🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
GCLD
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
GCLD GIAC Certifications Coming Soon

GCLD

The GCLD certification teaches IT professionals intermediate-level cloud security, covering fundamentals, AWS and Azure controls, identity and access management, and logging/monitoring to protect workloads and meet compliance.

120
Minutes
75
Questions
64/100
Passing Score
$979
Exam Cost

Who Should Take This

Mid‑level system administrators, security analysts, or cloud engineers with basic IT experience and introductory cloud exposure should pursue GCLD to deepen their defensive security skills across AWS and Azure, and to enable effective governance and compliance reporting, and to align security practices with industry standards.

What's Covered

1 Cloud Computing Fundamentals and Security Models
2 AWS Security
3 Azure Security
4 Cloud Identity and Access Management
5 Cloud Logging and Monitoring
6 Cloud Network Security
7 Cloud Compliance and Governance

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

67 learning goals
1 Cloud Computing Fundamentals and Security Models
3 topics

Cloud service and deployment models

  • Describe cloud service models (IaaS, PaaS, SaaS) including the compute, storage, and networking resources each model abstracts, and identify representative services from AWS and Azure for each service model category.
  • Describe cloud deployment models (public, private, hybrid, multi-cloud) including their risk profiles, data residency implications, connectivity requirements, and typical organizational use cases for each deployment approach.
  • Compare cloud service model security responsibilities to determine which security controls are customer-managed versus provider-managed for IaaS, PaaS, and SaaS deployments across different resource types and compliance requirements.

Shared responsibility and cloud security frameworks

  • Describe the shared responsibility model for cloud security including how responsibility boundaries shift between provider and customer across IaaS, PaaS, and SaaS, and which security domains (network, OS, data, identity) each party controls.
  • Identify cloud security frameworks including CSA Cloud Controls Matrix (CCM), NIST SP 800-144 (Cloud Computing Guidelines), CIS Benchmarks for AWS/Azure, and the MITRE ATT&CK Cloud Matrix and their role in structuring cloud security programs.
  • Apply the shared responsibility model to evaluate a cloud deployment's security posture by mapping security controls to responsibility boundaries and identifying gaps where neither provider nor customer has implemented adequate protections.

Cloud-native architecture security

  • Describe cloud-native architecture patterns including microservices, serverless functions, container workloads, managed databases, and event-driven architectures, and identify the security considerations unique to each pattern.
  • Evaluate the security implications of migrating traditional workloads to cloud-native architectures by assessing changes in attack surface, new trust boundaries, and the shift from perimeter-based to identity-centric security models.
2 AWS Security
4 topics

AWS Identity and Access Management

  • Describe AWS IAM components including users, groups, roles, policies (managed, inline, resource-based), permission boundaries, and the policy evaluation logic that determines allow/deny decisions for API requests.
  • Implement AWS IAM least privilege policies by creating custom IAM policies with specific resource ARNs, action restrictions, and condition keys (aws:SourceIp, aws:RequestedRegion, aws:PrincipalOrgID) to limit access to required operations only.
  • Implement AWS IAM roles for cross-account access and service-to-service authentication using AssumeRole, external ID conditions, and role trust policies to enable secure delegation without sharing long-term credentials.
  • Analyze AWS IAM policy configurations to identify overly permissive policies, unused access keys, roles with excessive trust relationships, and missing MFA requirements using IAM Access Analyzer and credential reports.

AWS storage and data security

  • Describe S3 security controls including bucket policies, ACLs, Block Public Access settings, S3 Object Lock, server-side encryption options (SSE-S3, SSE-KMS, SSE-C), and versioning for data protection and access control.
  • Implement S3 bucket security by configuring Block Public Access at the account level, enabling SSE-KMS encryption with customer-managed keys, applying bucket policies with explicit deny statements, and enabling access logging.
  • Implement AWS KMS key management by creating customer-managed keys with appropriate key policies, configuring key rotation, managing grants for cross-service encryption, and using key aliases for operational management.
  • Analyze S3 bucket exposure risks by evaluating public access settings, bucket policy statements, ACL configurations, and cross-account access patterns to identify misconfigured buckets and recommend remediation actions.

AWS network security

  • Describe AWS VPC security components including subnets (public/private), security groups (stateful), network ACLs (stateless), route tables, internet gateways, NAT gateways, and VPC endpoints for controlling network traffic flow.
  • Implement VPC security by configuring security groups with least-privilege ingress/egress rules, deploying network ACLs for subnet-level protection, enabling VPC Flow Logs for traffic monitoring, and using VPC endpoints for private AWS service access.
  • Evaluate AWS network architecture security by reviewing security group rules, NACL configurations, route table entries, and VPC peering connections to identify overly permissive network access, missing segmentation, and potential lateral movement paths.

AWS logging and threat detection

  • Describe AWS security logging services including CloudTrail (API activity), VPC Flow Logs (network traffic), S3 access logs, CloudWatch Logs, and GuardDuty (threat detection) and the security monitoring capability each provides.
  • Implement AWS CloudTrail with multi-region trail configuration, S3 log delivery with encryption, CloudWatch Logs integration for real-time alerting, and log file validation to establish comprehensive API activity monitoring.
  • Implement AWS GuardDuty enablement with finding types configuration, SNS notification integration, and automated remediation triggers using EventBridge rules to detect and respond to unauthorized activity and compromised instances.
  • Analyze AWS CloudTrail logs to investigate security incidents by querying for unauthorized API calls, IAM credential compromise indicators, resource configuration changes, and console login anomalies using Athena or CloudTrail Lake.
3 Azure Security
3 topics

Microsoft Entra ID and identity management

  • Describe Microsoft Entra ID (Azure AD) components including tenants, users, groups, service principals, managed identities, app registrations, and the relationship between Entra ID and Azure resource access control.
  • Implement Azure RBAC by assigning built-in roles (Owner, Contributor, Reader) at appropriate scopes (management group, subscription, resource group, resource), creating custom role definitions, and using deny assignments for restrictions.
  • Implement Entra ID Conditional Access policies to enforce MFA requirements, device compliance checks, location-based access restrictions, and risk-based authentication decisions for cloud resource access control.
  • Analyze Entra ID sign-in logs and audit logs to investigate suspicious authentication activity, identify compromised accounts, detect impossible travel scenarios, and assess the effectiveness of Conditional Access policies.

Azure network and resource security

  • Describe Azure networking security components including Virtual Networks, NSGs (Network Security Groups), ASGs (Application Security Groups), Azure Firewall, Azure DDoS Protection, and Private Endpoints for service access isolation.
  • Implement Azure NSG rules to control inbound and outbound traffic at the subnet and NIC level, configure ASGs for application-centric network segmentation, and enable NSG flow logs for network traffic visibility and analysis.
  • Implement Azure resource security using Azure Policy to enforce organizational standards, configure resource locks to prevent accidental deletion, and apply tags for governance and cost tracking across subscriptions.
  • Evaluate Azure network architecture security by reviewing NSG rules, route tables, service endpoint configurations, and private endpoint deployments to identify exposure risks and recommend network segmentation improvements.

Azure monitoring and threat detection

  • Describe Azure security monitoring services including Azure Monitor, Microsoft Defender for Cloud (security posture management, threat protection), Microsoft Sentinel (SIEM/SOAR), and Azure Activity Log for security event visibility.
  • Implement Microsoft Defender for Cloud by enabling enhanced security features, configuring security recommendations, enabling just-in-time VM access, and setting up security alerts for anomalous resource activity across Azure subscriptions.
  • Implement Azure diagnostic logging by configuring Activity Log retention, enabling resource diagnostic settings, routing logs to Log Analytics workspace, and creating KQL (Kusto Query Language) queries for security event investigation.
  • Analyze Azure security alerts and Defender for Cloud recommendations to prioritize remediation, investigate potential security incidents, and assess the overall security posture improvement trajectory across Azure resources.
4 Cloud Identity and Access Management
3 topics

Federated identity and SSO

  • Describe federated identity protocols including SAML 2.0, OpenID Connect (OIDC), and OAuth 2.0, explaining assertion/token flows, identity provider versus service provider roles, and how each protocol enables single sign-on for cloud services.
  • Implement SAML-based federation between an identity provider and cloud services to enable SSO, configure attribute mapping for role-based access, and establish trust relationships using metadata exchange and certificate validation.
  • Evaluate federation architecture security by assessing token lifetime configurations, replay attack protections, session management policies, and the blast radius of identity provider compromise on connected cloud services.

