Google Cloud Platform (Gcp) Professional Cloud Security Engineer Certification Companion: Learn and Apply Security Design Concepts to Ace the Exam

Cabianca, Dario

  • 出版商: Apress
  • 出版日期: 2024-06-13
  • 售價: $2,020
  • 貴賓價: 9.5$1,919
  • 語言: 英文
  • 頁數: 608
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 9798868802355
  • ISBN-13: 9798868802355
  • 相關分類: Google Cloud資訊安全
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Written in a simple and developer-focused style, this book gives you the tools and knowledge you need to ace the GCP Professional Cloud Security Engineer certification exam. The approach is two-fold: introducing and implementing all GCP cloud security concepts and controls based on the certification exam objectives, and demonstrating how these concepts can be applied to real-world scenarios.

Your study begins with cloud identities in GCP and different identity types (user accounts, service accounts, groups, and domains) and how separation of duties is implemented with access controls and Identity and Access Management (IAM). Emphasis is placed on the unique GCP approach to managing resources, with its clear distinction between resource ownership and resource billing. Following the defense in depth principle, the book shifts focus to network security and introduces different types of constructs that enable micro-segmentation, as they are implemented in a software-defined network. A chapter devoted to data protection is included. You will learn how to leverage the Data Loss Prevention (DLP) application programming interface (API) to prevent access to your workloads' sensitive data from unauthorized use. Examples on how to use the DLP API are provided using the Go language, which is becoming widely adopted in the developer community due to its simplicity, and high-performance networking and multi-processing capabilities. Encryption at rest, in use, and in transit is covered with an overview on how GCP implements confidential computing. The book concludes with an examination of the GCP services you need to know to monitor, audit, and ensure compliance with the laws and regulations where your workloads and infrastructure operate.

By the end of the book, you will have acquired the knowledge and confidence to pass the GCP Professional Cloud Security Engineer certification exam and to successfully design, architect, and engineer security solutions with the Google Cloud Platform.

Bonus Material: IAM deny policies

What You Will Learn

  • Understand the five security principles and how to use them to drive the development of modern security architectures in Google Cloud
  • Secure identities with Cloud Identity and Identity & Access Management (IAM)
  • Secure the network with segmentation and private connectivity
  • Protect sensitive data with the Data Loss Prevention (DLP) API and encryption
  • Monitor, log, audit, and troubleshoot security incidents with the Google Cloud Operations Suite
  • Ensure compliance and address regulatory concerns

Who This Book Is For

Software engineers specializing in DevOps, SecOps, and DataOps, who possess expertise in the Software Development Life Cycle (SDLC) methodologies within Agile teams. It also targets software architects with proficiency in various domains such as security, network, solution, data, infrastructure, cloud, and enterprise architecture.

商品描述(中文翻譯)

本書以簡單且以開發者為中心的風格撰寫,提供您通過 GCP 專業雲安全工程師認證考試所需的工具和知識。其方法分為兩個部分:根據認證考試目標介紹和實施所有 GCP 雲安全概念和控制,並展示這些概念如何應用於現實世界的情境。

您的學習將從 GCP 的雲身份和不同的身份類型(用戶帳戶、服務帳戶、群組和域)開始,並探討如何通過訪問控制和身份與訪問管理(IAM)實施職責分離。重點放在 GCP 獨特的資源管理方法上,明確區分資源擁有權和資源計費。遵循深度防禦原則,本書將重點轉向網絡安全,介紹不同類型的結構,以實現微分段,這些結構在軟體定義網絡中得以實施。本書還包括一章專門討論數據保護。您將學習如何利用數據丟失防護(DLP)應用程式介面(API)來防止未經授權的使用者訪問您的工作負載的敏感數據。使用 Go 語言提供了 DLP API 的使用範例,因其簡單性以及高效能的網絡和多處理能力,正逐漸被開發者社群廣泛採用。書中涵蓋靜態、使用中和傳輸中的加密,並概述 GCP 如何實施機密計算。本書最後將檢視您需要了解的 GCP 服務,以監控、審計並確保遵守您工作負載和基礎設施運作所在的法律和法規。

在本書結束時,您將獲得通過 GCP 專業雲安全工程師認證考試所需的知識和信心,並能成功設計、架構和工程化 Google Cloud Platform 的安全解決方案。

附加資料:IAM 拒絕政策

您將學到的內容:

- 理解五項安全原則及如何利用它們推動 Google Cloud 現代安全架構的發展
- 使用 Cloud Identity 和身份與訪問管理(IAM)來保護身份
- 通過分段和私有連接來保護網絡
- 使用數據丟失防護(DLP)API 和加密來保護敏感數據
- 使用 Google Cloud Operations Suite 監控、記錄、審計和排除安全事件
- 確保合規性並解決監管問題

本書適合對象:

專注於 DevOps、SecOps 和 DataOps 的軟體工程師,具備敏捷團隊內軟體開發生命週期(SDLC)方法論的專業知識。本書也針對在安全、網絡、解決方案、數據、基礎設施、雲端和企業架構等各個領域具備專業能力的軟體架構師。

作者簡介

Dario Cabianca is a computer scientist (PhD, University of Milan), published author, and Cloud Architect. He has worked with a variety of global enterprises for more than two decades, and possesses 10 cloud certifications with GCP, AWS, Microsoft Azure, and ISC2. He used his own fail-proof techniques to prepare and pass GCP, AWS, Microsoft Azure, and ISC2 exams. He is excited to share his knowledge to help readers of his study companion book prepare for the GCP Professional Cloud Security Engineer certification exam, and also come away equipped with the necessary tools and knowledge to be confident and successful on the job.


作者簡介(中文翻譯)

Dario Cabianca 是一位計算機科學家(博士,米蘭大學)、出版作者及雲端架構師。他在全球多家企業工作超過二十年,擁有 GCP、AWS、Microsoft Azure 和 ISC2 的十項雲端認證。他運用了自己無失敗的技巧來準備並通過 GCP、AWS、Microsoft Azure 和 ISC2 的考試。他很高興能分享他的知識,幫助他的學習夥伴書的讀者準備 GCP 專業雲端安全工程師認證考試,並且讓讀者具備必要的工具和知識,以便在工作中充滿信心並取得成功。