מתווה קורס מפורט
Module 1: Foundations of Google Cloud Security
- The approach of Google Cloud to security
- The shared security responsibility model
- Threats mitigated by Google and Google Cloud
- Access transparency
Module 2: Securing Access to Google Cloud
- Cloud Identity
- Google Cloud Directory Sync
- Managed Microsoft AD
- Google authentication versus SAML-based SSO
- Identity Platform
- Authentication best practices
Module 3: Identity and Access Management (IAM)
- Resource Manager
- IAM roles
- Service accounts
- IAM and Organization policies
- Workload identity federation
- Policy Intelligence
- Lab: Configuring IAM
Module 4: Configuring Virtual Private Cloud for Isolation and Security
- VPC firewalls
- Load balancing and SSL policies
- Cloud Interconnect
- VPC Network Peering
- VPC Service Controls
- Access Context Manager
- VPC Flow Logs
- Cloud IDS
- Labs:
- Configuring VPC firewalls
- Configuring and Using VPC Flow Logs in Cloud Logging
- Demo: Securing Projects with VPC Service Controls
- Getting Started with Cloud IDS
Module 5: Securing Compute Engine: Techniques and Best Practices
- Service accounts, IAM roles, and API scopes
- Managing VM logins
- Organization policy controls
- Shielded VMs and Confidential VMs
- Certificate Authority Service
- Compute Engine best practices
- Lab: Configuring, Using, and Auditing VM Service Accounts and Scopes
Module 6: Securing Cloud Data: Techniques and Best Practices
- Cloud Storage IAM permissions and ACLs
- Auditing cloud data
- Signed URLs and policy documents
- Encrypting with Customer-managed encryption keys (CMEK) and Customer-supplied encryption keys (CSEK)
- Cloud HSM
- BigQuery IAM roles and authorized views
- Storage best practices
- Lab: Using Customer-Supplied Encryption Keys with Cloud Storage
- Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS
- Lab: Creating a BigQuery Authorized View
Module 7: Securing Applications: Techniques and Best Practices
- Types of application security vulnerabilities
- Web Security Scanner
- Threat Identity and OAuth phishing
- Identity-Aware Proxy
- Secret Manager
- Lab: Identity Application Vulnerabilities with Security Command Center
- Lab: Securing Compute Engine Applications with BeyondCorp Enterprise
- Lab: Configuring and Using Credentials with Secret Manager
Module 8: Securing Google Kubernetes Engine: Techniques and Best Practices
- Types of application security vulnerabilities
- Web Security Scanner
- Threat: Identity and OAuth phishing
- Identity-Aware Proxy
- Secret Manager
Module 9: Protecting against Distributed Denial of Service Attacks (DDoS)
- How DDoS attacks work
- Google Cloud mitigations
- Types of complementary partner products
- Lab: Configuring Traffic Blocklisting with Google Cloud Armor
Module 10: Content-Related Vulnerabilities: Techniques and Best Practices
- Threat: Ransomware
- Ransomware mitigations
- Threats: data misuse, privacy violations, sensitive content
- Content-related mitigation
- Redacting Sensitive Data with the DLP API
- Lab: Redacting Sensitive Data with DLP API
Module 11: Monitoring, Logging, Auditing, and Scanning
- Security Command Center
- Cloud Monitoring and Cloud Logging
- Cloud Audit Logs
- Cloud security automation
- Lab: Configuring and Using Cloud Monitoring and Cloud Logging
- Lab: Configuring and Viewing Cloud Audit Logs