Google GCP-PCSE (Professional Cloud Security Engineer) Certification Exam Syllabus

GCP-PCSE Dumps Questions, GCP-PCSE PDF, Professional Cloud Security Engineer Exam Questions PDF, Google GCP-PCSE Dumps Free, Professional Cloud Security Engineer Official Cert Guide PDFThe Google GCP-PCSE exam preparation guide is designed to provide candidates with necessary information about the Professional Cloud Security Engineer exam. It includes exam summary, sample questions, practice test, objectives and ways to interpret the exam objectives to enable candidates to assess the types of questions-answers that may be asked during the Google Cloud Platform - Professional Cloud Security Engineer (GCP-PCSE) exam.

It is recommended for all the candidates to refer the GCP-PCSE objectives and sample questions provided in this preparation guide. The Google Professional Cloud Security Engineer certification is mainly targeted to the candidates who want to build their career in Cloud domain and demonstrate their expertise. We suggest you to use practice exam listed in this cert guide to get used to with exam environment and identify the knowledge areas where you need more work prior to taking the actual Google Professional Cloud Security Engineer exam.

Google GCP-PCSE Exam Summary:

Exam Name
Google Professional Cloud Security Engineer
Exam Code GCP-PCSE
Exam Price $200 USD
Duration 120 minutes
Number of Questions 50
Passing Score Pass / Fail (Approx 70%)
Recommended Training / Books Google Cloud training
Google Cloud documentation
Google Cloud solutions
Schedule Exam PEARSON VUE
Sample Questions Google GCP-PCSE Sample Questions
Recommended Practice Google Cloud Platform - Professional Cloud Security Engineer (GCP-PCSE) Practice Test

Google Professional Cloud Security Engineer Syllabus:

Section Objectives

Configuring access within a cloud solution environment

Configuring Cloud Identity. Considerations include: - Managing Cloud Identity
- Configuring Google Cloud Directory Sync
- Management of super administrator account
Managing user accounts. Considerations include: - Designing identity roles at the project and organization level
- Automation of user lifecycle management process
- API usage
Managing service accounts. Considerations include: - Auditing service accounts and keys
- Automating the rotation of user-managed service account keys
- Identification of scenarios requiring service accounts
- Creating, authorizing, and securing service accounts
- Securely managed API access management
Managing authentication. Considerations include: - Creating a password policy for user accounts
- Establishing Security Assertion Markup Language (SAML)
- Configuring and enforcing two-factor authentication
Managing and implementing authorization controls. Considerations include: - Using resource hierarchy for access control
- Privileged roles and separation of duties
- Managing IAM permissions with primitive, predefined, and custom roles
- Granting permissions to different types of identities
- Understanding difference between Google Cloud Storage IAM and ACLs
Defining resource hierarchy. Considerations include: - Creating and managing organizations
- Resource structures (orgs, folders, and projects)
- Defining and managing organization constraints
- Using resource hierarchy for access control and permissions inheritance
- Trust and security boundaries within GCP projects

Configuring network security

Designing network security. Considerations include: - Security properties of a VPC network, VPC peering, shared VPC, and firewall rules
- Network isolation and data encapsulation for N tier application design
- Use of DNSSEC
- Private vs. public addressing
- App-to-app security policy
Configuring network segmentation. Considerations include: - Network perimeter controls (firewall rules; IAP)
- Load balancing (global, network, HTTP(S), SSL proxy, and TCP proxy load balancers)
Establish private connectivity. Considerations include: - Private RFC1918 connectivity between VPC networks and GCP projects (Shared VPC, VPC peering)
- Private RFC1918 connectivity between data centers and VPC network (IPSEC and Cloud Interconnect).
- Enable private connectivity between VPC and Google APIs (private access)

Ensuring data protection

Preventing data loss with the DLP API. Considerations include: - Identification and redaction of PII
- Configuring tokenization
- Configure format preserving substitution
- Restricting access to DLP datasets
Managing encryption at rest. Considerations include: - Understanding use cases for default encryption, customer-managed encryption keys (CMEK), and customer-supplied encryption keys (CSEK)
- Creating and managing encryption keys for CMEK and CSEK
- Managing application secrets
- Object lifecycle policies for Cloud Storage
- Enclave computing
- Envelope encryption

Managing operations within a cloud solution environment

Building and deploying infrastructure. Considerations include: - Backup and data loss strategy
- Creating and automating an incident response plan
- Log sinks, audit logs, and data access logs for near-real-time monitoring
- Standby models
- Automate security scanning for Common Vulnerabilities and Exposures (CVEs) through a CI/CD pipeline
- Virtual machine image creation, hardening, and maintenance
- Container image creation, hardening, maintenance, and patch management
Building and deploying applications. Considerations include: - Application logs near-real-time monitoring
- Static code analysis
- Automate security scanning through a CI/CD pipeline
Monitoring for security events. Considerations include: - Logging, monitoring, testing, and alerting for security incidents
- Exporting logs to external security systems
- Automated and manual analysis of access logs
- Understanding capabilities of Forseti

Ensuring compliance

Comprehension of regulatory concerns. Considerations include: - Evaluation of concerns relative to compute, data, and network.
- Security shared responsibility model
- Security guarantees within cloud execution environments
- Limiting compute and data for regulatory compliance
Comprehension of compute environment concerns. Considerations include: - Security guarantees and constraints for each compute environment (Compute Engine, Google Kubernetes Engine, App Engine)
- Determining which compute environment is appropriate based on company compliance standards
Your rating: None Rating: 5 / 5 (38 votes)