ExamGecko
Search Search Login
Home Home / ECCouncil / 312-40

ECCouncil 312-40 Practice Test - Questions Answers, Page 10

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The TCK Bank adopts cloud for storing the private data of its customers. The bank usually explains its information sharing practices to its customers and safeguards sensitive data. However, there exist some security loopholes in its information sharing practices. Therefore, hackers could steal the critical data of the bank's customers. In this situation, under which cloud compliance framework will the bank be penalized?
An organization is developing a new AWS multitier web application with complex queries and table joins. However, because the organization is small with limited staff, it requires high availability. Which of the following Amazon services is suitable for the requirements of the organization?
Kenneth Danziger has been working as a cloud security engineer in a multinational company. His organization uses AWS cloud-based services. Kenneth would like to review the changes in configuration and the relationships between AWS resources, examine the detailed resource configuration history, and determine the overall compliance of his organization against the configurations specified in internal guidelines. Which of the following AWS services enables Kenneth to assess, audit, and evaluate the configuration of AWS resources?
A cloud organization, AZS, wants to maintain homogeneity in its cloud operations because the CPU speed measured by AZS varies and the measurement units lack consistency in the standards. For example, AWS defines the CPU speed with Elastic Compute Unit, Google with Google Compute Engine Unit, and Microsoft with clock speed. Here, which cloud computing standard can leverage frameworks and architectures specific to the cloud for maintaining homogeneity in operations?
Alice, a cloud forensic investigator, has located, a relevant evidence during his investigation of a security breach in an organization's Azure environment. As an investigator, he needs to sync different types of logs generated by Azure resources with Azure services for better monitoring. Which Azure logging and auditing feature can enable Alice to record information on the Azure subscription layer and obtain the evidence (information related to the operations performed on a specific resource, timestamp, status of the operation, and the user responsible for it)?
YourTrustedCloud is a cloud service provider that provides cloud-based services to several multinational companies. The organization adheres to various frameworks and standards. YourTrustedCloud stores and processes credit card and payment-related data in the cloud environment and ensures the security of transactions and the credit card processing system. Based on the given information, which of the following standards does YourTrustedCloud adhere to?
Steven Smith has been working as a cloud security engineer in an MNC for the past 4 years. His organization uses AWS cloud-based services. Steven handles a complex application on AWS that has several resources and it is difficult for him to manage these resources. Which of the following AWS services allows Steven to make a set of related AWS resources easily and use or provision them in an orderly manner so that he can spend less time managing resources and more time on the applications that run in the AWS environment?
Jerry Mulligan is employed by an IT company as a cloud security engineer. In 2014, his organization migrated all applications and data from on-premises to a cloud environment. Jerry would like to perform penetration testing to evaluate the security across virtual machines, installed apps, and OSes in the cloud environment, including conducting various security assessment steps against risks specific to the cloud that could expose them to serious threats. Which of the following cloud computing service models does not allow cloud penetration testing (CPEN) to Jerry?
Teresa Ruiz works as a cloud security engineer in an IT company. In January 2021, the data deployed by her in the cloud environment was corrupted, which caused a tremendous loss to her organization. Therefore, her organization changed its cloud service provider. After deploying the workload and data in the new service provider's cloud environment, Teresa backed up the entire data of her organization. A new employee, Barbara Houston, who recently joined Teresa's organization as a cloud security engineer, only backed up those files that changed since the last executed backup. Which type of backup was performed by Barbara in the cloud?
Georgia Lyman works as a cloud security engineer in a multinational company. Her organization uses cloud-based services. Its virtualized networks and associated virtualized resources encountered certain capacity limitations that affected the data transfer performance and virtual server communication. How can Georgia eliminate the data transfer capacity thresholds imposed on a virtual server by its virtualized environment?

Question 91

Report
Export
Collapse

The organization TechWorld Ltd. used cloud for its business. It operates from an EU country (Poland and Greece). Currently, the organization gathers and processes the data of only EU users. Once, the organization experienced a severe security breach, resulting in loss of critical user data. In such a case, along with its cloud service provider, the organization should be held responsible for non-compliance or breaches. Under which cloud compliance framework will the company and cloud provider be penalized?

A.
GDPR
A.
GDPR
Answers
B.
NIST
B.
NIST
Answers
C.
ITAR
C.
ITAR
Answers
D.
HIPAA
D.
HIPAA
Answers
Suggested answer: A

Explanation:

1.GDPR: The General Data Protection Regulation (GDPR) is the primary law regulating how companies protect EU citizens' personal data1.

1.Applicability: GDPR applies to all organizations operating within the EU, as well as organizations outside of the EU that offer goods or services to customers or businesses in the EU1.

1.Data Breaches: In the event of a data breach, organizations are required to notify the appropriate data protection authority within 72 hours, if feasible, after becoming aware of the breach2.

1.Penalties: Organizations that do not comply with GDPR can face hefty fines. For serious infringements, GDPR states that companies can be fined up to 4% of their annual global turnover or 20 million (whichever is greater)1.

1.Responsibility: Both the data controller and the processor will be held responsible for not adhering to the GDPR rules, which includes security breaches resulting in the loss of user data1.

GDPR Info on fines and penalties1.

EDPB Guidelines on personal data breach notification under GDPR2.

Question 92

Report
Export
Collapse

On database system of a hospital maintains rarely-accessed patients' data such as medical records including high-resolution images of ultrasound reports, MRI scans, and X-Ray reports for years. These records occupy a lot of space and need to be kept safe as it contains sensitive medical data. Which of the following Azure storage services best suitable for such rarely-accessed data with flexible latency requirement?

A.
Azure Backup: Restore-as-a-Service
A.
Azure Backup: Restore-as-a-Service
Answers
B.
Azure File Sync
B.
Azure File Sync
Answers
C.
Azure Archive Storage
C.
Azure Archive Storage
Answers
D.
Azure Recovery Services Vault
D.
Azure Recovery Services Vault
Answers
Suggested answer: C

Explanation:

1.Data Characteristics: The hospital's database system contains rarely-accessed, sensitive medical records, including high-resolution images, which require secure and cost-effective long-term storage1.

1.Azure Archive Storage: Azure Archive Storage is designed for data that is rarely accessed and has flexible latency requirements. It offers a cost-effective solution for storing large volumes of data that does not need to be accessed frequently1.

1.Security and Compliance: Azure Archive Storage provides secure storage for sensitive medical data, ensuring compliance with healthcare regulations such as HIPAA and GDPR1.

1.Cost Efficiency: By using Azure Archive Storage, the hospital can significantly reduce storage costs compared to storing data on higher-performance tiers that are intended for frequently accessed data1.

1.Exclusion of Other Options: Azure Backup and Azure Recovery Services Vault are primarily used for backup and disaster recovery, not for archiving. Azure File Sync is used for syncing files across multiple locations and is not optimized for archival purposes1.

Microsoft Azure's official page on Azure Archive Storage1.

Question 93

Report
Export
Collapse

Chris Noth has been working as a senior cloud security engineer in CloudAppSec Private Ltd. His organization has selected a DRaaS (Disaster Recovery as a Service) company to provide a disaster recovery site that is fault tolerant and consists of fully redundant equipment with network connectivity and real-time data synchronization. Thus, if a disaster strikes Chris' organization, failover can be performed to the disaster recovery site with minimal downtime and zero data loss. Based on the given information, which disaster recovery site is provided by the DRaaS company to Chris' organization?

A.
Hot Site
A.
Hot Site
Answers
B.
Cold Site
B.
Cold Site
Answers
C.
Remote site
C.
Remote site
Answers
D.
Warm Site
D.
Warm Site
Answers
Suggested answer: A

Explanation:

1.Disaster Recovery as a Service (DRaaS): DRaaS is a third-party service that provides organizations with a secondary site infrastructure, which employs cloud computing for application and data recovery from synchronous or asynchronous replication1.

1.Fault Tolerance and Redundancy: A fault-tolerant disaster recovery site with fully redundant equipment ensures that all critical systems and components have backups ready to take over in case of failure1.

1.Real-Time Data Synchronization: This feature ensures that data is continuously mirrored to the disaster recovery site, allowing for real-time recovery and zero data loss during failover1.

