EC-Council 312-40 Dumps (V9.02) – Latest 312-40 Certified Cloud Security Engineer (CCSE) Practice Test 2025 for Your Exam Success

1. Ray Nicholson works as a senior cloud security engineer in TerraCloud Sec Pvt. Ltd. His organization deployed all applications in a cloud environment in various virtual machines. Using IDS, Ray identified that an attacker compromised a particular VM. He would like to limit the scope of the incident and protect other resources in the cloud.

If Ray turns off the VM, what will happen?

2. An IT company uses two resource groups, named Production-group and Security-group, under the same subscription ID. Under the Production-group, a VM called Ubuntu18 is suspected to be compromised. As a forensic investigator, you need to take a snapshot (ubuntudisksnap) of the OS disk of the suspect virtual machine Ubuntu18 for further investigation and copy the snapshot to a storage account under Security-group.

Identify the next step in the investigation of the security incident in Azure?

3. The GCP environment of a company named Magnitude IT Solutions encountered a security incident. To respond to the incident, the Google Data Incident Response Team was divided based on the different aspects of the incident.

Which member of the team has an authoritative knowledge of incidents and can be involved in different domains such as security, legal, product, and digital forensics?

4. Jayson Smith works as a cloud security engineer in CloudWorld SecCo Pvt. Ltd. This is a third-party vendor that provides connectivity and transport services between cloud service providers and cloud consumers. Select the actor that describes CloudWorld SecCo Pvt. Ltd. based on the NIST cloud deployment reference architecture?

5. Brentech Services allows its clients to access (read, write, or delete) Google Cloud Storage resources for a limited time without a Google account while it controls access to Cloud Storage.

How does the organization accomplish this?

6. Daffod is an American cloud service provider that provides cloud-based services to customers worldwide.

Several customers are adopting the cloud services provided by Daffod because they are secure and cost-effective. Daffod complies with the cloud computing law enacted in the US to realize the importance of information security in the economic and national security interests of the US.

Based on the given information, which law order does Daffod adhere to?

7. Simon recently joined a multinational company as a cloud security engineer. Due to robust security services and products provided by AWS, his organization has been using AWS cloud-based services. Simon has launched an Amazon EC2 Linux instance to deploy an application. He would like to secure Linux AMI.

Which of the following command should Simon run in the EC2 instance to disable user account passwords?

8. An organization with resources on Google Cloud regularly backs up its service capabilities to ensure high availability and reduce the downtime when a zone or instance becomes unavailable owing to zonal outage or memory shortage in an instance. However, as protocol, the organization must frequently test whether these regular backups are configured.

Which tool's high availability settings must be checked for this?

9. Shannon Elizabeth works as a cloud security engineer in VicPro Soft Pvt. Ltd. Microsoft Azure provides all cloud-based services to her organization. Shannon created a resource group (ProdRes), and then created a virtual machine (myprodvm) in the resource group. On myprodvm virtual machine, she enabled JIT from the Azure Security Center dashboard.

What will happen when Shannon enables JIT VM access?

10. William O'Neil works as a cloud security engineer in an IT company located in Tampa, Florida. To create an access key with normal user accounts, he would like to test whether it is possible to escalate privileges to obtain AWS administrator account access.

Which of the following commands should William try to create a new user access key ID and secret key for a user?

11. Colin Farrell works as a senior cloud security engineer in a healthcare company. His organization has migrated all workloads and data in a private cloud environment. An attacker used the cloud environment as a point to disrupt the business of Colin's organization. Using intrusion detection prevention systems, antivirus software, and log analyzers, Colin successfully detected the incident; however, a group of users were not able to avail the critical services provided by his organization.

Based on the incident impact level classification scales, select the severity of the incident encountered by Colin's organization?

12. Sam, a cloud admin, works for a technology company that uses Azure resources. Because Azure contains the resources of numerous organizations and several alerts are received timely, it is difficult for the technology company to identify risky resources, determine their owner, know whether they are needed, and know who pays for them.

How can Sam organize resources to determine this information immediately?

