Almost a month ago, I heard about Google Cloud releasing 2 new exams for GCP. One was the Professional Cloud NetworkEngineer and the Professional Cloud Security Engineer. I had already passed the AWS Security Specialty last year when it was in Beta, so I decided to try my luck with the same on GCP. I wasn’t going to take my chance on the Networking Exam, as it was definitely not my strong suit. As well, at half price, I only had half as much to lose.
I had booked my exam 3 weeks in advance, as I needed to make sure I had studied everything I needed to know for this due to the unfamiliarity with what COULD be on the exam. I also hadn’t touched Google Cloud in a while, since AWS and Kubernetes had been my focus for the past couple months.
Slammed at work, I had realized the week before my exam that I needed to dive deep into the not gritty. Not just the basics, but the new services that had been released over the last 6 months. It’s actually been that long since I worked on a GCP lab, project or had even visited the console. I committed to sitting this exam and this meant that I needed to buckle down.
I searched the net on every article I could find with regards to this exam, or GCP security for that matter. I stumbled upon these 2 articles which were well written, and gave me a good starting point.
Kudo’s to these guys, as their notes had helped me to know what I needed to study. Thank you to all of you. I owe you guys a drink at our next conference meet.
After reading these blog posts, I had a starting point and started to deep dive. My first stop was the. This gave me an upfront and personal view of what will be on the exam. I learned in past, that whatever is explained on the exam guide, is what will definitely be on the exam. Reading the site my first stop would be the listed courses on Coursera:
A lot of great information and a great instructor, to boot. The core infrastructure was very basic for me, as I feel I already had the basic knowledge of the platform. The Security in GCP course was really insightful and full of goodies that really honed my skillset for security on the platform. I mainly focused on this course, and with the support of my wife, I was able to plough through it in a weekend.
Next, I managed to get through all the Quiklabs hands-on-labs that were outlined below:
Security & Identity Fundamentals quest.
I always say, the best way to get experience, is through getting your hands dirty. Managed to get through almost all the labs after the Coursera courses. These were great, as I got to polish up on already familiar concepts and some new ones too.
Some really good reviewing material on GCP, specifically security related, is Matt Ulasien’s Google Cloud Security Essentials course. A great course that outlined all the necessities needed for this exam. I watched all the videos on my way to and from work on the subway, and did the quizzes at home to test my knowledge.
Of course I couldn’t go without flipping through all the documentation on this one. Google happens to have very impressive documentation and extremely thorough. Below are the documents I read in full, and highly recommend you sit and read them for this exam:
Google Infrastructure Security Design Overview – Some good overview on all layers of security
Google Platform Customer Responsibility Matrix – Responsibility of the customer and GCP
Cloud Data Loss Prevention (DLP) – Quite a few questions on the exam on this. Know what it does and it’s features. Got a couple questions on regex infoType detector and when to use it over DLP.
Virtual Private Cloud (VPC) – This comes up quite a lot in the exam. Know all the concepts described in the docs. Specifically the connection differentiators: VPC Peering, Shared VPC, inter-VPC communication, Cloud Interconnect, Cloud VPN, Network tags and firewall configurations.
Compliance – Although PII comes up quite frequently, there are questions that ask about PCI and a few on ISO 2700X standards. Know what resources support these compliance standards.
Resource Manager, Cloud Identity and IAM – Know Organizations, folders and projects. Resource hierarchy, constraints and policies, and what trumps the other. IAM questions are based on users, groups and service accounts. Know when to use each of them. Quite a few questions on this topic.
Identity Aware Proxy (IAP) – Questions on access came with regards to App Engine and GKE. As well as limiting application access from employees. Know it in depth.
Application Layer Transport Security (ALTS) – Noticed a question (or 2) about this. Know what it is and what it does.
Forseti – High level understanding is sufficient.
Cloud Armor – and how to avoid DDOS attacks
Cloud Security Command Center – High level understanding is sufficient.
This exam had a 4 hour time on it comprising of 113 questions. I managed to finish it in just over 2 hours with another 20min to go over the questions I had marked for review. I found the exam just as difficult as the AWS Security Specialty Exam. It was a bit long, very challenging but lots of fun. I found the questions to be fair and not overly wordy. Just straight to the point. Questions can really bog you down, especially if you’re not sure which resources do what. Hence why studying is a must, unless you’ve worked with GCP deeply for the past few years. Mind you, I did not have a ton of experience going into this exam, but most of the concepts were similar to AWS and with 4 years on the platform, I felt pretty comfy with what was given.
I think Google did a great job on this exam and am looking forward to other people’s review of the exam. I’m hoping that these questions stay on the GA release, as they were all great exam questions, but only time will tell.
If you’ve taken it, let me know your thoughts, below.