Multi-factor authentication and credential security

  • Describe multi-factor authentication mechanisms for cloud platforms including TOTP apps, FIDO2 hardware keys, SMS/phone verification, and push notification approval, and compare their phishing resistance and usability tradeoffs.
  • Implement MFA enforcement across AWS and Azure by configuring IAM policies requiring MFA for sensitive operations, enabling Entra ID Conditional Access MFA requirements, and establishing MFA for root/global admin accounts.
  • Implement cloud credential hygiene by configuring access key rotation policies, establishing service account key management procedures, enabling secrets management (AWS Secrets Manager, Azure Key Vault), and preventing credential exposure in code repositories.
  • Analyze cloud identity attack scenarios including credential stuffing, token theft, consent phishing, and privilege escalation to determine appropriate preventive controls and detection mechanisms for each attack vector.

Least privilege and access governance

  • Describe least privilege principles for cloud environments including just-in-time access, just-enough-access, permission boundaries, and access review processes that reduce standing privileges and limit blast radius of compromised accounts.
  • Implement access review workflows using AWS IAM Access Analyzer and Azure Entra ID Access Reviews to identify unused permissions, stale accounts, and excessive access grants for periodic privilege reduction and compliance reporting.
5 Cloud Logging and Monitoring
2 topics

Centralized logging architecture

  • Describe centralized cloud logging architecture patterns including log aggregation across accounts/subscriptions, immutable log storage, log retention policies, and cross-cloud log correlation for organizations using multi-cloud deployments.
  • Implement centralized log collection by routing AWS CloudTrail and VPC Flow Logs to a dedicated security account S3 bucket with cross-account access, and Azure Activity Logs to a central Log Analytics workspace using diagnostic settings.
  • Evaluate logging architecture completeness by identifying gaps in log coverage, assessing log retention adequacy for compliance and investigation needs, and recommending improvements to achieve comprehensive security event visibility.

Security monitoring and alerting

  • Implement cloud security alerting by creating CloudWatch alarms for unauthorized API calls, configuring Azure Monitor alert rules for suspicious sign-in activity, and establishing notification channels (SNS, email, webhook) for security events.
  • Implement SIEM integration for cloud security by forwarding cloud logs to Splunk, Elastic, or Microsoft Sentinel, creating correlation rules for multi-source detection, and establishing incident response playbooks for common cloud attack patterns.
  • Analyze cloud security monitoring effectiveness by evaluating detection coverage for common cloud attack techniques (credential compromise, data exfiltration, resource hijacking), measuring alert fidelity, and recommending detection rule improvements.
6 Cloud Network Security
3 topics

Network segmentation and isolation

  • Describe cloud network segmentation strategies including VPC/VNet design patterns, subnet segmentation by function (public, private, data), micro-segmentation using security groups, and zero-trust network architecture principles for cloud environments.
  • Implement cloud network isolation using VPC peering with restrictive route tables, PrivateLink/Private Endpoints for service access without internet exposure, and transit gateway architectures for centralized network connectivity management.
  • Evaluate cloud network segmentation effectiveness by analyzing traffic flow patterns, identifying unnecessary cross-segment connectivity, and recommending isolation improvements to reduce lateral movement risk within cloud environments.

Web application and API security

  • Describe cloud web application security services including AWS WAF, Azure WAF, CloudFront/Azure CDN security features, API Gateway authentication/throttling, and DDoS protection services for protecting internet-facing cloud workloads.
  • Implement cloud WAF protection by deploying AWS WAF or Azure WAF with managed rule sets (OWASP Top 10), custom rate limiting rules, geo-blocking, and IP reputation filtering to protect web applications from common attack vectors.
  • Analyze cloud WAF logs and API Gateway access logs to identify attack patterns, tune WAF rules to reduce false positives while maintaining protection, and assess the effectiveness of web application security controls against observed threats.

