Cloud
Google Cloud (GCP) — fundamentals
Projects, IAM, Compute/Storage, Security Command Center, Workload Identity.
- 0111 minOrganization, projects and foldersintro
The resource hierarchy in Google Cloud: organization, folders, projects — and how IAM policies are inherited and how ZEUS reads this structure.
- 0213 minIAM and service accountscore
The IAM model in GCP: members, roles and bindings, the difference between basic and predefined roles, and service accounts and the risk of keys.
- 0312 minCompute Engine and Cloud Storagecore
Two fundamental GCP services: Compute Engine virtual machines and Cloud Storage object storage — with their security controls.
- 0412 minVPC networking and firewallcore
Networking in GCP: global VPCs, regional subnets, firewall rules and Private Google Access — with an emphasis on secure segmentation.
- 0513 minSecurity Command Center and Workload Identityadvanced
Two key GCP security services: Security Command Center (central posture and threat detection) and Workload Identity (keyless access).
- 0614 minHow ZEUS reads GCP (Workload Identity, Asset Inventory, Security Command Center)advanced
The full anatomy of the ZEUS connector to GCP: secretless authentication via Workload Identity, inventory via Asset Inventory, and reading from SCC.
Check your knowledge — quiz
5 questions · pass mark 80%. Score saved locally.
1.In the GCP resource hierarchy, how do IAM policies set at the organization or folder level behave?
2.Why do ZEUS and Google recommend Workload Identity Federation instead of service account JSON keys?
3.Which GCP IAM roles are too broad, and ZEUS flags their misuse as a finding?
4.How does a VPC network in GCP differ from the model known from AWS and Azure?
5.From which source does ZEUS pull a complete inventory of resources and policies with a single organization-level query?