Duração:
3 dias
Próxima Data:
2 a 4 Jul 2025
Local:
Online
Descrição
This training course gives you a broad study of security controls and techniques in Google Cloud. Through lectures, demonstrations, and labs, you explore and deploy the components of a secure Google Cloud solution. You use services including Cloud Identity, Identity and Access Management (IAM), Cloud Load Balancing, Cloud IDS, Web Security Scanner, BeyondCorp Enterprise, and Cloud DNS.
*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.
Destinatários
- Cloud information security analysts, architects, and engineers
- Information security/cybersecurity specialists
- Cloud infrastructure architects
- Developers of cloud applications.
-
Área: Google Cloud
-
Certificação Associada: Google Cloud Certified Professional Cloud Security Engineer (PCSE)
Programa:
Module 1: Foundations of GCP Security
- The approach of Google Cloud to security
- The shared security responsibility model
- Threats mitigated by Google and Google Cloud
- Access transparency
Module 2: Securing Access to Google Cloud
- Cloud Identity
- Google Cloud Directory Sync
- Managed Microsoft AD
- Google authentication versus SAML-based SSO
- Identity Platform
- Authentication best practices
Module 3: Identity and Access Management (IAM)
- Resource Manager
- IAM roles
- Service accounts
- IAM and Organization policies
- Workload identity federation
- Policy Intelligence
- Lab: Configuring IAM
Module 4: Configuring Virtual Private Cloud for Isolation and Security
- VPC firewalls
- Load balancing and SSL policies
- Cloud Interconnect
- VPC Network Peering
- VPC Service Controls
- Access Context Manager
- VPC Flow Logs
- Cloud IDS
- Labs:
- Configuring VPC firewalls
- Configuring and Using VPC Flow Logs in Cloud Logging
- Demo: Securing Projects with VPC Service Controls
- Getting Started with Cloud IDS
Module 5: Securing Compute Engine: techniques and best practices
- Service accounts, IAM roles, and API scopes
- Managing VM logins
- Organization policy controls
- Shielded VMs and Confidential VMs
- Certificate Authority Service
- Compute Engine best practices
- Lab: Configuring, Using, and Auditing VM Service Accounts and Scopes
Module 6: Securing cloud data: techniques and best practices
- Cloud Storage IAM permissions and ACLs
- Auditing cloud data
- Signed URLs and policy documents
- Encrypting with Customer-managed encryption keys (CMEK) and Customer-supplied encryption keys (CSEK)
- Cloud HSM
- BigQuery IAM roles and authorized views
- Storage best practices
- Lab: Using Customer-Supplied Encryption Keys with Cloud Storage
- Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS
- Lab: Creating a BigQuery Authorized View
Module 7 Securing Applications: techniques and best practices
- Types of application security vulnerabilities
- Web Security Scanner
- Threat Identity and OAuth phishing
- Identity-Aware Proxy
- Secret Manager
- Lab: Identity Application Vulnerabilities with Security Command Center
- Lab: Securing Compute Engine Applications with BeyondCorp Enterprise
- Lab: Configuring and Using Credentials with Secret Manager
Module 8: Securing Google Kubernetes Engine: Techniques and Best Practices
- Types of application security vulnerabilities
- Web Security Scanner
- Threat: Identity and OAuth phishing
- Identity-Aware Proxy
- Secret Manager
Module 9: Protecting against Distributed Denial of Service Attacks
- How DDoS attacks work
- Google Cloud mitigations
- Types of complementary partner products
- Lab: Configuring Traffic Blocklisting with Google Cloud Armor
Module 10:Content-Related Vulnerabilities: Techniques and Best Practices
- Threat: Ransomware
- Ransomware mitigations
- Threats: data misuse, privacy violations, sensitive content
- Content-related mitigation
- Redacting Sensitive Data with the DLP API
- Lab: Redacting Sensitive Data with DLP API
Module 11 Monitoring, Logging, Auditing, and Scanning
- Security Command Center
- Cloud Monitoring and Cloud Logging
- Cloud Audit Logs
- Cloud security automation
- Lab: Configuring and Using Cloud Monitoring and Cloud Logging
- Lab: Configuring and Viewing Cloud Audit Logs
Pré-requisitos:
- Prior completion of Google Cloud Fundamentals: Core Infrastructure (GCF-CI) or equivalent experience
- Prior completion of Networking in Google Cloud Platform (NGCP) or equivalent experience
- Knowledge of foundational concepts in information security:
- Basic proficiency with command-line tools and Linux operating system environments
- Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
- Reading comprehension of code in Python or JavaScript
- Basic understanding of Kubernetes terminology (preferred but not required)
Partilha: