Google Cloud Certified: Professional Cloud Security Engineer exam and prep

| Nov 11, 2023
Google Cloud Certified: Professional Cloud Security Engineer exam and prep

Introduction

I recently managed to pass the Google Cloud Certified: Professional Cloud Security Engineer exam.

In my last post, I talked about the learning journey - this post will cover what I did to prep for the exam after completing those courses and my experience of the exam itself.

Preparation

As I mentioned in my previous post, I went on a GCP journey when I secured a new role in a new employer, one who is Multi-Cloud and uses GCP as well as Azure, where my cloud journey learning had been focussed so far.

I then went through many weeks of learning and study on the Get GCP Certified program.

Fast forward through my 12 weeks notice period (and it really DID go by FAAAAAAST!), I finished up at my previous employer and crammed for 2 days on the Microsoft Certified Cybersecurity Architect Expert exam - which I passed!

The last day I could take the GCP PCSE exam using the free exam voucher from the program was 30th September so I had booked the exam for 29th September - giving myself a breather on study while I got up to speed in my new role and new employer.

2 weeks ahead of the exam I resumed study for the exam by:

  • Rewatching the recordings of the weekly sessions with the instructor
  • Reading the reference material he’d shared each week
  • Watching the reference videos he’d shared each week
  • Taking the prep questions he’d shared each week and where I got a question wrong, spending time reading up on that area in detail
  • Took the Google provided Sample Questions and again where I didn’t fare well, spend time reading up more in that area

Focus Areas

Obviously, pay keen attention to the Exam Guide from Google.

Couple of pointers from me:

  1. Unlike Microsoft exams, there are only 2 question types:

    1. Multiple Choice Single Answer
    2. Multiple Choice Multiple Answer

  2. There are no case studies (Good and bad - no pictures or diagrams, 100% text so if you can’t visualise that’s tough but I can so so I didn’t find that to be a problem)

  3. There are no “Ask you the same thing on several questions in a row with different answer choices, where none of the choices being correct is possible” - often referred to as “Repeated Answer choices”

  4. There are no labs

  5. There were 45 questions in an allotted time of 2 hours

  6. Strong focus on Encryption (GMEK, CMEK, CSEK, KMS, CEKM)

  7. Lots of focus on DLP

  8. Focus on VPCs (when to use Shared VPC vs VPC Peering, use of VPC Service Control Perimiters etc)

  9. Lots of focus on trusted image policies

  10. Focus on Organisation Policies

  11. Keen focus on IAM, GCDS (including how to set it up), ADFS federation, Workload Identity, Workload Identity Federation

  12. More on Security Command Center than I expected including differences in capability by SKU - think I blagged those if I am honest!

  13. Lots on Cloud Armor, Identity-Aware Proxy(IAP)

  14. Way less on load balancing than I expected

General Preparation

A couple of takeaways though that I think are relevant for all exams:

  1. Read the exam outline thoroughly.

  2. Use any practice tests that you can get access to.

  3. After each practice test, review the areas you didn’t do as well in - spend extra time studying up in those areas before further practice tests and the exam itself.

  4. Take your time - whilst you don’t want to run out of time in the exam, you don’t want to answer a question incorrectly because you misread the question.

  5. Read each question thoroughly - certain key words will lead you away from obvious wrong answers so even if you don’t know 100%, you can probably deduce a likely correct answer - for example, if you are asked how to redact sensitive PII information in text, three of the answers refer to using the Cloud Vision API (which detects and extracts text from images) while the remaining answer refers to using the Cloud Data Loss Prevention API which can detect and transform sensitive data in text - hopefully the correct answer is clear.

  6. This sounds like a contradiction but don’t spend too long on any one question and run out of time. I have a tactic for that…

  7. Mark every question for review as soon as the question loads. At the end of a section, you’ll be given the chance to review and change your answers on the questions you marked for review. So those ones that were irking you, you can come back to once you’ve answered every question in that section. Again don’t spend too long, the clock is still running.

Summary

I’m really pleased to have passed this (unlike Microsoft, with Google you don’t get a score - only pass or fail) - especially given the other things I was juggling in my life with a new job, new employer and also last minute cramming for and passing of a Microsoft exam too.

To me this also reinforces another point I don’t think is made often enough - you are often much better, and much more knowledgeable, than you know, or give yourself credit for!

I hope these posts are useful to you but if you have questions, please either comment below, email me or reach out to me on the many social platforms.

If you like what I do and appreciate the time and effort and expense that goes into my content you can always Buy Me a Coffee at ko-fi.com

comments powered by Disqus