- Evaluation of cloud service provider similarities, differences, challenges, and opportunities
- Planning, deploying, hardening, and securing single and multi-cloud environments
- Basic cloud resource auditing, security assessment, and incident response
Who is GCLD for?
- Security engineers
- Security analysts
- System administrators
- Risk managers
- Security managers
- Security auditors
- Anyone new to the cloud
- 1 proctored exam
- 75 questions
- 2 hours
- Minimum passing score of 61%
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
- Attacking the Cloud and Responding to Intrusions The candidate will demonstrate a basic understanding of the overall process and considerations when conducting a penetration test or responding to an incident involving public cloud resources.
- Cloud Account Fundamentals The candidate will demonstrate an understanding of cloud identity fundamentals and access management principles. The candidate will show familiarity of security best practices to control access to a cloud environment using each identity type.
- Cloud Automation The candidate will demonstrate a basic understanding of provisioning and managing cloud infrastructure using Infrastructure as Code. The candidate will demonstrate familiarity with using automation practices to support continuous and repeatable evaluation tasks.
- Cloud Logging Fundamentals The candidate will demonstrate familiarity with cloud logging capabilities and methods to collect logs in a way to facilitate utility and dissemination.
- Cloud Networking Technology The candidate will demonstrate knowledge of fundamental network security concepts and the implementation of these principles using cloud resources.
- Containers and Cloud Storage The candidate will demonstrate familiarity with serverless compute resources, container technologies, and how each can be orchestrated to achieve elasticity. The candidate will demonstrate familiarity with cloud storage options and how to architect these resources securely.
- Discovering and Storing Sensitive Data The candidate will demonstrate an understanding of data security considerations in a multi-tenant environment and how to configure and monitor cloud resources to deter data leakage using encryption and data loss prevent strategies.
- External access and IAM Best Practices The candidate will demonstrate an understanding of the security considerations when integrating 3rd party services with a cloud environment and the proper steps to evaluate the resilency of the integration configuration.
- Frameworks for Built-in Security The candidate will demonstrate an understanding of system development life cycles and AppSec frameworks to create a baseline configuration with security built-in. The candidate will demonstrate familiarity with continuous integration and continuous deployment.
- Network Security Monitoring in the Cloud The candidate will demonstrate basic knowledge of the collection and interpretation of network flow data and packet capturing using cloud resources. The candidate will demonstrate familiarity with using network security monitoring practices to enhance detection and response capabilities in the cloud.
- Risk Management and Compliance The candidate will demonstrate an understanding of regulatory, compliance, security assurance, and risk management requirements and the best practices and frameworks for addressing these considerations.
- Secrets Management The candidate will demonstrate knowledge of the responsibilities and capabilities to securing user secrets. The candidate will demonstrate familiarity of the integration process for a variety of authentication mechanisms in a cloud environment.
- Secure Compute Deployment The candidate will demonstrate fundamental knowledge of resource allocation and image evaluation when deploying cloud compute resources. The candidate will demonstrate the ability to maintain the compute resource attack surface through automation practices and patch management.
- Securing Cloud Networks The candidate will demonstrate an understanding of network isolation and remote access. The candidate will demonstrate fundamental knowledge of common attacks against cloud resources and best practices to protect against them.
- Understanding Shared Responsibility and Threat Informed Defense The candidate will demonstrate basic knowledge of using the practice of threat modeling to architect threat informed defenses for cloud resources. The candidate will demonstrate an understanding of the various service delivery models and shared responsibility for each when using a public cloud service.
- Using Sensitive Data The candidate will demonstrate an understanding of cloud resource elasticity and high availability functionality. The candidate will demonstrate fundamental knowledge of securing data in transit between cloud resources and application users.
- Training is available in a variety of modalities including live training and OnDemand.
- Practical work experience can help ensure that you have mastered the skills necessary for certification.
- College level courses or self paced study through another program or materials may meet the needs for mastery.
- Get information about the procedure to contest exam results.