DNS and CDN security

  • Describe cloud DNS security features including Route 53/Azure DNS DNSSEC support, DNS query logging, DNS firewall capabilities, and CDN-based TLS termination with managed certificate provisioning for secure content delivery.
  • Implement cloud DNS security by configuring DNS query logging for visibility, enabling Route 53 Resolver DNS Firewall to block known malicious domains, and deploying managed TLS certificates through ACM or Azure App Service certificates.
7 Cloud Compliance and Governance
3 topics

Cloud compliance frameworks and standards

  • Describe major compliance frameworks applicable to cloud environments including SOC 2 Type II, HIPAA, PCI DSS, GDPR, FedRAMP, and ISO 27001, and identify which security controls each framework requires for cloud-hosted data and applications.
  • Implement CIS Benchmark compliance checks for AWS and Azure using AWS Config rules, Azure Policy definitions, and cloud security posture management tools (Prowler, ScoutSuite) to assess and enforce hardening standards automatically.
  • Analyze compliance gaps across cloud environments by mapping current security controls to regulatory requirements, identifying unmet control objectives, and prioritizing remediation based on risk severity and compliance deadlines.

Cloud security posture management

  • Describe cloud security posture management (CSPM) concepts including continuous configuration assessment, drift detection, misconfiguration identification, and risk scoring across multi-cloud environments using tools like AWS Security Hub and Defender for Cloud.
  • Implement cloud security posture management by enabling AWS Security Hub with CIS Foundations standard, configuring Defender for Cloud Secure Score tracking, and establishing automated remediation for critical misconfiguration findings.
  • Evaluate cloud security posture trends by analyzing Secure Score progression, misconfiguration recurrence patterns, and remediation SLA adherence to assess the maturity and effectiveness of the cloud security governance program.

Multi-account and subscription governance

  • Describe multi-account/subscription governance patterns including AWS Organizations with SCPs, Azure Management Groups with Policy inheritance, and the account/subscription segmentation strategies for isolating workloads by environment, team, or compliance boundary.
  • Implement multi-account governance by configuring AWS Organizations SCPs to enforce security guardrails, setting up Azure Management Group policy assignments for subscription-wide controls, and establishing a centralized security account/subscription pattern.
  • Evaluate multi-account governance effectiveness by assessing SCP/Policy coverage gaps, identifying accounts/subscriptions operating outside governance controls, and recommending organizational structure improvements for comprehensive security baseline enforcement.

Scope

Included Topics

  • All domains covered by the GIAC Cloud Security Essentials (GCLD) certification aligned with SANS SEC488: Cloud Security Essentials.
  • Cloud computing fundamentals including IaaS, PaaS, SaaS service models, shared responsibility model, multi-tenancy, cloud deployment models (public, private, hybrid, multi-cloud), and cloud-native architecture patterns.
  • AWS security fundamentals including IAM (users, groups, roles, policies), S3 bucket security (ACLs, bucket policies, encryption), VPC security (security groups, NACLs, flow logs), CloudTrail logging, and GuardDuty threat detection.
  • Azure security fundamentals including Microsoft Entra ID (Azure AD), network security groups (NSGs), role-based access control (RBAC), Azure Policy, Azure Monitor, and Microsoft Defender for Cloud.
  • Cloud identity and access management including federated identity (SAML, OIDC), multi-factor authentication, least privilege policies, service accounts, temporary credentials, and cross-account/cross-tenant access patterns.
  • Cloud logging, monitoring, and detection including centralized log aggregation, cloud-native SIEM integration, security alerting, compliance monitoring, and incident detection using cloud provider security services.
  • Cloud network security including virtual private clouds/networks, network segmentation, load balancer security, DNS security, CDN security, API gateway security, and private connectivity (PrivateLink, Private Endpoints).
  • Cloud compliance and governance including CIS Benchmarks for cloud, CSA Cloud Controls Matrix, regulatory frameworks (SOC 2, HIPAA, GDPR, PCI DSS) applied to cloud environments, and cloud security posture management (CSPM).

Not Covered

  • Advanced cloud penetration testing and red team techniques that require offensive security depth beyond defensive security essentials.
  • Deep cloud-native application development practices and CI/CD pipeline engineering not directly related to security configuration.
  • Container orchestration administration (Kubernetes cluster management) beyond security-relevant configuration and monitoring.
  • Cloud architecture design at the Solutions Architect level requiring multi-year experience with complex distributed system design.
  • Vendor-specific CLI command memorization and SDK programming interfaces beyond security-relevant configuration examples.

Official Exam Page

Learn more at GIAC Certifications

Visit

GCLD is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

GIAC® is a registered trademark of Global Information Assurance Certification (a subsidiary of the SANS Institute). GIAC does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.