GCP_Security_Professional_Script/GCP_Security_Engineer_Script.txt at master · jasonawsid/GCP_Security_Professional_Script · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Exam Description:
A GCP Engineer enables organizations to design and implement a secure infrastructure on GCP. Through an understanding of security beset practices and industry requirements, the individual designs, develops, and manages a secure infrastructure leveraging Google Security technologies. The Cloud Security Professional should be proficient in all aspects of Cloud Security including managing identity and access management, defining organizational structure and policies, using Google technologies to provide data protection, configuring network security defenses, collecting and analyzing GCP logs, managing incident responses, and an understanding of regulatory concerns.

The Exam Assesses:
Configure access within a cloud solution environment.
Configure network security.
Ensure data protection.
Manage operations within a cloud solution environment.
Ensure compliance.

About the exam:
Lenght 2 hours.
Registration fee: $200

Section 1: Configuring access within a cloud solution environment.
Section 1.1 Configuring Cloud Identity:
Cloud Identity
Configuring Google Cloud Directory Sync
Management of Super Administrator Account

Section 1.2 Managing user accounts:
Design identity roles at the project and organization level.
Automation of user lifecycle management preocess.
API usage

Section 1.3 Managing service accounts:
Auditing service accounts and keys.
Automating the rotation of user managed service account keys.
Identification of scenarios requiring service accounts.
Creating, authorizing, and securing service accounts.
Securely managed API access management.

Section 1.4 Managing authentication:
Creating a password policy for user accounts.
Establishing Security Assertion Markup Language (SAML).
Configuring and enforcing two-factor authentication.

Section 1.5 Managing and implementing authorization controls.
Using Resources  Hierarchy for Access Control.
Privileged roles and separation of duties.
Managing IAM permissions with primitve, predefined, and custom roles.
Granting permissions to different types of identities.
Understanding the difference between Google Cloud Storage IAM and ACLs.
Section1.6 Defining Resource Hierarchy
Creating and managing organizations.
Resource structures (orgs, folders, and projects)
Defining and managing Organizatin constraints.
Using Resouce Hierarchy for Access Control and permissions inheritance.
Trust and security boundaries within GCP projects.