I.Prepare
I passed this certificate for the first time in 2022.
I renewed my certificate and retook the exam at the center in February 2025.
https://www.credly.com/users/huydanggdg
The knowledge about services on GCP that I have reviewed includes:
Compute Engine
Google APIs
IAM (Identity and Access Management)
VPC network
Firewall Rules
Cloud Directory Sync
SAML 2.0 Single Sign-On (SSO)
Cloud Identity and Access Management API
Admin SDK
Cloud Armor
Cloud CDN
Cloud Identity-Aware Proxy
Cloud VPN
Shared VPC
Cloud Interconnect
Private Access
Aggregated Sinks
Cloud Identity
DLP API (Data Loss Prevention API)
Cloud KMS (Cloud Key Management Service)
Stackdriver (now Google Cloud’s operations suite Cloud Logging)
BigQuery
Cloud Pub/Sub
Dataflow
App Engine
Cloud Functions
Cloud Storage
Google Kubernetes Engine (GKE)
Cloud Bigtable
Cloud Datastore
Secret Manager
Cloud Security Scanner
Resource Manager
Forseti Security
Security Command Center
TCP Proxy Load Balancing
Network Load Balancer
HTTP(S) load balancer
Cloud HSM (Cloud Hardware Security Module)
Compute Engine Persistent Disk
Cloud Key Management Service (KMS)
Cloud NAT
Cloud DNS
Cloud Source Repositories
Cloud SQL
Cloud Endpoints
Cloud BigQuery
Google Cloud Directory Sync (GCDS)
Identity Platform
BeyondCorp Enterprise
Shielded VMs
Cloud External Key Manager (EKM)
Certificate Authority Service
Packet Mirroring
OS Config
Cloud Build
Cloud Run
Vertex AI
Cloud IDS
Assured Workloads
Key Access Justifications
Access Context Manager
Confidential VMs
Compliance Reports Manager
Private Service Connect
Service Health Analytics
Certificate Manager
Cloud Next Generation Firewall (NGFW) Enterprise
Cloud Logging
Container Registry
Security Command Center (SCC)
Organization Policy Service
VPC Service Control (SC)
Access Approval
Cloud HSM
Virtual Machine Threat Detection
Google Cloud Marketplace
Resource Location Restriction
Sensitive Data Protection
Compliance Monitoring
IAM Conditions
Workload Identity Pools
Cloud Certificate Authority Service
=====================================================
II.The main points after I passed the exam the second time were summarized
1.Managing Access and Identities: granting appropriate access to different users, groups, and service accounts for various GCP resources following the principle of least privilege. This includes understanding and applying predefined and custom IAM roles at different levels like projects, folders, and organizations. Scenarios around centralized identity management using Cloud Identity and integration with external identity providers are also frequent, as well as managing access for users from other organizations. Expect questions on using temporary access with IAM Conditions.
2.Protecting Data and Ensuring Compliance: Many questions focus on securing sensitive data (like PII, financial, and health data) at rest, in transit, and in use. This involves understanding and applying encryption techniques using various key management options (customer-managed, customer-supplied, and Google-managed keys), leveraging Data Loss Prevention (DLP) API for tasks like redaction, anonymization, and tokenization. You’ll also likely encounter scenarios requiring you to ensure data residency to meet compliance standards like GDPR and PCI DSS, and the importance of auditing key usage.
3.Securing Networks: Expect several questions about controlling network traffic using VPC Firewall Rules to restrict inbound and outbound connections, often based on network tags. Protecting web applications using Cloud Armor against common web attacks and controlling access to web applications and VMs with Cloud IAP are also key areas. You should also be familiar with providing private access to Google services for VMs without public IPs using Private Google Access and Cloud NAT, as well as securing hybrid connections between on-premises and GCP using Cloud VPN and Cloud Interconnect.
4.Logging and Monitoring for Security: You will likely be asked about the need to collect and analyze logs from various GCP resources to gain security visibility. This includes knowing how to use Cloud Logging and Cloud Audit Logs (Admin Activity and Data Access logs) and how to export these logs to external SIEM systems.
5.Managing Secrets: Securely handling sensitive information like API keys and passwords using Secret Manager is a recurring theme. Questions may involve controlling access to secrets and auditing their usage.
6.Incident Response and Auditing: You might see questions that touch upon auditing activities, such as identifying who performed specific actions or investigating potential security incidents. Understanding how to define access strategies for incident response with the principle of least privilege and time-bound access may also be relevant.
7.Securing Workloads: Expect questions on securing different types of workloads running on GCP, such as Compute Engine VMs (using features like Shielded VMs and Confidential VMs), Google Kubernetes Engine (GKE), App Engine, Cloud Functions, and Cloud Run. This includes securing container deployments using Binary Authorization and managing service account permissions for these workloads.
8.Securing Hybrid Environments: Scenarios involving secure connectivity and access management in hybrid cloud setups, where on-premises infrastructure connects to GCP, are common. This includes using Cloud VPN, Cloud Interconnect, and Private Google Access for on-premises hosts.
9.Understanding the capabilities of Security Command Center (SCC) for a unified view of security and compliance findings, including its features like Security Health Analytics and Virtual Machine Threat Detection, is also important. Expect questions on using VPC Flow Logs for network traffic analysis and Packet Mirroring for more in-depth network inspection.
10.Understanding how to use VPC Service Controls (VPC SC) to create security boundaries and prevent data exfiltration is also crucial.
III.Summary of mock exams at Udemy
https://www.udemy.com/course/professional-cloud-security-engineer-exam-2025/?couponCode=NVDPROD25
Main content Google guides:
Thanks for reading everyone.!!!!!!!!
Top comments (0)