Curious about Actual Eccouncil Certified Cloud Security Engineer (312-40) Exam Questions?

Here are sample Eccouncil Certified Cloud Security Engineer (CCSE) (312-40) Exam questions from real exam. You can get more Eccouncil Certified Cloud Security Engineer (312-40) Exam premium practice questions at TestInsights.

Page: 1 /
Total 125 questions
Question 1

Rebecca Mader has been working as a cloud security engineer in an IT company located in Detroit, Michigan. Her organization uses AWS cloud-based services. An application is launched by a developer on an EC2 instance that needs access to the S3 bucket (photos). Rebecca created a get-pics service role and attached it to the EC2 instance. This service role comprises a permission policy that allows read-only access to the S3 bucket and a trust policy that allows the instance to assume the role and retrieve temporary credentials. The application uses the temporary credentials of the role to access the photo bucket when it runs on the instance. Does the developer need to share or manage credentials or does the admin need to grant permission to the developer to access the photo bucket?


Correct : D

1.AWS IAM Roles: AWS Identity and Access Management (IAM) roles allow for permissions to be assigned to AWS resources without the use of static credentials. Roles provide temporary credentials that are automatically rotated.

1.Service Role: The 'get-pics' service role created by Rebecca includes a permission policy for read-only access to the S3 bucket and a trust policy that allows the EC2 instance to assume the role.

1.Temporary Credentials: When the application runs on the EC2 instance, it uses the temporary credentials provided by the role to access the S3 bucket. These credentials are dynamically provided and do not require developer management.

1.Developer and Admin Roles: Since the EC2 instance has the necessary permissions through the service role, the developer does not need to manage credentials. Similarly, the admin does not need to grant explicit permission to the developer because the permissions are already encapsulated within the role.

1.Security Best Practices: This approach adheres to AWS security best practices by avoiding the sharing of static credentials and minimizing the need for manual credential management.


AWS's official documentation on IAM roles.

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 2

The organization TechWorld Ltd. used cloud for its business. It operates from an EU country (Poland and Greece). Currently, the organization gathers and processes the data of only EU users. Once, the organization experienced a severe security breach, resulting in loss of critical user dat

a. In such a case, along with its cloud service provider, the organization should be held responsible for non-compliance or breaches. Under which cloud compliance framework will the company and cloud provider be penalized?


Correct : A

1.GDPR: The General Data Protection Regulation (GDPR) is the primary law regulating how companies protect EU citizens' personal data1.

1.Applicability: GDPR applies to all organizations operating within the EU, as well as organizations outside of the EU that offer goods or services to customers or businesses in the EU1.

1.Data Breaches: In the event of a data breach, organizations are required to notify the appropriate data protection authority within 72 hours, if feasible, after becoming aware of the breach2.

1.Penalties: Organizations that do not comply with GDPR can face hefty fines. For serious infringements, GDPR states that companies can be fined up to 4% of their annual global turnover or 20 million (whichever is greater)1.

1.Responsibility: Both the data controller and the processor will be held responsible for not adhering to the GDPR rules, which includes security breaches resulting in the loss of user data1.


GDPR Info on fines and penalties1.

EDPB Guidelines on personal data breach notification under GDPR2.

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 3

On database system of a hospital maintains rarely-accessed patients' data such as medical records including high-resolution images of ultrasound reports, MRI scans, and X-Ray reports for years. These records occupy a lot of space and need to be kept safe as it contains sensitive medical dat

a. Which of the following Azure storage services best suitable for such rarely-accessed data with flexible latency requirement?


Correct : C

1.Data Characteristics: The hospital's database system contains rarely-accessed, sensitive medical records, including high-resolution images, which require secure and cost-effective long-term storage1.

1.Azure Archive Storage: Azure Archive Storage is designed for data that is rarely accessed and has flexible latency requirements. It offers a cost-effective solution for storing large volumes of data that does not need to be accessed frequently1.

1.Security and Compliance: Azure Archive Storage provides secure storage for sensitive medical data, ensuring compliance with healthcare regulations such as HIPAA and GDPR1.

1.Cost Efficiency: By using Azure Archive Storage, the hospital can significantly reduce storage costs compared to storing data on higher-performance tiers that are intended for frequently accessed data1.

1.Exclusion of Other Options: Azure Backup and Azure Recovery Services Vault are primarily used for backup and disaster recovery, not for archiving. Azure File Sync is used for syncing files across multiple locations and is not optimized for archival purposes1.


Microsoft Azure's official page on Azure Archive Storage1.

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 4

Chris Noth has been working as a senior cloud security engineer in CloudAppSec Private Ltd. His organization has selected a DRaaS (Disaster Recovery as a Service) company to provide a disaster recovery site that is fault tolerant and consists of fully redundant equipment with network connectivity and real-time data synchronization. Thus, if a disaster strikes Chris' organization, failover can be performed to the disaster recovery site with minimal downtime and zero data loss. Based on the given information, which disaster recovery site is provided by the DRaaS company to Chris' organization?


Correct : A

1.Disaster Recovery as a Service (DRaaS): DRaaS is a third-party service that provides organizations with a secondary site infrastructure, which employs cloud computing for application and data recovery from synchronous or asynchronous replication1.

1.Fault Tolerance and Redundancy: A fault-tolerant disaster recovery site with fully redundant equipment ensures that all critical systems and components have backups ready to take over in case of failure1.

1.Real-Time Data Synchronization: This feature ensures that data is continuously mirrored to the disaster recovery site, allowing for real-time recovery and zero data loss during failover1.

1.Hot Site: A hot site is a fully operational offsite data center equipped with hardware and software, network connectivity, and real-time data synchronization. It is ready to assume operation at a moment's notice, which aligns with the description provided1.

1.Minimal Downtime: The use of a hot site allows for minimal downtime during a disaster, as the site is already running and can take over immediately without the need to set up or configure equipment1.


Flexential's explanation of Disaster Recovery as a Service (DRaaS)1.

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 5

FinTech Inc. is an IT company that utilizes a cloud platform to run its IT infrastructure. Employees belonging to various departments do not implement the rules and regulations framed by the IT department, which leads to fragmented control and breaches that affect the efficiency of cloud services. How can the organization effectively overcome shadow IT and unwarranted usage of cloud resources in this scenario?


Correct : B

To effectively overcome shadow IT and unwarranted usage of cloud resources at FinTech Inc., the organization should implement cloud governance.

1.Cloud Governance Defined: Cloud governance is a set of rules and policies that govern the use of cloud resources. It ensures that the IT infrastructure is used in a way that aligns with the company's strategic goals, compliance requirements, and security standards1.

1.Addressing Shadow IT:

oPolicy Creation: Establish clear policies regarding the use of cloud services and the procurement of IT resources.

oEnforcement Mechanisms: Implement controls to enforce these policies, such as requiring approval for new cloud services or software.

oEducation and Training: Educate employees about the risks associated with shadow IT and the importance of following IT department rules.

oMonitoring and Reporting: Use tools to monitor cloud usage and report on compliance with governance policies.

1.Benefits of Cloud Governance:

oControl and Visibility: Provides better control over IT resources and visibility into how they are being used.

oCost Management: Helps prevent unnecessary spending on unapproved cloud services.

oSecurity and Compliance: Ensures that cloud services are used in a secure and compliant manner, reducing the risk of breaches.


Microsoft Learn: Discover and manage Shadow IT1.

CrowdStrike: What is Shadow IT? Defining Risks & Benefits2.

Microsoft Security Blog: Top 10 actions to secure your environment3.

SC Magazine: Stop chasing shadow IT: Tackle the root causes of cloud breaches4.

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Page:    1 / 25   
Total 125 questions