Trusted Infrastructure
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Cloud Digital Leader premium course — no separate purchase.
Included in this chapter:
- Defense in depth: security built into the stack
- Encryption in all three states of data
- The three A's, edge defense, and SecOps
- Exam-pattern recognition
The three A's of trust: authentication vs. authorization vs. auditing
| Pillar | Authentication | Authorization | Auditing |
|---|---|---|---|
| Question it answers | Who are you? | What may you do? | Who did what, when? |
| Google Cloud control | Identity + 2-Step Verification (2SV) | Identity and Access Management (IAM) | Cloud Audit Logs |
| What it works with | A second factor beyond the password | Principals granted roles (permission bundles) on resources | Admin Activity and Data Access log records |
| When it runs | Before access, to establish identity | On each action, to allow or deny it | After the fact, as an immutable record |
| Failure if missing | Stolen password = full access | Over-privileged or unauthorized actions | No accountability or forensic trail |
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.