Important topics to passed Google Cloud Professional Cloud Security Engineer Certification

Honestly, this exam really difficult what I feel as compared with the Professional Cloud Architect Exam. Actually, I was overconfident after passed the PCA exam and scheduled this exam after 2 weeks but the level of questions is more difficult than what I expected including lots of multiple selections, more than 2 answers were a similar type of answer. Honestly, I was not sure that I’m gonna clear this exam till the end of the exam, I have put most of the questions (around 35) for review due to unable to find the perfect solution based on questions. I have reviewed the same question multiple times and understand the meaning of each word, which is mentioned in the question based on context, which helps me to find the best possible solution, and finally at the end result was PASSED!!

Rule of thumb is read each word carefully, understand the context of question before mark as a final answer.

Important Topics based on my experience

1. IAM & Service Accounts: IAM and Service Account is everywhere, but in Security Engineer certification you should have little deep experience with a real business problem. eg. How to rotate service account, handle the situation when service account has been deleted accidentally, Access control for the service account, best practice while creating service accounts, use cases of custom IAM roles vs pre-defined roles, etc.
2. Cloud Identity/Gsuite/Cloud Directory Sync: I didn’t expect questions from Gsuite but few questions have appeared from Gsuite apart from this you should have an idea of how cloud directory sync works, use cases of google groups, import the contacts, groups from LDAP server, etc.
3. Encryption at Rest & Encryption in transit: Default encryption, Customer Supplied Encryption, Customer Managed Encryption, DEK, KEK, Envelope encryption, rotation KEK, etc.
   https://cloud.google.com/security/encryption-at-rest
   https://www.youtube.com/watch?v=vxMwuL0hX3U&t=1,797s
   https://cloud.google.com/security/encryption-in-transit
4. DLP API: Very Important for security engineer certification. Must have an idea of use cases for redaction, re-identification, regex detector, automate the integrated DLP API, how to manage securely PII information within a BigQuery, etc.
5. Security Command Center/ Forseti: Why do we need the Security Command Center, Use cases of SCC vs Forseti, etc.
6. Web Security Scanner/Cloud Armor: what kind of vulnerabilities and threats can be detected, best practice of using Web Security Scanner, What kind of security threads cloud armor can protect (SQL injection, DoS attack, etc), should be able to differentiate the services based on vulnerabilities and threads between Web Security Scanner and Cloud Armor, etc.
7. Load Balancer/Firewalls Rules: Idea of the various load balancer and use cases, what are the various security options are available(encryption in transit etc), Idea of where should we apply firewall rules(not applicable for Gsuite permission, etc), protecting communication between various services using network tag, bastion host, what are the default firewall rules available, etc.
8. Networking: Advantages of shared VPC, Custom VPC, Private Access between various services, What are the way to protect communication between on-premises and google cloud platform. VPC peering, disabled public access, etc.
9. Cloud IAP: You can expect a few questions related IAP including use cases(restriction to access web application), role-based authorization, how IAP works, advantages of using IAP, etc
10. Cloud Storage: How cloud storage help to mitigate various compliance including locking bucket, encryption, have a good understanding of lifecycle methods and how it works, signed URL, etc.
11. Secret Manager: use cases of the secret manager, environment variables vs secret manager, etc.
12. Secure Kubernetes server/node/communication:

Resources that I used to get prepare

1. Official security white paper: https://cloud.google.com/security/overview/whitepaper
2. Official Google Cloud Security Videos from youtube: https://www.youtube.com/playlist?list=PLAFY3hrExHFF4Df4TTXlvKCdiKIF7SZz2
3. Coursera Specialization Course: https://www.coursera.org/specializations/security-google-cloud-platform
4. Linux Academy:
   https://linuxacademy.com/course/google-cloud-security-essentials/
   https://linuxacademy.com/course/google-cloud-certified-professional-cloud-security-engineer/

My Certification

Google Cloud

Other Certifications Guides:

Associate Cloud Engineer:
https://medium.com/@narayansharma91/how-i-was-able-to-clear-my-google-cloud-engineer-exam-c8553835fbb0

Professional Cloud Architect: https://medium.com/@narayansharma91/important-topics-which-need-to-be-gear-up-in-order-to-passed-google-cloud-architect-certification-2cea4e3f3534

Professional Data Engineer:
https://medium.com/@narayansharma91/experiences-from-my-google-cloud-professional-data-engineer-exam-5b9a5106d31e

Professional Cloud Engineer:
https://narayansharma91.medium.com/notes-guides-from-my-gcp-professional-cloud-engineer-exam-ec6581607a36

Would you like to connect with me to share, discuss any concerns, need any help? Connect with me on Linkedin: https://www.linkedin.com/in/narayansharma91/
Happy to help!!