13. Georgia Lyman works as a cloud security engineer in a multinational company. Her organization uses cloud-based services. Its virtualized networks and associated virtualized resources encountered certain capacity limitations that affected the data transfer performance and virtual server communication.

How can Georgia eliminate the data transfer capacity thresholds imposed on a virtual server by its virtualized environment?

14. A client wants to restrict access to its Google Cloud Platform (GCP) resources to a specified IP range by making a trust-list. Accordingly, the client limits GCP access to users in its organization network or grants company auditors access to a requested GCP resource only.

Which of the following GCP services can help the client?

15. SecureSoft IT Pvt. Ltd. is an IT company located in Charlotte, North Carolina, that develops software for the healthcare industry. The organization generates a tremendous amount of unorganized data such as video and audio files. Kurt recently joined SecureSoft IT Pvt. Ltd. as a cloud security engineer. He manages the organizational data using NoSQL databases.

Based on the given information, which of the following data are being generated by Kurt's organization?

16. Global InfoSec Solution Pvt. Ltd. is an IT company that develops mobile-based software and applications. For smooth, secure, and cost-effective facilitation of business, the organization uses public cloud services. Now, Global InfoSec Solution Pvt. Ltd. is encountering a vendor lock-in issue.

What is vendor lock-in in cloud computing?

17. A web server passes the reservation information to an application server and then the application server queries an Airline service.

Which of the following AWS service allows secure hosted queue server-side encryption (SSE), or uses custom SSE keys managed in AWS Key Management Service (AWS KMS)?

18. A security incident has occurred within an organization's AWS environment. A cloud forensic investigation procedure is initiated for the acquisition of forensic evidence from the compromised EC2 instances. However, it is essential to abide by the data privacy laws while provisioning any forensic instance and sending it for analysis.

What can the organization do initially to avoid the legal implications of moving data between two AWS regions for analysis?

19. The cloud administrator John was assigned a task to create a different subscription for each division of his organization. He has to ensure all the subscriptions are linked to a single Azure AD tenant and each subscription has identical role assignments.

Which Azure service will he make use of?

20. An organization is developing a new AWS multitier web application with complex queries and table joins.

However, because the organization is small with limited staff, it requires high availability.

Which of the following Amazon services is suitable for the requirements of the organization?

21. Trevor Noah works as a cloud security engineer in an IT company located in Seattle, Washington. Trevor has implemented a disaster recovery approach that runs a scaled-down version of a fully functional environment in the cloud. This method is most suitable for his organization's core business-critical functions and solutions that require the RTO and RPO to be within minutes.

Based on the given information, which of the following disaster recovery approach is implemented by Trevor?

22. You are the manager of a cloud-based security platform that offers critical services to government agencies and private companies. One morning, your team receives an alert from the platform's intrusion detection system indicating that there has been a potential breach in the system.

As the manager, which tool you will use for viewing and monitoring the sensitive data by scanning storage systems and reviewing the access rights to critical resources via a single centralized dashboard?

23. An organization, PARADIGM PlayStation, moved its infrastructure to a cloud as a security practice. It

established an incident response team to monitor the hosted websites for security issues. While examining network access logs using SIEM, the incident response team came across some incidents that suggested that one of their websites was targeted by attackers and they successfully performed an SQL injection attack.

Subsequently, the incident response team made the website and database server offline.

In which of the following steps of the incident response lifecycle, the incident team determined to make that decision?

24. Global SciTech Pvt. Ltd. is an IT company that develops healthcare-related software. Using an incident detection system (IDS) and antivirus software, the incident response team of the organization has observed that attackers are targeting the organizational network to gain access to the resources in the on-premises environment. Therefore, their team of cloud security engineers met with a cloud service provider to discuss the various security provisions offered by the cloud service provider. While discussing the security of the organization's virtual machine in the cloud environment, the cloud service provider stated that the Network Security Groups (NSGs) will secure the VM by allowing or denying network traffic to VM instances in a virtual network based on inbound and outbound security rules.

Which of the following cloud service provider filters the VM network traffic in a virtual network using NSGs?

25. TetraSoft Pvt. Ltd. is an IT company that provides software and application services to numerous customers across the globe. In 2015, the organization migrated its applications and data from on-premises to the AWS cloud environment. The cloud security team of TetraSoft Pvt. Ltd. suspected that the EC2 instance that launched the core application of the organization is compromised. Given below are randomly arranged steps involved in the forensic acquisition of an EC2 instance.

In this scenario, when should the investigators ensure that a forensic instance is in the terminated state?

26. Georgia Lyman is a cloud security engineer; she wants to detect unusual activities in her organizational Azure account. For this, she wants to create alerts for unauthorized activities with their severity level to prioritize the alert that should be investigated first.

Which Azure service can help her in detecting the severity and creating alerts?

27. QuickServ Solutions is an organization that wants to migrate to the cloud. It is in the phase of signing an agreement with a cloud vendor. For that, QuickServ Solutions must assess the current vendor procurement process to determine how the company can mitigate cloud-related risks.

How can the company accomplish that?

28. Thomas Gibson is a cloud security engineer working in a multinational company. Thomas has created a Route 53 record set from his domain to a system in Florida, and a similar record to machines in Paris and Singapore.

Assume that network conditions remain unchanged and Thomas has hosted the application on Amazon EC2 instance; moreover, multiple instances of the application are deployed on different EC2 regions. When a user located in London visits Thomas's domain, to which location does Amazon Route 53 route the user request?

29. Assume you work for an IT company that collects user behavior data from an e-commerce web application. This data includes the user interactions with the applications, such as purchases, searches, saved items, etc. Capture this data, transform it into zip files, and load these massive volumes of zip files received from an application into Amazon S3.

Which AWS service would you use to do this?

30. Kevin Ryan has been working as a cloud security engineer over the past 2 years in a multinational company, which uses AWS-based cloud services. He launched an EC2 instance with Amazon Linux AMI. By disabling password-based remote logins, Kevin wants to eliminate all possible loopholes through which an attacker can exploit a user account remotely. To disable password-based remote logins, using the text editor, Kevin opened the /etc/ssh/sshd_config file and found the #PermitRootLogin yes line.

Which of the following command lines should Kevin use to change the #PermitRootLogin yes line to disable password-based remote logins?

31. Tom Holland works as a cloud security engineer in an IT company located in Lansing, Michigan. His organization has adopted cloud-based services wherein user access, application, and data security are the responsibilities of the organization, and the OS, hypervisor, physical, infrastructure, and network security are the responsibilities of the cloud service provider.

Based on the aforementioned cloud security shared responsibilities, which of the following cloud computing service models is enforced in Tom's organization?

32. Elaine Grey has been working as a senior cloud security engineer in an IT company that develops software and applications related to the financial sector. Her organization would like to extend its storage capacity and automate disaster recovery workflows using a VMware private cloud.

Which of the following storage options can be used by Elaine in the VMware virtualization environment to connect a VM directly to a LUN and access it from SAN?

33. Securelnfo Pvt. Ltd. has deployed all applications and data in the AWS cloud. The security team of this organization would like to examine the health of the organization's website regularly and switch (or failover) to a backup site if the primary website becomes unresponsive.

Which of the following AWS services can provide DNS failover capabilities and health checks to ensure the availability of the organization's website?

34. Coral IT Systems is a multinational company that consumes cloud services. As a cloud service consumer (CSC), the organization should perform activities such as selecting, monitoring, implementing, reporting, and securing the cloud services. The CSC and cloud service provider (CSP) have a business relationship in which the CSP delivers cloud services to the CSC.

Which cloud governance role is applicable to the organization?

35. Terry Diab has an experience of 6 years as a cloud security engineer. She recently joined a multinational company as a senior cloud security engineer. Terry learned that there is a high probability that her organizational applications could be hacked and user data such as passwords, usernames, and account information can be exploited by an attacker. The organizational applications have not yet been hacked, but this issue requires urgent action. Therefore, Terry, along with her team, released a software update that is designed to resolve this problem instantly with a quick-release procedure. Terry successfully fixed the problem (bug) in the software product immediately without following the normal quality assurance procedures. Terry's team resolved the problem immediately on the live system with zero downtime for users. Based on the given information, which of the following type of update was implemented by Terry?

36. An organization wants to detect its hidden cloud infrastructure by auditing its cloud environment and resources such that it shuts down unused/unwanted workloads, saves money, minimizes security risks, and optimizes its cloud inventory. In this scenario, which standard is applicable for cloud security auditing that enables the management of customer data?

37. Shell Solutions Pvt. Ltd. is an IT company that develops software products and services for BPO companies. The organization became a victim of a cybersecurity attack. Therefore, it migrated its applications and workloads from on-premises to a cloud environment. Immediately, the organization established an incident response team to prevent such incidents in the future. Using intrusion detection system and antimalware software, the incident response team detected a security incident and mitigated the attack. The team recovered the resources from the incident and identified various vulnerabilities and flaws in their cloud environment.

Which step of the incident response lifecycle includes the lessons learned from previous attacks and analyzes and documents the incident to understand what should be improved?

38. Rufus Sewell, a cloud security engineer with 5 years of experience, recently joined an MNC as a senior cloud security engineer. Owing to the cost-effective security features and storage services provided by AWS, his organization has been using AWS cloud-based services since 2014. To create a RAID, Rufus created an Amazon EBS volume for the array and attached the EBS volume to the instance where he wants to host the array. Using the command line, Rufus successfully created a RAID. The array exhibits noteworthy performance both in read and write operations with no overhead by parity control and the entire storage capacity of the array is used.

The storage capacity of the RAID created by Rufus is equal to the sum of disk capacity in the set, but the array is not fault tolerant. It is ideal for non-critical cloud data storage that must be read/written at a high speed.

Based on the given information, which of the following RAID is created by Rufus?

39. Rachel McAdams works as a cloud security engineer in an MNC. A DRaaS company has provided a disaster recovery site to her organization. The disaster recovery sites have partially redundant equipment with daily or weekly data synchronization provision; failover occurs within hours or days with minimum data loss.

Based on this information, which of the following disaster recovery sites is provided by the DRaaS company to Rachel's organization?

40. Scott Herman works as a cloud security engineer in an IT company located in Ann Arbor, Michigan. His organization uses Office 365 Business Premium that provides Microsoft Teams, secure cloud storage, business email, premium Office applications across devices, advanced cyber threat protection, and device management.

Which of the following cloud computing service models does Microsoft Office 365 represent?

41. An Azure organization wants to enforce its on-premises AD security and password policies to filter brute-force attacks. Instead of using legacy authentication, the users should sign in to on-premises and cloud-based applications using the same passwords in Azure AD.

Which Azure AD feature can enable users to access Azure resources?

42. A document has an organization's classified information. The organization's Azure cloud administrator has to send it to different recipients. If the email is not protected, this can be opened and read by any user. So the document should be protected and it will only be opened by authorized users.

In this scenario, which Azure service can enable the admin to share documents securely?

43. SecureSoftWorld Pvt. Ltd. is an IT company that develops software solutions catering to the needs of the healthcare industry. Most of its services are hosted in Google cloud. In the cloud environment, to secure the applications and services, the organization uses Google App Engine Firewall that controls the access to the App Engine with a set of rules that denies or allows requests from a specified range of IPs.

How many unique firewall rules can SecureSoftWorld Pvt. Ltd define using App Engine Firewall?

44. A new public web application is deployed on AWS that will run behind an Application Load Balancer (ALB). An AWS security expert needs to encrypt the newly deployed application at the edge with an SSL/TLS certificate issued by an external certificate authority. In addition, he needs to ensure the rotation of the certificate yearly before it expires.

Which of the following AWS services can be used to accomplish this?

45. A BPO company would like to expand its business and provide 24 x 7 customer service. Therefore, the organization wants to migrate to a fully functional cloud environment that provides all features with minimum maintenance and administration.

Which cloud service model should it consider?

46. Thomas Gibson is a cloud security engineer who works in a multinational company. His organization wants to host critical elements of its applications; thus, if disaster strikes, applications can be restored quickly and completely. Moreover, his organization wants to achieve lower RTO and RPO values.

Which of the following disaster recovery approach should be adopted by Thomas' organization?

47. VenturiaCloud is a cloud service provider that offers robust and cost-effective cloud-based services to cloud consumers. The organization became a victim of a cybersecurity attack. An attacker performed a DDoS attack over the cloud that caused failure in the entire cloud environment. VenturiaCloud conducted a forensics investigation.

Who among the following are the first line of defense against cloud security attacks with their primary role being responding against any type of security incident immediately?

48. Sandra, who works for SecAppSol Technologies, is on a vacation. Her boss asked her to solve an urgent issue in an application. Sandra had to use applications present on her office laptop to solve this issue, and she successfully rectified it. Despite being in a different location, she could securely use the application.

What type of service did the organization use to ensure that Sandra could access her office laptop from a remote area?

49. Alice, a cloud forensic investigator, has located, a relevant evidence during his investigation of a

security breach in an organization's Azure environment. As an investigator, he needs to sync different types of logs generated by Azure resources with Azure services for better monitoring.

Which Azure logging and auditing feature can enable Alice to record information on the Azure subscription layer and obtain the evidence (information related to the operations performed on a specific resource, timestamp, status of the operation, and the user responsible for it)?

50. Rick Warren has been working as a cloud security engineer in an IT company for the past 4 years. Owing to the robust security features and various cost-effective services offered by AWS, in 2010, his organization migrated to the AWS cloud environment. While inspecting the intrusion detection system, Rick detected a security incident.

Which of the following AWS services collects logs from various data sources and stores them on a centralized location as logs files that can be used during forensic investigation in the event of a security incident?

51. Jerry Mulligan is employed by an IT company as a cloud security engineer. In 2014, his organization migrated all applications and data from on-premises to a cloud environment. Jerry would like to perform penetration testing to evaluate the security across virtual machines, installed apps, and OSes in the cloud environment, including conducting various security assessment steps against risks specific to the cloud that could expose them to serious threats.

Which of the following cloud computing service models does not allow cloud penetration testing (CPEN) to Jerry?

52. SecAppSol Pvt. Ltd. is a cloud software and application development company located in Louisville, Kentucky. The security features provided by its previous cloud service provider was not satisfactory, and in 2012, the organization became a victim of eavesdropping. Therefore, SecAppSol Pvt. Ltd.

changed its cloud service provider and adopted AWS cloud-based services owing to its robust and

cost-effective security features.

How does SecAppSol Pvt. Ltd.'s security team encrypt the traffic

between the load balancer and client that initiate

SSL or TLS sessions?

53. Martin Sheen is a senior cloud security engineer in SecGlob Cloud Pvt. Ltd. Since 2012, his organization has been using AWS cloud-based services. Using an intrusion detection system and antivirus software, Martin noticed that an attacker is trying to breach the security of his organization. Therefore, Martin would like to identify and protect the sensitive data of his organization. He requires a fully managed data security service that supports S3 storage and provides an inventory of publicly shared buckets, unencrypted buckets, and the buckets shared with AWS accounts outside his organization.

Which of the following Amazon services fulfills Martin's requirement?

54. SevocSoft Private Ltd. is an IT company that develops software and applications for the banking sector. The security team of the organization found a security incident caused by misconfiguration in Infrastructure-as-Code (laC) templates. Upon further investigation, the security team found that the server configuration was built using a misconfigured laC template, which resulted in security breach and exploitation of the organizational cloud resources.

Which of the following would have prevented this security breach and exploitation?

55. Rebecca Gibel has been working as a cloud security engineer in an IT company for the past 5 years. Her organization uses cloud-based services. Rebecca's organization contains personal information about its clients,which is encrypted and stored in the cloud environment. The CEO of her organization has asked Rebecca to delete the personal information of all clients who utilized their services between 2011 and 2015. Rebecca deleted the encryption keys that are used to encrypt the original data; this made the data unreadable and unrecoverable.

Based on the given information, which deletion method was implemented by Rebecca?