
Content methods
Storage methods
Hybrid methods
Cloud DLP terminology
DLP infoTypes
Data de-identification
Creating a Cloud DLP inspection template
Defining the template
Configuring detection
Best practices for inspecting sensitive data
Inspecting and de-identifying PII data
De-identification transformations
Tutorial: How to de-identify and tokenize sensitive data
Step 1: Creating a key ring and a key
Step 2: Creating a base64-encoded AES key
Step 3: Wrapping the AES key using the Cloud KMS key
Step 4: Sending a de-identify request to the Cloud DLP API
Step 5: Sending a de-identity request to the Cloud DLP API
Step 6: Sending a re-identify request to the Cloud DLP API
DLP use cases
Best practices for Cloud DLP
Data exfiltration and VPC Service Controls
Architecture of VPC Service Controls
Allowing access to protected resources within the VPC Service Controls perimeter
Configuring a VPC Service Controls perimeter
Best practices for VPC Service Controls
Summary
Further...
Erscheint lt. Verlag | 30.8.2023 |
---|---|
Vorwort | Phil Venables |
Sprache | englisch |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Informatik ► Theorie / Studium ► Kryptologie | |
Informatik ► Weitere Themen ► Zertifizierung | |
Naturwissenschaften | |
ISBN-10 | 1-80056-655-7 / 1800566557 |
ISBN-13 | 978-1-80056-655-2 / 9781800566552 |
Haben Sie eine Frage zum Produkt? |
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich