ExamGecko
Search Search Login
Home Home / ECCouncil / 312-40

ECCouncil 312-40 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The TCK Bank adopts cloud for storing the private data of its customers. The bank usually explains its information sharing practices to its customers and safeguards sensitive data. However, there exist some security loopholes in its information sharing practices. Therefore, hackers could steal the critical data of the bank's customers. In this situation, under which cloud compliance framework will the bank be penalized?
An organization is developing a new AWS multitier web application with complex queries and table joins. However, because the organization is small with limited staff, it requires high availability. Which of the following Amazon services is suitable for the requirements of the organization?
Kenneth Danziger has been working as a cloud security engineer in a multinational company. His organization uses AWS cloud-based services. Kenneth would like to review the changes in configuration and the relationships between AWS resources, examine the detailed resource configuration history, and determine the overall compliance of his organization against the configurations specified in internal guidelines. Which of the following AWS services enables Kenneth to assess, audit, and evaluate the configuration of AWS resources?
A cloud organization, AZS, wants to maintain homogeneity in its cloud operations because the CPU speed measured by AZS varies and the measurement units lack consistency in the standards. For example, AWS defines the CPU speed with Elastic Compute Unit, Google with Google Compute Engine Unit, and Microsoft with clock speed. Here, which cloud computing standard can leverage frameworks and architectures specific to the cloud for maintaining homogeneity in operations?
Alice, a cloud forensic investigator, has located, a relevant evidence during his investigation of a security breach in an organization's Azure environment. As an investigator, he needs to sync different types of logs generated by Azure resources with Azure services for better monitoring. Which Azure logging and auditing feature can enable Alice to record information on the Azure subscription layer and obtain the evidence (information related to the operations performed on a specific resource, timestamp, status of the operation, and the user responsible for it)?
YourTrustedCloud is a cloud service provider that provides cloud-based services to several multinational companies. The organization adheres to various frameworks and standards. YourTrustedCloud stores and processes credit card and payment-related data in the cloud environment and ensures the security of transactions and the credit card processing system. Based on the given information, which of the following standards does YourTrustedCloud adhere to?
Steven Smith has been working as a cloud security engineer in an MNC for the past 4 years. His organization uses AWS cloud-based services. Steven handles a complex application on AWS that has several resources and it is difficult for him to manage these resources. Which of the following AWS services allows Steven to make a set of related AWS resources easily and use or provision them in an orderly manner so that he can spend less time managing resources and more time on the applications that run in the AWS environment?
Jerry Mulligan is employed by an IT company as a cloud security engineer. In 2014, his organization migrated all applications and data from on-premises to a cloud environment. Jerry would like to perform penetration testing to evaluate the security across virtual machines, installed apps, and OSes in the cloud environment, including conducting various security assessment steps against risks specific to the cloud that could expose them to serious threats. Which of the following cloud computing service models does not allow cloud penetration testing (CPEN) to Jerry?
Georgia Lyman works as a cloud security engineer in a multinational company. Her organization uses cloud-based services. Its virtualized networks and associated virtualized resources encountered certain capacity limitations that affected the data transfer performance and virtual server communication. How can Georgia eliminate the data transfer capacity thresholds imposed on a virtual server by its virtualized environment?
Scott Herman works as a cloud security engineer in an IT company. His organization has deployed a 3-tier web application in the same Google Cloud Virtual Private Cloud. Each tier (web interface (UI), API, and database) is scaled independently of others. Scott Herman obtained a requirement that the network traffic should always access the database using the API and any request coming directly from the web interface to the database should not be allowed. How should Scott configure the network with minimal steps?

Question 31

Report
Export
Collapse

Ray Nicholson works as a senior cloud security engineer in TerraCloud Sec Pvt. Ltd. His organization deployed all applications in a cloud environment in various virtual machines. Using IDS, Ray identified that an attacker compromised a particular VM. He would like to limit the scope of the incident and protect other resources in the cloud. If Ray turns off the VM, what will happen?

A.
The data required to be investigated will be lost
A.
The data required to be investigated will be lost
Answers
B.
The data required to be investigated will be recovered
B.
The data required to be investigated will be recovered
Answers
C.
The data required to be investigated will be stored in the VHD
C.
The data required to be investigated will be stored in the VHD
Answers
D.
The data required to be investigated will be saved
D.
The data required to be investigated will be saved
Answers
Suggested answer: A

Explanation:

When Ray Nicholson, the senior cloud security engineer, identifies that an attacker has compromised a particular virtual machine (VM) using an Intrusion Detection System (IDS), his priority is to limit the scope of the incident and protect other resources in the cloud environment. Turning off the compromised VM may seem like an immediate protective action, but it has significant implications:

1.Shutdown Impact: When a VM is turned off, its current state and all volatile data in the RAM are lost. This includes any data that might be crucial for forensic analysis, such as the attacker's tools and running processes.

1.Forensic Data Loss: Critical evidence needed for a thorough investigation, such as memory dumps, active network connections, and ephemeral data, will no longer be accessible.

1.Data Persistence: While some data is stored in the Virtual Hard Disk (VHD), not all of the forensic data can be retrieved from the disk image alone. Live analysis often provides insights that cannot be captured from static data.

Thus, by turning off the VM, Ray risks losing essential forensic data that is necessary for a complete investigation into the incident.

1.NIST SP 800-86: Guide to Integrating Forensic Techniques into Incident Response

1.AWS Cloud Security Best Practices

1.Azure Security Documentation

Question 32

Report
Export
Collapse

An IT company uses two resource groups, named Production-group and Security-group, under the same subscription ID. Under the Production-group, a VM called Ubuntu18 is suspected to be compromised. As a forensic investigator, you need to take a snapshot (ubuntudisksnap) of the OS disk of the suspect virtual machine Ubuntu18 for further investigation and copy the snapshot to a storage account under Security-group.

Identify the next step in the investigation of the security incident in Azure?

A.
Copy the snapshot to file share
A.
Copy the snapshot to file share
Answers
B.
Generate shared access signature
B.
Generate shared access signature
Answers
C.
Create a backup copy of snapshot in a blob container
C.
Create a backup copy of snapshot in a blob container
Answers
D.
Mount the snapshot onto the forensic workstation
D.
Mount the snapshot onto the forensic workstation
Answers
Suggested answer: B

Explanation:

When an IT company suspects that a VM called Ubuntu18 in the Production-group has been compromised, it is essential to perform a forensic investigation. The process of taking a snapshot and ensuring its integrity and accessibility involves several steps:

1.Snapshot Creation: First, create a snapshot of the OS disk of the suspect VM, named ubuntudisksnap. This snapshot is a point-in-time copy of the VM's disk, ensuring that all data at that moment is captured.

1.Snapshot Security: Next, to transfer this snapshot securely to a storage account under the Security-group, a shared access signature (SAS) needs to be generated. A SAS provides delegated access to Azure storage resources without exposing the storage account keys.

1.Data Transfer: With the SAS token, the snapshot can be securely copied to a storage account in the Security-group. This method ensures that only authorized personnel can access the snapshot for further investigation.

1.Further Analysis: After copying the snapshot, it can be mounted onto a forensic workstation for detailed examination. This step involves examining the contents of the snapshot for any malicious activity or artifacts left by the attacker.

Generating a shared access signature is a critical step in ensuring that the snapshot can be securely accessed and transferred without compromising the integrity and security of the data.

1.Microsoft Azure Documentation on Shared Access Signatures (SAS)

1.Azure Security Best Practices and Patterns

1.Cloud Security Alliance (CSA) Security Guidance for Critical Areas of Focus in Cloud Computing

Question 33

Report
Export
Collapse

The GCP environment of a company named Magnitude IT Solutions encountered a security incident. To respond to the incident, the Google Data Incident Response Team was divided based on the different aspects of the incident. Which member of the team has an authoritative knowledge of incidents and can be involved in different domains such as security, legal, product, and digital forensics?

A.
Operations Lead
A.
Operations Lead
Answers
B.
Subject Matter Experts
B.
Subject Matter Experts
Answers
C.
Incident Commander
C.
Incident Commander
Answers
D.
Communications Lead
D.
Communications Lead
Answers
Suggested answer: C

Explanation:

In the context of a security incident within the GCP environment of Magnitude IT Solutions, the Google Data Incident Response Team would be organized to address various aspects of the incident effectively. Among the team, the role with the authoritative knowledge of incidents and involvement in different domains such as security, legal, product, and digital forensics is the Incident Commander. Here's why:

1.Authority and Responsibility: The Incident Commander (IC) is typically responsible for the overall management of the incident response. This includes making critical decisions, coordinating the efforts of the entire response team, and ensuring that all aspects of the incident are addressed.

1.Cross-Functional Involvement: The IC has the expertise and authority to interact with various domains such as security (to understand and mitigate threats), legal (to ensure compliance and manage legal risks), product (to understand the impact on services), and digital forensics (to guide the investigation and evidence collection).

1.Leadership and Coordination: The IC leads the response effort, ensuring that all team members, including Subject Matter Experts (SMEs), Operations Leads, and Communications Leads, are working in sync and that the incident response plan is effectively executed.

1.Communication: The IC is the primary point of contact for internal and external stakeholders, ensuring clear and consistent communication about the status and actions being taken in response to the incident.

In summary, the Incident Commander is the central figure with the authoritative knowledge and cross-functional involvement necessary to manage a security incident comprehensively.

1.NIST SP 800-61 Revision 2: Computer Security Incident Handling Guide

1.Google Cloud Platform Incident Response and Management Guidelines

1.Cloud Security Alliance (CSA) Incident Response Framework

Question 34

Report
Export
Collapse

Jayson Smith works as a cloud security engineer in CloudWorld SecCo Pvt. Ltd. This is a third-party vendor that provides connectivity and transport services between cloud service providers and cloud consumers. Select the actor that describes CloudWorld SecCo Pvt. Ltd. based on the NIST cloud deployment reference architecture?

A.
Cloud Broker
A.
Cloud Broker
Answers
B.
Cloud Auditor
B.
Cloud Auditor
Answers
C.
Cloud Carrier
C.
Cloud Carrier
Answers
D.
Cloud Provider
D.
Cloud Provider
Answers
Suggested answer: C

Question 35

Report
Export
Collapse

Brentech Services allows its clients to access (read, write, or delete) Google Cloud Storage resources for a limited time without a Google account while it controls access to Cloud Storage. How does the organization accomplish this?

A.
Using BigQuery column-level security
A.
Using BigQuery column-level security
Answers
B.
Using Signed Documents
B.
Using Signed Documents
Answers
C.
Using Signed URLs
C.
Using Signed URLs
Answers
D.
Using BigQuery row-level-security
D.
Using BigQuery row-level-security
Answers
Suggested answer: C

Question 36

Report
Export
Collapse

Daffod is an American cloud service provider that provides cloud-based services to customers worldwide.

Several customers are adopting the cloud services provided by Daffod because they are secure and cost-

effective. Daffod complies with the cloud computing law enacted in the US to realize the importance of information security in the economic and national security interests of the US. Based on the given information, which law order does Daffod adhere to?

A.
FERPA
A.
FERPA
Answers
B.
CLOUD
B.
CLOUD
Answers
C.
FISMA
C.
FISMA
Answers
D.
ECPA
D.
ECPA
Answers
Suggested answer: C

Explanation:

Daffod, as an American cloud service provider complying with the cloud computing law that emphasizes the importance of information security for economic and national security interests, adheres to the Federal Information Security Management Act (FISMA). Here's why:

1.FISMA Overview: FISMA is a US law enacted to protect government information, operations, and assets against natural or man-made threats.

1.Importance of Information Security: FISMA requires that all federal agencies develop, document, and implement an information security and protection program.

1.Relevance to Daffod: As Daffod complies with this law, it ensures that its cloud services are secure and adhere to national security standards, making it a trusted provider for secure and cost-effective cloud services.

1.NIST SP 800-53: Security and Privacy Controls for Information Systems and Organizations

1.Federal Information Security Modernization Act (FISMA)

Question 37

Report
Export
Collapse

Simon recently joined a multinational company as a cloud security engineer. Due to robust security services and products provided by AWS, his organization has been using AWS cloud-based services. Simon has launched an Amazon EC2 Linux instance to deploy an application. He would like to secure Linux AMI. Which of the following command should Simon run in the EC2 instance to disable user account passwords?

A.
passwd -D < USERNAME >
A.
passwd -D < USERNAME >
Answers
B.
passwd -I < USERNAME >
B.
passwd -I < USERNAME >
Answers
C.
passwd -d < USERNAME >
C.
passwd -d < USERNAME >
Answers
D.
passwd -L < USERNAME >
D.
passwd -L < USERNAME >
Answers
Suggested answer: D

Explanation:

To disable user account passwords on an Amazon EC2 Linux instance, Simon should use the command passwd -L <USERNAME>. Here's the detailed explanation:

1.passwd Command: The passwd command is used to update a user's authentication tokens (passwords).

1.-L Option: The -L option is used to lock the password of the specified user account, effectively disabling the password without deleting the user account itself.

1.Security Measure: Disabling passwords ensures that the user cannot authenticate using a password, thereby enhancing the security of the instance.

1.AWS Documentation: Securing Access to Amazon EC2 Instances

1.Linux man-pages: passwd(1)

Question 38

Report
Export
Collapse

An organization with resources on Google Cloud regularly backs up its service capabilities to ensure high availability and reduce the downtime when a zone or instance becomes unavailable owing to zonal outage or memory shortage in an instance. However, as protocol, the organization must frequently test whether these regular backups are configured. Which tool's high availability settings must be checked for this?

A.
MySQL Database
A.
MySQL Database
Answers
B.
Always on Availability Groups (AGs)
B.
Always on Availability Groups (AGs)
Answers
C.
SQL Server Database Mirroring (DBM)
C.
SQL Server Database Mirroring (DBM)
Answers
D.
Google Cloud SQL
D.
Google Cloud SQL
Answers
Suggested answer: D

Explanation:

For an organization with resources on Google Cloud that needs to ensure high availability and reduce downtime, the high availability settings of Google Cloud SQL should be checked. Here's the detailed explanation:

1.Google Cloud SQL Overview: Cloud SQL is a fully-managed relational database service for MySQL, PostgreSQL, and SQL Server. It provides high availability configurations and automated backups.

1.High Availability Configuration: Cloud SQL offers high availability through regional instances, which replicate data across multiple zones within a region to ensure redundancy.

1.Testing Backups: Regularly testing backups and their configurations ensures that the high availability settings are functioning correctly and that data recovery is possible in case of an outage.

1.Google Cloud SQL Documentation

1.High Availability and Disaster Recovery for Cloud SQL

Question 39

Report
Export
Collapse

Shannon Elizabeth works as a cloud security engineer in VicPro Soft Pvt. Ltd. Microsoft Azure provides all cloud-based services to her organization. Shannon created a resource group (ProdRes), and then created a virtual machine (myprodvm) in the resource group. On myprodvm virtual machine, she enabled JIT from the Azure Security Center dashboard. What will happen when Shannon enables JIT VM access?

A.
It locks down the inbound traffic from myprodvm by creating a rule in the network security group
A.
It locks down the inbound traffic from myprodvm by creating a rule in the network security group
Answers
B.
It locks down the inbound traffic to myprodvm by creating a rule in the Azure firewall
B.
It locks down the inbound traffic to myprodvm by creating a rule in the Azure firewall
Answers
C.
It locks down the outbound traffic from myprodvm by creating a rule in the network security group
C.
It locks down the outbound traffic from myprodvm by creating a rule in the network security group
Answers
D.
It locks down the outbound traffic to myprodvm by creating a rule in the Azure firewall
D.
It locks down the outbound traffic to myprodvm by creating a rule in the Azure firewall
Answers
Suggested answer: B

Explanation:

When Shannon Elizabeth enables Just-In-Time (JIT) VM access on the myprodvm virtual machine from the Azure Security Center dashboard, the following happens:

1.Inbound Traffic Control: JIT VM access locks down the inbound traffic to the virtual machine.

1.Azure Firewall Rule: It creates a rule in the Azure firewall to control this inbound traffic, allowing access only when required and for a specified duration.

1.Enhanced Security: This approach minimizes exposure to potential attacks by reducing the time that the VM ports are open.

1.Azure Security Center Documentation: Just-In-Time VM Access

1.Microsoft Learn: Configure Just-In-Time VM Access in Azure

Question 40

Report
Export
Collapse

William O'Neil works as a cloud security engineer in an IT company located in Tampa, Florida. To create an access key with normal user accounts, he would like to test whether it is possible to escalate privileges to obtain AWS administrator account access. Which of the following commands should William try to create a new user access key ID and secret key for a user?

A.
aws iam target_user -user-name create-access-key
A.
aws iam target_user -user-name create-access-key
Answers
B.
aws iam create-access-key -user-name target_user
B.
aws iam create-access-key -user-name target_user
Answers
C.
aws iam create-access-key target_user -user-name
C.
aws iam create-access-key target_user -user-name
Answers
D.
aws iam -user-name target_user create-access-key
D.
aws iam -user-name target_user create-access-key
Answers
Suggested answer: B
Total 125 questions
Go to page: of 13
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms