GPCS
Coming Soon
Expected availability announced soon
This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.
GPCS
The GPCS certification trains security professionals to design, implement, and analyze multi‑cloud security architectures across advanced AWS, Azure, workload, container, and Kubernetes protections in enterprise environments.
120
Minutes
75
Questions
68/100
Passing Score
$979
Exam Cost
Who Should Take This
It is intended for security engineers, cloud architects, and DevSecOps specialists who have at least three years of hands‑on experience securing AWS and Azure environments. These professionals seek to validate advanced cloud‑defense skills, master multi‑cloud security service configuration, and differentiate themselves for senior security leadership roles.
What's Covered
1
Domain 1: Multi-Cloud Security Architecture
2
Domain 2: AWS Advanced Security Services
3
Domain 3: Azure Advanced Security Services
4
Domain 4: Cloud Workload Protection
5
Domain 5: Container and Kubernetes Security in Cloud
6
Domain 6: Cloud Security Posture Management
What's Included in AccelaStudy® AI
Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats
Course Outline
62 learning goals
1
Domain 1: Multi-Cloud Security Architecture
3 topics
Cloud Security Foundations
- Identify the shared responsibility model differences between AWS and Azure including where provider responsibility ends and customer responsibility begins for IaaS, PaaS, and SaaS.
- Describe the core identity and access management primitives in both AWS IAM and Azure AD including users, groups, roles, policies, and service principals.
- Explain zero-trust architecture principles as applied to public cloud environments including identity verification, micro-segmentation, and least-privilege enforcement.
- Configure cross-account and cross-subscription access delegation using AWS IAM roles with external IDs and Azure Lighthouse for centralized multi-tenant security management.
Multi-Cloud Network Security
- Describe virtual network segmentation constructs including AWS VPCs with subnets and route tables and Azure VNets with subnets and route tables for defense-in-depth isolation.
- Implement network traffic filtering using AWS Security Groups and NACLs alongside Azure Network Security Groups and Application Security Groups for layered perimeter defense.
- Configure private connectivity between cloud environments and on-premises networks using AWS Direct Connect and VPN alongside Azure ExpressRoute and VPN Gateway.
- Analyze VPC flow logs and Azure NSG flow logs to detect anomalous network traffic patterns, unauthorized lateral movement, and data exfiltration attempts.
Encryption and Key Management
- Describe encryption at rest and in transit mechanisms including AWS KMS envelope encryption, Azure Key Vault managed keys, and TLS enforcement across cloud services.
- Implement customer-managed key policies in AWS KMS and Azure Key Vault including key rotation schedules, access policies, and cross-region replication for disaster recovery.
- Evaluate the security tradeoffs between provider-managed keys, customer-managed keys, and customer-provided keys for data sovereignty and compliance requirements.
2
Domain 2: AWS Advanced Security Services
3 topics
Threat Detection and Monitoring
- Configure Amazon GuardDuty across multiple AWS accounts to detect reconnaissance, instance compromise, and credential exfiltration using threat intelligence feeds.
- Implement AWS Security Hub with CIS AWS Foundations Benchmark and AWS Foundational Security Best Practices standards to aggregate and prioritize findings.
- Configure AWS CloudTrail organization trails with log file validation and CloudWatch Alarms for real-time detection of unauthorized API activity.
- Analyze GuardDuty finding types to differentiate between low-severity informational events and high-severity compromise indicators requiring immediate incident response.
Data Protection and Compliance
- Configure Amazon Macie to discover and classify sensitive data in S3 buckets including PII, PHI, and financial data using managed and custom data identifiers.
- Implement AWS Config rules and conformance packs to continuously evaluate resource configurations against organizational security policies and compliance standards.
- Configure AWS IAM Access Analyzer to identify resources shared with external entities and validate IAM policies against security best practices.
- Assess the effectiveness of combined Macie, Config, and Security Hub findings to build a comprehensive data protection posture for regulated workloads.
Web and Application Protection
- Implement AWS WAF rules with managed rule groups and custom conditions to protect web applications against OWASP Top 10 threats including SQL injection and XSS.
- Configure AWS Shield Advanced for DDoS protection with automatic application-layer mitigations and integration with AWS WAF rate-based rules.
- Analyze AWS WAF logging data to identify attack patterns, tune rule effectiveness, and reduce false positive rates for production web applications.
3
Domain 3: Azure Advanced Security Services
3 topics
Microsoft Sentinel and SIEM
- Describe Microsoft Sentinel architecture including Log Analytics workspaces, data connectors, analytics rules, and playbooks for cloud-native SIEM and SOAR.
- Configure Sentinel data connectors for Azure Activity Logs, Azure AD sign-in logs, Office 365, and AWS CloudTrail to centralize multi-cloud security telemetry.
- Implement Sentinel analytics rules using KQL to detect brute-force attacks, impossible travel, and privilege escalation across Azure and hybrid environments.
- Evaluate Sentinel incident severity, correlate alerts from multiple data sources, and assess whether detected activity represents true compromise or benign behavior.
Microsoft Defender for Cloud
- Describe Defender for Cloud secure score methodology, security recommendations, and coverage plans for servers, storage, databases, containers, and app services.
- Configure Defender for Cloud workload protection plans including Defender for Servers, Defender for Storage, and Defender for Key Vault across Azure subscriptions.
- Implement Azure Policy initiatives to enforce regulatory compliance standards including CIS, NIST 800-53, and PCI DSS across resource groups and subscriptions.
- Analyze Defender for Cloud security alerts to prioritize remediation, identify attack kill chain stages, and correlate findings with Sentinel incidents.
Azure Identity and Conditional Access
- Describe Azure AD Conditional Access policy components including assignments, conditions, grant controls, and session controls for adaptive access decisions.
- Implement Conditional Access policies enforcing multi-factor authentication, compliant device requirements, and location-based restrictions for cloud application access.
- Configure Azure AD Privileged Identity Management to enforce just-in-time access, approval workflows, and access reviews for administrative roles.
- Evaluate Azure AD sign-in and audit logs to detect compromised accounts, assess Conditional Access policy effectiveness, and identify gaps in identity protection coverage.
4
Domain 4: Cloud Workload Protection
2 topics
Compute Workload Security
- Describe cloud workload protection platform capabilities including vulnerability assessment, file integrity monitoring, adaptive application control, and runtime threat detection.
- Implement Amazon Inspector for automated vulnerability scanning of EC2 instances and Lambda functions with integration into Security Hub for centralized finding management.
- Configure AWS Systems Manager Patch Manager to automate OS and application patching across fleets of EC2 instances with maintenance windows and compliance reporting.
- Compare workload protection approaches between agent-based scanning, agentless scanning, and cloud-native API-based assessment for different deployment models.
Serverless and Managed Service Security
- Identify security considerations unique to serverless architectures including function permission scoping, event injection, and dependency vulnerabilities in Lambda and Azure Functions.
- Apply least-privilege IAM policies to Lambda execution roles and Azure Function managed identities limiting access to only required downstream resources.
- Assess the attack surface reduction achieved by serverless versus traditional VM-based workloads considering shared responsibility, patching burden, and runtime exposure.
5
Domain 5: Container and Kubernetes Security in Cloud
3 topics
Container Image and Registry Security
- Describe container image security best practices including minimal base images, multi-stage builds, non-root execution, and read-only file systems.
- Implement container image scanning in Amazon ECR and Azure Container Registry to detect OS vulnerabilities and application dependencies before deployment.
- Configure image signing and verification using AWS Signer or Notary to enforce supply chain integrity and prevent deployment of unsigned container images.
Kubernetes Cluster Security
- Describe Kubernetes security primitives including RBAC, Pod Security Standards, network policies, secrets management, and admission controllers.
