Skip to main content


Showing posts from January, 2023

Google Professional Cloud Security Engineer Exam Prep notes - Part 2

   This blog covers review notes for logging, DNS security & Google Cloud web Security Scanner Service 1. Aggregated sinks Sinks can be constructed with the "includeChildren" parameter set to "True" for cloud organisation / folders. The logs from these organizations , folders , projects or billing accounts can be routed to these sinks. 2. DNS security extension DNS Security Extensions (DNSSEC) is the security protocol that enables authentication of DNS data. It is a DNS protocol extension that adds an additional degree of security by enabling users to digitally sign their DNS records, making it more challenging for attackers to tamper with DNS data. Customers can enable DNSSEC on Google Cloud's Cloud DNS service to safeguard their domains from unauthorized alterations. 3. Google Cloud web Security Scanner Service To find common vulnerabilities in web applications, such as those listed in the OWASP Top 10, customers can use the Google cloud web security sca

Google Professional Cloud Security Engineer Exam Prep notes - Part 1

Key points to review before the exam about firewalls, container best practices and DDoS protection 1. Firewall default rules: Following rules are created with lowest priority and will be applicable if not overridden by a higher priority rule All default outbound traffic is allowed (Refer the following document for exceptions: All ingress traffic is blocked 3. Container best practices: Package single app or piece of software as a container. An application with unique parent process but different possible child processes qualifies for this Run a PID1 and register Signal handlers Enable process namespace sharing in Kubernetes Use a specialized init system Optimize for Docker build cache Remove unnecessary tools Build the smallest image possible using the smallest base image, creating images with common layers and reducing clutter Enable image scanning for vulnerability Tag images using options like semantic versioning and Git c

Blogs in - 2022

Do checkout some of  my blogs that I published in in 2022 in Google Cloud Community Google Cloud DevOps Series : Google Cloud compute options for Kubernetes This is a blog series on Google Cloud DevOps , and how Devops is done the Google way. I have authored Part 2 of the blog series that talks about Compute options for Kubernetes Google Cloud Anthos Series : Anthos Multi-Cluster Ingress This is a blog series on Google Cloud Anthos and how it can help scale your applications transcending geographic and cloud boundaries. I have authored Part 6 of this blog series that explains how Multi-Cluster Ingress can be enabled for Anthos SAP on Google Cloud Series : The fundamentals This is a blog series that focusses on the constructs of hosting SAP workloads on Google cloud. I have authored Part 1 of the  blog series that covers the fundamentals of SAP on Google cloud