1.Hot Site: A hot site is a fully operational offsite data center equipped with hardware and software, network connectivity, and real-time data synchronization. It is ready to assume operation at a moment's notice, which aligns with the description provided1.

1.Minimal Downtime: The use of a hot site allows for minimal downtime during a disaster, as the site is already running and can take over immediately without the need to set up or configure equipment1.

Flexential's explanation of Disaster Recovery as a Service (DRaaS)1.

Question 94

Report
Export
Collapse

Richard Roxburgh works as a cloud security engineer in an IT company. His organization was dissatisfied with the services of its previous cloud service provider. Therefore, in January 2020, his organization adopted AWS cloud-based services and shifted all workloads and data in the AWS cloud. Richard wants to provide complete security to the hosted applications before deployment and while running in the AWS ecosystem. Which of the following automated security assessment services provided by AWS can be used by Richard to improve application security and check the application for any type of vulnerability or deviation from the best practices automatically?

A.
AWS CloudFormation
A.
AWS CloudFormation
Answers
B.
Amazon Inspector
B.
Amazon Inspector
Answers
C.
AWS Control Tower
C.
AWS Control Tower
Answers
D.
Amazon CloudFront
D.
Amazon CloudFront
Answers
Suggested answer: B

Explanation:

1.Amazon Inspector: It is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS1.

1.Automated Scans: Amazon Inspector automatically scans workloads, such as Amazon EC2 instances, containers, and Lambda functions, for vulnerabilities and unintended network exposure1.

1.Security Best Practices: It checks for deviations from best practices and provides detailed findings that include information about the nature of the threat, the affected resources, and recommendations for remediation1.

1.Integration with AWS: As an AWS-native service, Amazon Inspector is well-integrated into the AWS ecosystem, making it suitable for Richard's requirements to secure applications before deployment and while running1.

1.Exclusion of Other Options: AWS CloudFormation is used for infrastructure as code, AWS Control Tower for governance, and Amazon CloudFront for content delivery, none of which are automated security assessment services1.

AWS's official page on Amazon Inspector1.

Question 95

Report
Export
Collapse

TechnoSoft Pvt. Ltd. is a BPO company that provides 24 * 7 customer service. To secure the organizational data and applications from adversaries, the organization adopted cloud computing. The security team observed that the employees are browsing restricted and inappropriate web pages. Which of the following techniques will help the security team of TechnoSoft Pvt. Ltd. in preventing the employees from accessing restricted or inappropriate web pages?

A.
Data Loss Prevention (DLP)
A.
Data Loss Prevention (DLP)
Answers
B.
Cloud access security broker (CASB)
B.
Cloud access security broker (CASB)
Answers
C.
Geo-Filtering
C.
Geo-Filtering
Answers
D.
URL filtering
D.
URL filtering
Answers
Suggested answer: D

Explanation:

To prevent employees from accessing restricted or inappropriate web pages, the security team of TechnoSoft Pvt. Ltd. should implement URL filtering.

1.URL Filtering: This technique involves blocking access to specific URLs or websites based on a defined set of rules or categories. It is used to enforce web browsing policies and prevent access to sites that are not permitted in the workplace.

1.Implementation:

oPolicy Definition: The security team defines policies that categorize websites and determine which categories should be blocked.

oFiltering Solution: A URL filtering solution is deployed, which can be part of a firewall, a secure web gateway, or a standalone system.

oEnforcement: The URL filter enforces the policies by inspecting web requests and allowing or blocking access based on the URL's classification.

1.Benefits of URL Filtering:

oControl Web Access: Helps control employee web usage by preventing access to non-work-related or inappropriate sites.

oEnhance Security: Reduces the risk of exposure to web-based threats such as phishing, malware, and other malicious content.

oCompliance: Assists in maintaining compliance with organizational policies and regulatory requirements.

Best Practices for Implementing Web Filtering and Monitoring.

Guide to URL Filtering Solutions for Enterprise Security.