- Implement Kubernetes RBAC policies in EKS and AKS clusters to restrict namespace-level access for development teams and CI/CD service accounts.
- Configure Kubernetes network policies to enforce pod-to-pod communication restrictions and microsegmentation within cluster namespaces.
- Implement Pod Security Standards at the namespace level using built-in admission controllers to enforce restricted, baseline, or privileged profiles.
- Evaluate Kubernetes audit logs from EKS and AKS to detect unauthorized access attempts, privilege escalation, and suspicious workload behavior.
Service Mesh and Runtime Security
- Describe service mesh security capabilities including mutual TLS, traffic encryption, authorization policies, and observability provided by Istio and Linkerd.
- Implement runtime security monitoring for containers using Falco or cloud-native tools to detect anomalous process execution, file access, and network connections.
- Analyze container runtime security events to distinguish between legitimate application behavior and indicators of compromise such as reverse shells or cryptomining.
6
Domain 6: Cloud Security Posture Management
3 topics
CSPM Fundamentals and Benchmarks
- Identify the purpose and components of Cloud Security Posture Management including continuous assessment, misconfiguration detection, compliance monitoring, and remediation automation.
- Describe CIS Benchmarks for AWS and Azure including their structure, scoring methodology, and mapping to regulatory frameworks such as NIST 800-53 and SOC 2.
- Implement automated CIS Benchmark assessments using AWS Security Hub standards and Azure Defender regulatory compliance dashboards across multi-account environments.
Posture Automation and Remediation
- Configure auto-remediation workflows using AWS Config remediation actions and Azure Policy remediation tasks to automatically fix non-compliant resource configurations.
- Implement drift detection mechanisms to identify configuration changes that deviate from approved security baselines in both AWS and Azure environments.
- Evaluate the maturity of a cloud security posture program by assessing metric coverage, remediation SLAs, exception management processes, and trend analysis over time.
Multi-Cloud Governance
- Describe multi-cloud governance frameworks including AWS Organizations SCPs, Azure Management Groups, and cross-provider policy enforcement strategies.
- Implement tagging strategies and resource naming conventions across AWS and Azure to enable consistent cost allocation, ownership tracking, and security policy application.
- Compare centralized versus federated cloud security governance models evaluating effectiveness for organizations with varying cloud maturity and regulatory requirements.
- Assess multi-cloud logging consolidation strategies using Sentinel with AWS connectors and SIEM aggregation to achieve unified security visibility across providers.
Scope
Included Topics
- All domains in the GIAC Public Cloud Security (GPCS) certification aligned to SANS SEC510: Multi-cloud security architecture, AWS advanced security services, Azure advanced security services, cloud workload protection, container and Kubernetes security, and cloud security posture management.
- AWS security services including GuardDuty, Security Hub, AWS Config, Macie, Inspector, CloudTrail, IAM Access Analyzer, KMS, and WAF in production multi-account environments.
- Azure security services including Microsoft Sentinel, Microsoft Defender for Cloud, Azure Policy, Azure Key Vault, Azure Firewall, Network Security Groups, and Azure AD Conditional Access.
- Container security for Docker and Kubernetes in cloud environments including image scanning, runtime protection, pod security standards, network policies, service mesh security, and registry hardening.
- Cloud Security Posture Management (CSPM) tools, frameworks, and automation including CIS Benchmarks, cloud-native CSPM services, and third-party posture assessment.
Not Covered
- On-premises-only security architectures with no cloud component.
- GCP-specific security services and configurations beyond general multi-cloud comparison.
- Application-layer code security, SAST/DAST tooling, and secure software development lifecycle details.
- Pricing and licensing details for specific security vendor products.
- Penetration testing techniques and offensive security tooling.
Official Exam Page
Learn more at GIAC Certifications
GPCS is coming soon
Adaptive learning that maps your knowledge and closes your gaps.
Create Free Account to Be Notified