How to pass the Google Professional Cloud Security Engineer certification
Check out Here — Professional Data Engineer Playlist — Youtube
Today I took the Professional Cloud Security Engineer certification. This is how I managed to pass the exam. Again, as a bonus, I share here the study guide I created for this certification.
I wrote the GCP Cloud Professional Cloud Security Engineer Exam Guide and passed it. Yaay! Here are my immediate impressions and notes. Hope it is useful to future test takers.
Result
Soon after the exam, I got the result as PASS. After a few days, I got the certificate from Google Cloud.
Here’s my certificate:
General information about the exam
- Length: 2 hours
- Registration fee: $200 (plus tax where applicable)
- Languages: English.
- Exam format: Multiple choice and multiple select, taken in person at a test center. Locate a test center near you.
- Prerequisites: None
- Recommended experience: 3+ years of industry experience including 1+ years designing and managing solutions using GCP.
Reference: Professional Cloud Engineer official exam page
Notice that, different from the Professional Cloud Architect and Professional Data Engineer exams, the Professional Cloud Security Engineer is, as of the time of this writing, available in English only.
How I studied for the test
The exam was very Tough. I assumed this one would be easier because I spent more time preparing and I had the experience of the previous certifications. After the exam I went over the questions again to remind myself later what areas were covered — the answer is, everything. Zero direct questions. Every question was embedded in a situation/use case.
IAM — questions covering Folders, Organizations, IAM Permissions, Organizational Constraints, Google Groups.
IAM — managing users can be via GSuite or Cloud Identity. There were questions on GSuite and I wasn’t expecting those. I haven’t done the GSuite course, but I wonder now if there would have been value in skimming those topics.
Networking — shared VPC, VPN, VPC peering, interconnect, Private Google Access. Here, you are better off doing the full Networking specialization. There is significant overlap.
DLP — Some straightforward and some were that by-hearting type. So, if you find lists of items related to this, spend some time on it.
DLP — what are the various ways to de-identify data? How can you completely redact them and never get it back? And how can you get it back? What are the various algorithms you can use?
DLP — using custom dictionaries and regex. Creating custom infoTypes.
DLP — how to manage data when in BigQuery and on Cloud Storage.
PCI DSS — What solutions are compliant with PCI and what requires additional work?
DNSSEC — how to protect your domain to the extent possible?
GCDS — How do you sync users, groups, third party tools, etc. There were mentions of LDAP and Active Directory, but you don’t need to really know them.
SIEM — how to connect, export, etc.
KMS — An important topic that is covered well in the courses. Do the exercises to really get a hang of what’s happening. One of the QwikLabs exercises on working with Cloud Storage and KMS was what really made me understand some parts of this.
KMS — know all about the process of how DEKs, KEKs, Key Rings, etc. are used within GCP. Where are they stored? Where are they retrieved from when used? There was some post on how keys are managed even above that. It isn’t relevant for the exam, but it was good reading.
KMS — Google managed keys, CMEK, CSEK, Application Security with keys.
Compliance — Know what these are about at a high level: GDPR, HIPAA, COPPA, FIPS 104, PCI-DSS.
Cloud Build — what are the best practices on ensuring secure builds and safe images?
Cloud Build — what base images do you start off with when you do your build? How do you ensure those are safe?
Cloud Security Scanner — where do you use this? What kind of situations is it used in? What kinds of issues does it catch? What are the downsides of using it?
Firewalls — when is it better to use firewall rules as opposed to other options? Priority values on rules. What are the default rules?
GKE — Aliases and GKE with private access.
Shared Responsibility Model — know what you are responsible for beyond what Google takes care of.
Stackdriver — there was something about capturing and viewing logs. Can’t remember where or what that was.
Resources I followed
- Sathish VJ’s AwesomeGCP Certification Repo
- Google Cloud Practice Questions
- Udemy Course
- GCP Data Engineer Coursera Course
- Cloud Guru Path
- pluralsight Course Path
- cloud Acedemy Course Path
Practice, practice, and practice…..
Notes from each of my exams
For those appearing for the various certification exams, here is a list of sanitized notes (no direct questions, only general topics) about the exam.
CloudGirl- Priyanka’s SketchNotes
Notes from the Associate Cloud Engineer exam
Notes from the Professional Cloud Architect exam
Guide for Professional Cloud Architect exam
Notes from the Professional Data Engineer exam
Notes from the Google Cloud Digital Leader exam
Notes from the Google Cloud Professional Cloud DevOps Engineer exam
Stay tuned till the next blog
If you Want to Connect with Me:
Linkedin: https://www.linkedin.com/in/vanamali-matha-811035232/
Twitter: https://twitter.com/Vanamalimatha32
GitHub Repo: awesome-GCP-certifications
A collection of posts, videos, courses, qwiklabs, and other exam details for all exams: GitHub
I hope this helps you in your preparation and to pass your exam. Thank you for reading. Perform well and all the best!
If this post was helpful, please click the clap 👏 button below 👇, Stay tuned till the next blog
I hope this helps you in your preparation and to pass your exam. Thank you for reading. Perform well and all the best!