Course content
1. Configuring access within a cloud solution environment
1.1 Configuring Cloud Identity
- Managing Cloud Identity
- Configuring Google Cloud Directory Sync
- Management of super administrator account
1.2 Managing user accounts
- Designing identity roles at the project and organization level
- Automation of user lifecycle management process
- API usage
1.3 Managing service accounts
- Auditing service accounts and keys
- Automating the rotation of user-managed service account keys
- Identification of scenarios requiring service accounts
- Creating, authorizing, and securing service accounts
- Securely managed API access management
1.4 Managing authentication
- Creating a password policy for user accounts
- Establishing Security Assertion Markup Language (SAML)
- Configuring and enforcing two-factor authentication
1.5 Managing and implementing authorization controls
- Using resource hierarchy for access control
- Privileged roles and separation of duties
- Managing IAM permissions with primitive, predefined, and custom roles
- Granting permissions to different types of identities
- Understanding difference between Google Cloud Storage IAM and ACLs
1.6 Defining resource hierarchy
- Creating and managing organizations
- Resource structures (orgs, folders, and projects)
- Defining and managing organization constraints
- Using resource hierarchy for access control and permissions inheritance
- Trust and security boundaries within GCP projects
2. Configuring network security
2.1 Designing network security
- Security properties of a VPC network, VPC peering, shared VPC, and firewall rules
- Network isolation and data encapsulation for N tier application design
- Use of DNSSEC
- Private vs. public addressing
- App-to-app security policy
2.2 Configuring network segmentation
- Network perimeter controls (firewall rules; IAP)
- Load balancing (global, network, HTTP(S), SSL proxy, and TCP proxy load balancers)
2.3 Establish private connectivity
- Private RFC1918 connectivity between VPC networks and GCP projects (Shared VPC, VPC peering)
- Private RFC1918 connectivity between data centers and VPC network (IPSEC and Cloud Interconnect).
- Enable private connectivity between VPC and Google APIs (private access)
3. Ensuring data protection
3.1 Preventing data loss with the DLP API
- Identification and redaction of PII
- Configuring tokenization
- Configure format preserving substitution
- Restricting access to DLP datasets
3.2 Managing encryption at rest
- Understanding use cases for default encryption, customer-managed encryption keys (CMEK), and customer-supplied encryption keys (CSEK)
- Creating and managing encryption keys for CMEK and CSEK
- Managing application secrets
- Object lifecycle policies for Cloud Storage
- Enclave computing
- Envelope encryption
4. Managing operations within a cloud solution environment
4.1 Building and deploying infrastructure
- Backup and data loss strategy
- Creating and automating an incident response plan
- Log sinks, audit logs, and data access logs for near-real-time monitoring
- Standby models
- Automate security scanning for Common Vulnerabilities and Exposures (CVEs) through a CI/CD pipeline
- Virtual machine image creation, hardening, and maintenance
- Container image creation, hardening, maintenance, and patch management
4.2 Building and deploying applications
- Application logs near-real-time monitoring
- Static code analysis
- Automate security scanning through a CI/CD pipeline
4.3 Monitoring for security events
- Logging, monitoring, testing, and alerting for security incidents
- Exporting logs to external security systems
- Automated and manual analysis of access logs
- Understanding capabilities of Forseti
5. Ensuring compliance
5.1 Comprehension of regulatory concerns
- Evaluation of concerns relative to compute, data, and network.
- Security shared responsibility model
- Security guarantees within cloud execution environments
- Limiting compute and data for regulatory compliance
5.2 Comprehension of compute environment concerns
- Security guarantees and constraints for each compute environment (Compute Engine, Google Kubernetes Engine, App Engine)
- Determining which compute environment is appropriate based on company compliance standards
To see the full course content Download now
Course Prerequisites
- While there are no specific prerequisites to achieving this certification beyond passing the GC Professional Cloud Security Engineer exam, it is worth noting that experience with the required skills is key to a successful experience.
- Passing the GC Associate Cloud Engineer examand achieving the corresponding certification, while not mandatory, will help you prepare for this level since it introduces a number of technologies covered in the GC Professional Cloud Security Engineer exam.
Who can attend
- 3+ years of industry experience including 1+ years managing solutions on GCP.
- An understanding of security best practices and industry security requirements, you will design, develop, and manage a secure infrastructure leveraging Google security technologies
- Managing identity and access management
- Defining organizational structure and policies
- Using Google technologies to provide data protection
- Configuring network security defenses
- Collecting and analyzing Google Cloud logs
- Managing incident responses
- Demonstrating an understanding of regulatory concerns
Number of Hours: 40hrs
Certification
Key features
- One to One Training
- Online Training
- Fastrack & Normal Track
- Resume Modification
- Mock Interviews
- Video Tutorials
- Materials
- Real Time Projects
- Virtual Live Experience
- Preparing for Certification
FAQs
DASVM Technologies offers 300+ IT training courses with 10+ years of Experienced Expert level Trainers.
- One to One Training
- Online Training
- Fastrack & Normal Track
- Resume Modification
- Mock Interviews
- Video Tutorials
- Materials
- Real Time Projects
- Materials
- Preparing for Certification
Call now: +91-99003 49889 and know the exciting offers available for you!
We working and coordinating with the companies exclusively to get placed. We have a placement cell focussing on training and placements in Bangalore. Our placement cell help more than 600+ students per year.
Learn from experts active in their field, not out-of-touch trainers. Leading practitioners who bring current best practices and case studies to sessions that fit into your work schedule. We have a pool of experts and trainers are composed with highly skilled and experienced in supporting you in specific tasks and provide professional support. 24x7 Learning support from mentors and a community of like-minded peers to resolve any conceptual doubts. Our trainers has contributed in the growth of our clients as well as professionals.
All of our highly qualified trainers are industry experts with at least 10-12 years of relevant teaching experience. Each of them has gone through a rigorous selection process which includes profile screening, technical evaluation, and a training demo before they are certified to train for us. We also ensure that only those trainers with a high alumni rating continue to train for us.
No worries. DASVM technologies assure that no one misses single lectures topics. We will reschedule the classes as per your convenience within the stipulated course duration with all such possibilities. If required you can even attend that topic with any other batches.
DASVM Technologies provides many suitable modes of training to the students like:
- Classroom training
- One to One training
- Fast track training
- Live Instructor LED Online training
- Customized training
Yes, the access to the course material will be available for lifetime once you have enrolled into the course.
You will receive DASVM Technologies recognized course completion certification & we will help you to crack global certification with our training.
Yes, DASVM Technologies provides corporate trainings with Course Customization, Learning Analytics, Cloud Labs, Certifications, Real time Projects with 24x7 Support.
Yes, DASVM Technologies provides group discounts for its training programs. Depending on the group size, we offer discounts as per the terms and conditions.
We accept all major kinds of payment options. Cash, Card (Master, Visa, and Maestro, etc), Wallets, Net Banking, Cheques and etc.
DASVM Technologies has a no refund policy. Fees once paid will not be refunded. If the candidate is not able to attend a training batch, he/she is to reschedule for a future batch. Due Date for Balance should be cleared as per date given. If in case trainer got cancelled or unavailable to provide training DASVM will arrange training sessions with other backup trainer.
Your access to the Support Team is for lifetime and will be available 24/7. The team will help you in resolving queries, during and after the course.
Please Contact our course advisor +91-99003 49889. Or you can share your queries through info@dasvmtechnologies.com