Question 96

Report
Export
Collapse

Chris Noth has recently joined CloudAppSec Private Ltd. as a cloud security engineer. Owing to several instances of malicious activities performed by former employees on his organization's applications and data that reside in an on-premises environment, in 2010, his organization adopted cloud computing and migrated all applications and data to the cloud. Chris would like to manage user identities in cloud-based services and applications. Moreover, he wants to reduce the risk caused by the accounts of former users (employees) by ensuring that the users who leave the system can no longer log in to the system. Therefore, he has enforced an IAM standard that can automate the provisioning and de-provisioning of users when they enter and leave the system. Which of the following IAM standards is implemented by Chris Noth?

A.
SCIM
A.
SCIM
Answers
B.
XACML
B.
XACML
Answers
C.
OpenID
C.
OpenID
Answers
D.
OAuth
D.
OAuth
Answers
Suggested answer: A

Explanation:

Chris Noth is looking to manage user identities and automate the provisioning and de-provisioning of users in cloud-based services and applications. The IAM standard that supports this functionality is SCIM (System for Cross-domain Identity Management).

1.SCIM Overview: SCIM is an open standard designed to manage user identity information across different domains. It simplifies user management in cloud-based applications and services by allowing for automated user provisioning and de-provisioning1.

1.Automated Provisioning: With SCIM, when new users are added to an organization's system, their identities can be automatically provisioned across various cloud services without manual intervention1.

1.Automated De-provisioning: Similarly, when users leave the organization or their roles change, SCIM can ensure that their access is automatically revoked or adjusted across all connected services. This reduces the risk of former employees retaining access to sensitive systems and data1.

1.Why Not the Others?:

oXACML (eXtensible Access Control Markup Language) is used for defining access control policies, not for identity provisioning.

oOpenID is an authentication standard that allows users to be authenticated by certain co-operating sites using a third-party service, without the need for passwords.

oOAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

MajorKey Tech: What is Provisioning and De-provisioning in IAM1.

SailPoint: What is automated provisioning?2.

Nestmeter: Streamlining Security: User Provisioning and Deprovisioning with IAM3.

Question 97

Report
Export
Collapse

Cosmic IT Services wants to migrate to cloud computing. Before migrating to the cloud, the organization must set business goals for cloud computing as per the guidelines of a standard IT governance body. Which standard IT governance body can help the organization to set business goals and objectives for cloud computing by offering the IT governance named COBIT (Control Objective for Information and Related Technology)?

A.
International Standards Organization (ISO)
A.
International Standards Organization (ISO)
Answers
B.
Cloud Security Alliance (CSA)
B.
Cloud Security Alliance (CSA)
Answers
C.
Information System Audit and Control Association (ISACA)
C.
Information System Audit and Control Association (ISACA)
Answers
D.
Committee of Sponsoring Organizations (COSO)
D.
Committee of Sponsoring Organizations (COSO)
Answers
Suggested answer: C

Explanation:

Cosmic IT Services is looking to set business goals and objectives for cloud computing using the COBIT framework. The IT governance body that offers COBIT (Control Objectives for Information and Related Technology) is the Information System Audit and Control Association (ISACA).

1.COBIT Overview: COBIT is a framework for developing, implementing, monitoring, and improving IT governance and management practices. It is a comprehensive framework that aligns IT goals with business objectives1.

1.ISACA's Role: ISACA is the organization that developed and maintains the COBIT framework. It provides guidance, benchmarks, and other materials for managing and governing enterprise IT environments1.

1.Setting Business Goals: By utilizing COBIT, Cosmic IT Services can establish a structured approach to align IT processes with business goals, ensuring that their cloud computing initiatives support the overall objectives of the organization1.

1.Why Not the Others?:

oISO (International Standards Organization) develops and publishes a wide range of proprietary, industrial, and commercial standards, but it is not the governing body for COBIT.

oCSA (Cloud Security Alliance) specializes in best practices for security assurance within cloud computing, and while it provides valuable resources, it does not govern COBIT.

oCOSO (Committee of Sponsoring Organizations) focuses on internal control, enterprise risk management, and fraud deterrence, but does not offer COBIT.

ISACA: COBIT | Control Objectives for Information Technologies1.

CIO: What is COBIT? A framework for alignment and governance2.

ITSM Docs: IT Governance COBIT3.

