Use this quick start guide to collect all the information about GIAC GCSA Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC Cloud Security Automation (GCSA) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC Cloud Security Automation (GCSA) certification exam.
The GIAC GCSA certification is mainly targeted to those candidates who want to build their career in Cloud Security domain. The GIAC Cloud Security Automation (GCSA) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC GCSA.
GIAC GCSA Exam Summary:
| Exam Name | GIAC Cloud Security Automation (GCSA) |
| Exam Code | GCSA |
| Exam Price | $979 (USD) |
| Duration | 120 mins |
| Number of Questions | 75 |
| Passing Score | 61% |
| Books / Training | SEC540: Cloud Security and DevSecOps Automation |
| Schedule Exam | Pearson VUE |
| Sample Questions | GIAC GCSA Sample Questions |
| Practice Exam | GIAC GCSA Certification Practice Exam |
GIAC GCSA Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Microservice Security |
- The candidate will demonstrate an understanding of microservice architecture and implementation in a DevOps environment. The candidate will show familiarity with the architecture's attack surface and appropriate security controls used in various architectural designs and conditions.
|
| Automated Remediation |
- The candidate wil show familiarity with event-based monitoring systems, alerting and security automation tools, and cloud management tools like Cloud Custodian.
|
|
Compliance as Code
|
- The candidate will demonstrate an understanding of the Secure DevOps auditing controls and how to leverage automated scanners to automate policy requirements.
|
| Configuration Management as Code |
- The candidate will demonstrate an understanding of managing infrastructure using programmable configuration management toolsets. The candidate will demonstrate an understanding of the new attack surfaces presented by CI, CD, and CM tools and familiarity with techniques for how to harden these tools.
|
|
Container Security
|
- The candidate will demonstrate an understanding of container security issues, hardening containerized environments, container orchestration tools, and running these workloads in the cloud.
|
|
Continuous Security Monitoring
|
- The candidate will demonstrate an understanding of what metrics and monitoring tools are needed to inform security efforts in cloud and DevOps environments. The candidate will show familiarity with how this data is collected, parsing log files, network collection, setting thresholds, and alerting the security team.
|
|
Deployment Orchestration and Secure Content Delivery
|
- The candidate will demonstrate an understanding of deployment patterns, such as canary and blue/green deployment processes, their benefits, and how to choose which approach is appropriate for a given situation. The candidate will demonstrate familiarity with the purposes and issues involved with using Content Delivery Networks (CDN). The candidate will show understanding of methods to safely bypass the Same Origin Policy, CDN configuration practices and issues, and demonstrate ways that access to CDN content can be controlled securely.
|
|
DevOps Fundamentals
|
- The candidate will demonstrate familiarity with Secure DevOps fundamentals and culture, including terminology, automation, cloud infrastructure integration, and security risks.
|
|
DevSecOps Security Controls
|
- The candidate will demonstrate an understanding of the DevOps deployment pipeline and security considerations for each step of the Continuous Delivery and Continuous Integration processes.
|
|
Kubernetes Security
|
- The candidate will demonstrate an understatnding of container runtimes and orchestrators, such as Kubernetes, and their security. The candidate will show familiarity with Kubernetes access control, namespaces, service accounts, secrets, and AWS and Azure Kubernetes Services, as well as container runtime security controls.
|
|
Runtime Security Protection
|
- The candidate will demonstrate an understanding of virtual patching in the cloud using Security as a Service, such as the Web Application Firewall. The candidate will demonstrate an understanding of how to configure those services to protect against common website attacks.
|
|
Secrets Administration
|
- The candidate will demonstrate an understanding of cloud secret keepers and vaults. The candidate will demonstrate an understanding of storing and retrieving sensitive data in these services.
|
|
Secure Infrastructure as Code
|
- The candidate will demonstrate an understanding of setting up and managing cloud infrastructure via code. The candidate will show familiarity with cloud provider and third-party tools used to manage cloud infrastructure resources.
|
|
Securing Cloud Architecture
|
- The candidate will demonstrate an understanding of securing cloud architecture using Continuous Integration / Continuous Deployment / Continuous Delivery pipelines. The candidate will show familiarity with Azure and AWS toolsets to track work items, code, test, build, and release, and how each stage is secured and automated.
|
|
Serverless Security
|
- The candidate will demonstrate familiarity with serverless architectures, their features, advantages, security concerns, and tactics for deploying effective security in serverless implementations.
|
To ensure success in GIAC GCSA certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for GIAC Cloud Security Automation (GCSA) exam.