Professional Cloud Security Engineer exam
50-60 multiple choice and multiple select questions.
- Type
- Written
- Delivery
- Both
- Duration
- 120 min
Exam sections
Configuring access
This section covers managing identity and access within Google Cloud, including Cloud Identity, service accounts, authentication methods, and hierarchical authorization controls. It emphasizes the principle of least privilege, resource hierarchy management, and programmatic user/group administration.
Preparation tips
Focus on mastering IAM roles, Service Account impersonation, and Cloud Identity Sync setup. Understand the resource hierarchy and how inheritance affects permissions.
Securing communications and establishing boundary protection
Focuses on designing and configuring network security perimeters and boundary segmentation. Topics include VPC Service Controls, Cloud NGFW, Identity-Aware Proxy, and private connectivity options like HA VPN and Cloud Interconnect to ensure secure communication.
Preparation tips
Study VPC security properties, network isolation strategies, and the configuration of Cloud Armor and Secure Web Proxy for perimeter defense.
Ensuring data protection
Covers strategies for protecting sensitive data and managing encryption across the data lifecycle. Includes Sensitive Data Protection (DLP) for discovery and redaction, as well as managing Customer-Managed Encryption Keys (CMEK) and Cloud EKM.
Preparation tips
Be proficient in configuring CMEK, understanding the key lifecycle (rotation/revocation), and using Sensitive Data Protection tools for BigQuery and Cloud Storage.
Managing operations
Focuses on automating infrastructure and application security along with robust logging and monitoring. Covers CI/CD security scanning, Binary Authorization, VM hardening, and detection mechanisms using Security Command Center and VPC Flow Logs.
Preparation tips
Understand how to automate security scans in CI/CD pipelines and configure comprehensive logging and monitoring using Cloud IDS and Security Command Center.
Supporting compliance requirements
Addresses adhering to regulatory and industry standards within the shared responsibility model. Involves mapping compliance requirements to technical controls, using Assured Workloads, and ensuring transparency through Access Approval.
Preparation tips
Review the Google Cloud shared responsibility model and learn how to implement controls like Assured Workloads and Access Transparency to meet regulatory needs.