Question 98

Report
Export
Collapse

Christina Hendricks recently joined an MNC as a cloud security engineer. Owing to robust provisions for storing an enormous quantity of data, security features, and cost-effective services offered by AWS, her organization migrated its applications and data from an on-premises environment to the AWS cloud. Christina's organization generates structured, unstructured, and semi-structured data. Christina's team leader asked her to store block-level data in AWS storage services. Which of the following AWS storage services should be used by Christina to store block-level data?

A.
Amazon EBS
A.
Amazon EBS
Answers
B.
Amazon Glacier
B.
Amazon Glacier
Answers
C.
Amazon EFS
C.
Amazon EFS
Answers
D.
Amazon S3
D.
Amazon S3
Answers
Suggested answer: A

Explanation:

1.Block-Level Storage: Block-level storage is a type of data storage typically used for storing file systems and handling raw storage volumes. It allows for individual management of data blocks1.

1.Amazon EBS: Amazon Elastic Block Store (Amazon EBS) provides high-performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction-intensive workloads at any scale2.

1.Data Types: Amazon EBS is suitable for structured, unstructured, and semi-structured data, making it a versatile choice for Christina's organization's needs2.

1.Use Cases: Common use cases for Amazon EBS include databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows2.

1.Exclusion of Other Options: Amazon Glacier is for long-term archival storage, Amazon EFS is for file storage, and Amazon S3 is for object storage. These services do not provide block-level storage like Amazon EBS does3.

AWS's official page on Amazon EBS2.

AWS's explanation of block storage1.

Question 99

Report
Export
Collapse

Cindy Williams works as a cloud security engineer in an IT company located in Seattle, Washington. Owing to the cost-effective security, governance, and storage features provided by AWS, her organization adopted AWS cloud-based services. Cindy would like to detect any unusual activity in her organization's AWS account. She would like to obtain the event history of her organization's AWS account activity for security analysis and resource change tracking. Which of the following AWS service enables operational auditing, compliance, governance, and risk auditing for her organization's AWS account?

A.
AWS CloudFormation
A.
AWS CloudFormation
Answers
B.
AWS Security Hub
B.
AWS Security Hub
Answers
C.
AWS Config
C.
AWS Config
Answers
D.
AWS CloudTrail
D.
AWS CloudTrail
Answers
Suggested answer: D

Explanation:

1.AWS CloudTrail: AWS CloudTrail is an AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account1.

1.Event History: CloudTrail records actions taken by a user, role, or an AWS service as events. This includes actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs1.

1.Security Analysis: By providing a history of AWS account activity, CloudTrail enables security analysis and resource change tracking, which is essential for detecting unusual activities1.

1.Compliance: CloudTrail supports compliance by providing an immutable log of all the management events that occurred within the AWS account, which is crucial for audit trails1.

1.Operational Auditing: It allows organizations to conduct operational auditing by keeping track of user and API activity on AWS, which can be used to identify security incidents1.

AWS CloudTrail User Guide1.

Question 100

Report
Export
Collapse

Allen Smith works as a cloud security engineer in a multinational company. Using an intrusion detection system, the incident response team of this company identified that an attacker has been continuously attacking the organization's AWS services. The team leader asked Allen to track the changes made to AWS resources and perform security analysis. Which AWS service can provide the AWS API call history for AWS accounts, including calls made via the AWS Management Console or Command Line tools, AWS Software Development Kits, and other AWS services to Allen?

A.
Amazon CloudFront
A.
Amazon CloudFront
Answers
B.
AWS CloudFormation
B.
AWS CloudFormation
Answers
C.
Amazon CloudTrail
C.
Amazon CloudTrail
Answers
D.
Amazon CloudWatch
D.
Amazon CloudWatch
Answers
Suggested answer: C

Explanation:

1.Amazon CloudTrail: AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account1.

1.API Call History: It provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services1.

1.Security Analysis: The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing1.

1.Operational Auditing: CloudTrail continuously monitors and logs account activity across all AWS services, including actions taken by a user, role, or AWS service1.

1.Compliance Auditing: CloudTrail logs provide detailed records of all API calls, which can be used to audit compliance with regulatory standards like HIPAA and PCI2.

AWS Security Hub documentation on CloudTrail controls1.

Medium article on exploring AWS CloudTrail2.

Total 125 questions
Go to page: of 13
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms