Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors

312-40 EC-Council Certified Cloud Security Engineer (CCSE) Questions and Answers

Questions 4

Georgia Lyman works as a cloud security engineer in a multinational company. Her organization uses cloud-based services. Its virtualized networks and associated virtualized resources encountered certain capacity limitations that affected the data transfer performance and virtual server communication. How can Georgia eliminate the data transfer capacity thresholds imposed on a virtual server by its virtualized environment?

Options:

A.

By allowing the virtual appliance to bypass the hypervisor and access the I/O card of the physical server directly

B.

By restricting the virtual appliance to bypass the hypervisor and access the I/O card of the physical server directly

C.

By restricting the virtual server to bypass the hypervisor and access the I/O card of the physical server directly

D.

By allowing the virtual server to bypass the hypervisor and access the I/O card of the physical server directly

Buy Now
Questions 5

On database system of a hospital maintains rarely-accessed patients' data such as medical records including high-resolution images of ultrasound reports, MRI scans, and X-Ray reports for years. These records occupy a lot of space and need to be kept safe as it contains sensitive medical data. Which of the following Azure storage services best suitable for such rarely-accessed data with flexible latency requirement?

Options:

A.

Azure Backup: Restore-as-a-Service

B.

Azure File Sync

C.

Azure Archive Storage

D.

Azure Recovery Services Vault

Buy Now
Questions 6

William O'Neil works as a cloud security engineer in an IT company located in Tampa, Florida. To create an access key with normal user accounts, he would like to test whether it is possible to escalate privileges to obtain AWS administrator account access. Which of the following commands should William try to create a new user access key ID and secret key for a user?

Options:

A.

aws iam target_user -user-name create-access-key

B.

aws iam create-access-key -user-name target_user

C.

aws iam create-access-key target_user -user-name

D.

aws iam -user-name target_user create-access-key

Buy Now
Questions 7

Shannon Elizabeth works as a cloud security engineer in VicPro Soft Pvt. Ltd. Microsoft Azure provides all cloud-based services to her organization. Shannon created a resource group (ProdRes), and then created a virtual machine (myprodvm) in the resource group. On myprodvm virtual machine, she enabled JIT from the Azure Security Center dashboard. What will happen when Shannon enables JIT VM access?

Options:

A.

It locks down the inbound traffic from myprodvm by creating a rule in the network security group

B.

It locks down the inbound traffic to myprodvm by creating a rule in the Azure firewall

C.

It locks down the outbound traffic from myprodvm by creating a rule in the network security group

D.

It locks down the outbound traffic to myprodvm by creating a rule in the Azure firewall

Buy Now
Questions 8

Elaine Grey has been working as a senior cloud security engineer in an IT company that develops software and applications related to the financial sector. Her organization would like to extend its storage capacity and automate disaster recovery workflows using a VMware private cloud. Which of the following storage options can be used by Elaine in the VMware virtualization environment to connect a VM directly to a LUN and access it from SAN?

Options:

A.

File Storage

B.

Object Storage

C.

Raw Storage

D.

Ephemeral Storage

Buy Now
Questions 9

An organization is developing a new AWS multitier web application with complex queries and table joins.

However, because the organization is small with limited staff, it requires high availability. Which of the following Amazon services is suitable for the requirements of the organization?

Options:

A.

Amazon HSM

B.

Amazon Snowball

C.

Amazon Glacier

D.

Amazon DynamoDB

Buy Now
Questions 10

Jordon Bridges has been working as a senior cloud security engineer in a multinational company. His organization uses Google cloud-based services. Jordon stored his organizational data in the bucket and named the bucket in the Google cloud storage following the guidelines for bucket naming. Which of the following is a valid bucket name given by Jordon?

Options:

A.

company-storage-data

B.

Company-storage-data

C.

Company-Storage-Data

D.

company storage data

Buy Now
Questions 11

Global SoftTechSol is a multinational company that provides customized software solutions and services to various clients located in different countries. It uses a public cloud to host its applications and services. Global SoftTechSol uses Cloud Debugger to inspect the current state of a running application in real-time, find bugs, and understand the behavior of the code in production. Identify the service provider that provides the Cloud Debugger feature to Global SoftTechSol?

Options:

A.

Google

B.

AWS

C.

IBM

D.

Azure

Buy Now
Questions 12

Trevor Holmes works as a cloud security engineer in a multinational company. Approximately 7 years ago, his organization migrated its workload and data to the AWS cloud environment. Trevor would like to monitor malicious activities in the cloud environment and protect his organization's AWS account, data, and workloads from unauthorized access. Which of the following Amazon detection services uses anomaly detection, machine learning, and integrated threat intelligence to identify and classify threats and provide actionable insights that include the affected resources, attacker IP address, and geolocation?

