Security & Identity Fundamentals
Fundamental 7 Steps 6 hours 35 Credits
Security is an uncompromising feature of Google Cloud Platform services, and GCP has developed specific tools for ensuring safety and identity across your projects. In this fundamental-level quest, you will get hands-on practice with GCP’s Identity and Access Management (IAM) service, which is the go-to for managing user and virtual machine accounts. You will get experience with network security by provisioning VPCs and VPNs, and learn what tools are available for security threat and data loss protections.
Prerequisites:Although this quest will teach you the fundamentals of Identity and Access Management (IAM) and Security in GCP, you will still need hands-on experience with the platform's core tools and services. It is recommended that the student have at least earned a Badge by completing the GCP Essentials and/or the Baseline: Infrastructure Quests before beginning.
Cloud IAM provides the right tools to manage resource permissions with minimum fuss and high automation. You don't directly grant users permissions. Instead, you grant them roles, which bundle one or more permissions. This allows you to map job functions within your company to groups and roles.
In this hands-on lab, you will learn how to create and manage Service Accounts
CFT Scorecard is a utility you can combine with Forseti policies to check for violations in your Google Cloud environment.
Google Cloud Platform (GCP) Virtual Private Cloud (VPC) Network Peering allows private connectivity across two VPC networks regardless of whether or not they belong to the same project or the same organization.
Learn how to restrict access selected authenticated users with Identity-Aware Proxy without special programming. Discover how to retrieve user identity information from IAP.
In this lab you'll work with advanced features of Google Cloud Security and Privacy APIs, including setting up a secure Cloud Storage bucket, managing keys and encrypted data using Key Management Storage, and viewing Cloud Storage audit logs.
Hands-on lab for creating a private cluster in the cloud environment. In a private cluster, nodes do not have public IP addresses, so your workloads run in an environment that is isolated from the Internet. Prerequisites: Experience with Kubernetes Clusters, and CIDR-range IP address.