GCP Architect: Designing for Security and Compliance Competency (Intermediate Level)

Topics covered

• create groups for aggregating users and roles to aggregate permissions assignments, including both default and custom roles
• describe the benefits of using differently sourced keys for cryptography in Google Cloud
• describe the integration of Secret Manager with the storage of API keys, passwords, certificates, and other sensitive data
• describe the key needs and tools used to create a well secured and audited environment to meet various compliance standards
• describe the process of configuring and managing audit logs in Google Cloud
• describe the process of creating secrets using Secret Manager
• describe the process used to encrypt data at rest with customer managed keys
• describe the process used to managed encrypted buckets in Google Cloud Storage
• identify methods to encrypt data as it is stored in different locations in a Google Cloud Infrastructure
• identify the benefits and process of using identity and context to secure applications and virtual machines
• identify the IAM roles and permissions needed to use Network Connectivity Center
• identify the key needs and tools for children's privacy compliance
• identify the key needs and tools for credit card information compliance
• identify the key needs and tools for protecting personally identifiable information for compliance
• identify the key needs and tools for security operations center (SOC) 2 industry certification
• identify the key needs and tools of health records compliance
• identify the need for and methodology of having penetration tests performed against projects in Google Cloud
• identify the needs and tools for managing symmetric and asymmetric cryptographic keys for cloud services
• identify the tools used to create a resource hierarchy, their differences, and how they can be leveraged to create a more secure cloud infrastructure
• identify who did what, where, and when using Google Cloud Audit Logs
• outline how the Organization Policy Service enables centralized and programmatic control over cloud resources
• outline how to configure different projects with different IAM roles to establish separation of duties
• outline the IAM roles and permissions needed to use Google Cloud Storage buckets
• recall the benefits of providing secure remote access through a zero trust model
• recall the use cases that effectively leverage IAM
• recognize how Google Cloud's Identity and Access Management (IAM) system works and how you can use it to manage access in Google Cloud
• recognize the scope of protections available when implementing managed networking functionality via VPC Service Controls
• work with IAM policies and the available options