Options:

A.

Amazon Inspector

B.

Amazon GuardDuty

C.

Amazon Macie

D.

Amazon Security Hub

Buy Now
Questions 13

Allen Smith works as a cloud security engineer in a multinational company. Using an intrusion detection system, the incident response team of this company identified that an attacker has been continuously attacking the organization's AWS services. The team leader asked Allen to track the changes made to AWS resources and perform security analysis. Which AWS service can provide the AWS API call history for AWS accounts, including calls made via the AWS Management Console or Command Line tools, AWS Software Development Kits, and other AWS services to Allen?

Options:

A.

Amazon CloudFront

B.

AWS CloudFormation

C.

Amazon CloudTrail

D.

Amazon CloudWatch

Buy Now
Questions 14

In a tech organization's cloud environment, an adversary can rent thousands of VM instances for launching a DDoS attack. The criminal can also keep secret documents such as terrorist and illegal money transfer docs in the cloud storage. In such a situation, when a forensic investigation is initiated, it involves several stakeholders (government members, industry partners, third-parties, and law enforcement). In this scenario, who acts as the first responder for the security issue on the cloud?

Options:

A.

Incident Handlers

B.

External Assistance

C.

Investigators

D.

IT Professionals

Buy Now
Questions 15

The tech giant TSC uses cloud for its operations. As a cloud user, it should implement an effective risk management lifecycle to measure and monitor high and critical risks regularly. Additionally, TSC should define what exactly should be measured and the acceptable variance to ensure timely mitigated risks. In this case, which of the following can be used as a tool for cloud risk management?

Options:

A.

Information System Audit and Control Association

B.

Cloud Security Alliance

C.

Committee of Sponsoring Organizations

D.

CSA CCM Framework

Buy Now
Questions 16

Jerry Mulligan is employed by an IT company as a cloud security engineer. In 2014, his organization migrated all applications and data from on-premises to a cloud environment. Jerry would like to perform penetration testing to evaluate the security across virtual machines, installed apps, and OSes in the cloud environment, including conducting various security assessment steps against risks specific to the cloud that could expose them to serious threats. Which of the following cloud computing service models does not allow cloud penetration testing (CPEN) to Jerry?

Options:

A.

DBaaS

B.

laaS

C.

PaaS

D.

SaaS

Buy Now
Questions 17

IntSecureSoft Solutions Pvt. Ltd. is an IT company that develops software and applications for various educational institutions. The organization has been using Google cloud services for the past 10 years. Tara Reid works as a cloud security engineer in IntSecureSoft Solutions Pvt. Ltd. She would like to identify various misconfigurations and vulnerabilities such as open storage buckets, instances that have not implemented SSL, and resources without an enabled Web UI. Which of the following is a native scanner in the Security Command Center that assesses the overall security state and activity of virtual machines, containers, network, and storage along with the identity and access management policies?

Options:

A.

Log Analytics Workspace

B.

Google Front End

C.

Security Health Analytics

D.

Synapse Analytics

Buy Now
Questions 18

A document has an organization's classified information. The organization's Azure cloud administrator has to send it to different recipients. If the email is not protected, this can be opened and read by any user. So the document should be protected and it will only be opened by authorized users. In this scenario, which Azure service can enable the admin to share documents securely?

Options:

A.

Azure Information Protection

B.

Azure Key Vault

C.

Azure Resource Manager

D.

Azure Content Delivery Network

Buy Now
Questions 19

Scott Herman works as a cloud security engineer in an IT company. His organization has deployed a 3-tier web application in the same Google Cloud Virtual Private Cloud. Each tier (web interface (UI), API, and database) is scaled independently of others. Scott Herman obtained a requirement that the network traffic should always access the database using the API and any request coming directly from the web interface to the database should not be allowed. How should Scott configure the network with minimal steps?

Options:

A.

By adding tags to each tier and setting up firewall rules to allow the desired traffic flow

B.

By adding tags to each tier and setting up routes to allow the desired traffic flow

C.

By setting up software-based firewalls on individual VMs

D.

By adding each tier to a different subnetwork

Buy Now
Questions 20

Brentech Services allows its clients to access (read, write, or delete) Google Cloud Storage resources for a limited time without a Google account while it controls access to Cloud Storage. How does the organization accomplish this?

Options:

A.

Using BigQuery column-level security

B.

Using Signed Documents

C.

Using Signed URLs

D.

Using BigQuery row-level-security

Buy Now
Questions 21

Thomas Gibson is a cloud security engineer who works in a multinational company. His organization wants to host critical elements of its applications; thus, if disaster strikes, applications can be restored quickly and completely. Moreover, his organization wants to achieve lower RTO and RPO values. Which of the following disaster recovery approach should be adopted by Thomas' organization?

Options:

A.

Warm Standby

B.

Pilot Light approach

C.

Backup and Restore

D.

Multi-Cloud Option

Buy Now
Questions 22

Coral IT Systems is a multinational company that consumes cloud services. As a cloud service consumer (CSC), the organization should perform activities such as selecting, monitoring, implementing, reporting, and securing the cloud services. The CSC and cloud service provider (CSP) have a business relationship in which the CSP delivers cloud services to the CSC. Which cloud governance role is applicable to the organization?

Options:

A.

Cloud auditor

B.

Cloud service manager

C.

Cloud service administrator

D.

Cloud service deployment manager

Buy Now
Questions 23

TetraSoft Pvt. Ltd. is an IT company that provides software and application services to numerous customers across the globe. In 2015, the organization migrated its applications and data from on-premises to the AWS cloud environment. The cloud security team of TetraSoft Pvt. Ltd. suspected that the EC2 instance that launched the core application of the organization is compromised. Given below are randomly arranged steps

involved in the forensic acquisition of an EC2 instance. In this scenario, when should the investigators ensure that a forensic instance is in the terminated state?

Options:

A.

After creating evidence volume from the snapshot

B.

Before taking a snapshot of the EC2 instance

C.

Before attaching evidence volume to the forensic instance

D.

After attaching evidence volume to the forensic instance

Buy Now
Questions 24

James Harden works as a cloud security engineer in an IT company. James' organization has adopted a RaaS architectural model in which the production application is placed in the cloud and the recovery or backup target is kept in the private data center. Based on the given information, which RaaS architectural model is implemented in James' organization?

Options:

A.

From-cloud RaaS

B.

By-cloud RaaS

C.

To-cloud RaaS

D.

In-cloud RaaS

Buy Now
Questions 25

An IT company uses two resource groups, named Production-group and Security-group, under the same subscription ID. Under the Production-group, a VM called Ubuntu18 is suspected to be compromised. As a forensic investigator, you need to take a snapshot (ubuntudisksnap) of the OS disk of the suspect virtual machine Ubuntu18 for further investigation and copy the snapshot to a storage account under Security-group.

Identify the next step in the investigation of the security incident in Azure?

Options:

A.

Copy the snapshot to file share

B.

Generate shared access signature

C.

Create a backup copy of snapshot in a blob container

D.

Mount the snapshot onto the forensic workstation

Buy Now
Questions 26

Teresa Ruiz works as a cloud security engineer in an IT company. In January 2021, the data deployed by her in the cloud environment was corrupted, which caused a tremendous loss to her organization. Therefore, her organization changed its cloud service provider. After deploying the workload and data in the new service provider's cloud environment, Teresa backed up the entire data of her organization. A new employee, Barbara Houston, who recently joined Teresa's organization as a cloud security engineer, only backed up those files that changed since the last executed backup. Which type of backup was performed by Barbara in the cloud?

Options:

A.

Partial Backup

B.

Full Backup

C.

Incremental Backup

D.

Differential Backup

Buy Now
Questions 27

A BPO company would like to expand its business and provide 24 x 7 customer service. Therefore, the organization wants to migrate to a fully functional cloud environment that provides all features with minimum maintenance and administration. Which cloud service model should it consider?

Options:

A.

laaS

B.

PaaS

C.

RaaS

D.

SaaS

Buy Now
Questions 28

Teresa Palmer has been working as a cloud security engineer in a multinational company. Her organization contains a huge amount of data; if these data are transferred to AWS S3 through the internet, it will take weeks. Teresa's organization does not want to spend money on upgrading its internet to a high-speed internet connection. Therefore, Teresa has been sending large amounts of backup data (terabytes to petabytes) to AWS from on-premises using a physical device, which was provided by Amazon. The data in the physical device are imported and exported from and to AWS S3 buckets. This method of data transfer is cost-effective, secure, and faster than the internet for her organization. Based on the given information, which of the following AWS services is being used by Teresa?

Options:

A.

AWS Elastic Beanstalk

B.

AWS Storage Gateway Volumes

C.

AWS Storage Gateway Tapes

D.

AWS Snowball

Buy Now
Questions 29

A large e-commerce company named ShopZone uses GCP to host its online store. Recently, the company noticed several errors reported by customers while trying to make purchases on their website. They suspect that there may be some issue with the payment processing system. To investigate this issue, the cloud forensic team of the company decided to look at the logs for the payment processing system and identify anomalies that may be causing the problem. Which of the following GCP log categories helps the team gain the relevant information?

Options:

A.

Component Logs

B.

User-written logs

C.

Platform logs

D.

Security logs

Buy Now
Questions 30

Sandra, who works for SecAppSol Technologies, is on a vacation. Her boss asked her to solve an urgent issue in an application. Sandra had to use applications present on her office laptop to solve this issue, and she successfully rectified it. Despite being in a different location, she could securely use the application. What type of service did the organization use to ensure that Sandra could access her office laptop from a remote area?

Options:

A.

Amazon AppStream 2.0

B.

Amazon Elastic Transcoder Service

C.

Amazon SQS

D.

Amazon Simple Workflow

Buy Now
Questions 31

Assume you work for an IT company that collects user behavior data from an e-commerce web application. This data includes the user interactions with the applications, such as purchases, searches, saved items, etc. Capture this data, transform it into zip files, and load these massive volumes of zip files received from an application into Amazon S3. Which AWS service would you use to do this?

Options:

A.

AWS Migration Hub

B.

AWS Database Migration Service

C.

AWS Kinesis Data Firehose

D.

AWS Snowmobile

Buy Now
Questions 32

Alice, a cloud forensic investigator, has located, a relevant evidence during his investigation of a security breach in an organization's Azure environment. As an investigator, he needs to sync different types of logs generated by Azure resources with Azure services for better monitoring. Which Azure logging and auditing feature can enable Alice to record information on the Azure subscription layer and obtain the evidence (information related to the operations performed on a specific resource, timestamp, status of the operation, and the user responsible for it)?

Options:

A.

Azure Resource Logs

B.

Azure Storage Analytics Logs

C.

Azure Activity Logs

D.

Azure Active Directory Reports

Buy Now
Questions 33

The TCK Bank adopts cloud for storing the private data of its customers. The bank usually explains its information sharing practices to its customers and safeguards sensitive data. However, there exist some security loopholes in its information sharing practices. Therefore, hackers could steal the critical data of the bank's customers. In this situation, under which cloud compliance framework will the bank be penalized?

Options:

A.

GLBA

B.

ITAR

C.

NIST

D.

GDPR

Buy Now
Questions 34

Chris Evans has been working as a cloud security engineer in a multinational company over the past 3 years. His organization has been using cloud-based services. Chris uses key vault as a key management solution because it offers easier creation of encryption keys and control over them. Which of the following public cloud service providers allows Chris to do so?

Options:

A.

AWS

B.

Azure

C.

GCP

D.

Oracle

Buy Now
Questions 35

Rufus Sewell, a cloud security engineer with 5 years of experience, recently joined an MNC as a senior cloud security engineer. Owing to the cost-effective security features and storage services provided by AWS, his organization has been using AWS cloud-based services since 2014. To create a RAID, Rufus created an Amazon EBS volume for the array and attached the EBS volume to the instance where he wants to host the array. Using the command line, Rufus successfully created a RAID. The array exhibits noteworthy performance both in read and write operations with no overhead by parity control and the entire storage capacity of the array is used.

The storage capacity of the RAID created by Rufus is equal to the sum of disk capacity in the set, but the array is not fault tolerant. It is ideal for non-critical cloud data storage that must be read/written at a high speed.

Based on the given information, which of the following RAID is created by Rufus?

Options:

A.

RAID 0

B.

RAID 5

C.

RAID 1

D.

RAID 6

Buy Now
Questions 36

Curtis Morgan works as a cloud security engineer in an MNC. His organization uses Microsoft Azure for office-site backup of large files, disaster recovery, and business-critical applications that receive significant traffic, etc.

Which of the following allows Curtis to establish a fast and secure private connection between multiple on-premises or shared infrastructures with Azure virtual private network?

Options:

A.

Site-to-Site VPN

B.

Express Route

C.

Azure Front Door

D.

Point-to-Site VPN

Buy Now
Questions 37

Kenneth Danziger has been working as a cloud security engineer in a multinational company. His organization uses AWS cloud-based services. Kenneth would like to review the changes in configuration and the relationships between AWS resources, examine the detailed resource configuration history, and determine the overall compliance of his organization against the configurations specified in internal guidelines. Which of the following AWS services enables Kenneth to assess, audit, and evaluate the configuration of AWS resources?

Options:

A.

AWS CloudTrail

B.

AWS CloudFormation

C.

AWS Config

D.

AWS Security Hub

Buy Now
Exam Code: 312-40
Exam Name: EC-Council Certified Cloud Security Engineer (CCSE)
Last Update: Nov 13, 2024
Questions: 125

PDF + Testing Engine

$56  $159.99

Testing Engine

$42  $119.99
buy now 312-40 testing engine

PDF (Q&A)

$35  $99.99
buy now 312-40 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 21 Nov 2024