Security in Google Cloud

GCP_SGC - Version:1

Description

This training course gives you a broad study of security controls and techniques in Google Cloud. Through recorded lectures, demonstrations, and hands-on labs, you’ll explore and deploy the components of a secure Google Cloud solution, including Cloud Identity, Resource Manager, Identity and Access Management (IAM), Virtual Private Cloud firewalls, Cloud Load Balancing, Direct Peering, Carrier Peering, Cloud Interconnect, and VPC Service Controls.

Intended audience

• Cloud information security analysts, architects, and engineers • Information security/cybersecurity specialists • Cloud infrastructure architects

Topics
Prerequisites
Objectives

▼Expand All

Foundations of Google Cloud Security
- • Google Cloud’s Approach to Security
- • The Shared Security Responsibility Model
- • Threats Mitigated by Google and Google Cloud
- • Access Transparency
Cloud Identity
- • Cloud Identity
- • Google Cloud Directory Sync
- • Google Authentication Versus SAML-based SSO
- • Authentication Best Practices
Identity and Access Management (IAM)
- • Resource Manager
- • IAM Roles
- • IAM Policies
- • IAM Recommender
- • IAM Troubleshooter
- • IAM Audit Logs
- • IAM Best Practices
Configuring Virtual Private Cloud for Isolation and Security
- •VPC Firewalls
- • Load Balancing and SSL Policies
- • Interconnect and Peering Policies
- • Best Practices for VPC Networks
- •VPC Flow Logs
Securing Compute Engine: Techniques and Best Practices
- • Service Accounts, IAM Roles and API Scopes
- • Managing VM Logins
- • Organization Policy Controls
- • Compute Engine Best Practices
- • Encrypting Disks with CSEK
Securing Cloud Data: Techniques and Best Practices
- • Cloud Storage IAM permissions and ACLs
- • Auditing Cloud Data
- • Signed URLs and Policy Documents
- • Encrypting with CMEK and CSEK
- • Cloud HSM
- • BigQuery IAM Roles and Authorized Views
- • Storage Best Practices
Application Security: Techniques and Best Practices
- • Types of Application Security Vulnerabilities
- • Web Security Scanner
- • Threat: Identity and Oauth Phishing
- • Identity-Aware Proxy
- • Secret Manager
Securing Google Kubernetes Engine: Techniques and Best Practices
- • Introduction to Kubernetes/GKE
- • Authentication and Authorization
- • Hardening Your Clusters
- • Securing Your Workloads
- • Monitoring and Logging
Protecting against Distributed Denial of Service Attacks (DDoS)
- • How DDoS Attacks Work
- • Google Cloud Mitigations
- • Types of Complementary Partner Products
Content-Related Vulnerabilities: Techniques and Best Practices
- • Threat Ransomware
- • Ransomware Mitigations
- • Threats: Data Misuse, Privacy Violations, Sensitive Content
- • Content-Related Mitigations
Monitoring, Logging, Auditing, and Scanning
- • Cloud Audit Logs
- • Deploying and Using Forseti

• Prior completion of Google Cloud Fundamentals: Core Infrastructure or
equivalent experience
• Prior completion of Networking in Google Cloud or equivalent experience
• Basic understanding of Kubernetes terminology (preferred but not required)
• Knowledge of foundational concepts in information security, through
experience or through online training such as SANS’s SEC301: Introduction
to Cyber Security
• Basic proficiency with command-line tools and Linux operating system
environments
• Systems Operations experience, including deploying and managing
applications, either on-premises or in a public cloud environment
• Reading comprehension of code in Python or Javascript

• Understand Google’s approach to security.
• Manage administration identities using Cloud Identity.
• Implement least privilege administration using Resource Manager
and IAM.
• Implement Identity-Aware Proxy.
• Implement IP traffic controls using VPC firewalls and Google
Cloud Armor.
• Remediate security vulnerabilities, especially public access to data
and virtual machines.
• Scan for and redact sensitive data using the Cloud Data Loss
Prevention API.
• Analyze changes to resource metadata configuration using
audit logs.
• Scan a Google Cloud deployment with Forseti, to remediate
important types of vulnerabilities, especially in public access
to data and VMs.

03-6176666

03-6176677

info@sela.co.il

SEND

Related Courses

» Google Cloud Platform Fundamentals: Big Data & Machine Learning

» From Data to Insights with Google Cloud Platform

» Architecting with Google Cloud Platform: Infrastructure

» Data Engineering

» Security in Google Cloud

» Architecting with Google Kubernetes Engine

» Analyzing and Visualizing Data in Looker

» Application Development with Cloud Run

» Architecting with Google Compute Engine

» Architecting with Google Cloud: Design and Process

» Google Cloud Big Data and Machine Learning Fundamentals

» Data Engineering on Google Cloud

» Data Integration with Cloud Data Fusion

» Reliable Google Cloud Infrastructure: Design and Process

» Developing Applications with Google Cloud

» Developing APIs with Google Cloud's Apigee API platform

» Cloud Digital Leader training with Google Cloud

» From Data to Insights with Google Cloud

» Getting Started with FinOps on Google Cloud Course - TechEng

» Getting Started with FinOps on Google Cloud Course

» Google Cloud Fundamentals: Core Infrastructure

» Getting started with Google Kubernetes Engine

» Managing Security in Google Cloud

» Machine Learning

» Networking in Google Cloud

» Security Best Practives in Google Cloud

» Security Best Practices in Google Cloud

» Developing a Google SRE Culture

» Working with Google Meet

» Go Language Programming

» Go Lang Essentials

» Google Workspace Admin

» Google Workspace Practitioner

» Managing Google Cloud’s Apigee API Platform for Hybrid Cloud

» Machine Learning on Google Cloud

Your Email:

To:
Your Name:
Subject:
Message: