Home / ECCouncil / 312-40

Question list

List of questions

Question 1

(0)

A security incident has occurred within an organization's AWS environment. A cloud forensic investigation procedure is initiated for the acquisition of forensic evidence from the compromised EC2 ins

Question 2

(0)

The cloud administrator John was assigned a task to create a different subscription for each division of his organization. He has to ensure all the subscriptions are linked to a single Azure AD tena

Question 3

(0)

An organization is developing a new AWS multitier web application with complex queries and table joins. However, because the organization is small with limited staff, it requires high availability.

Question 4

(0)

Jerry Mulligan is employed by an IT company as a cloud security engineer. In 2014, his organization migrated all applications and data from on-premises to a cloud environment. Jerry would like to pe

Question 5

(0)

In a tech organization's cloud environment, an adversary can rent thousands of VM instances for launching a DDoS attack. The criminal can also keep secret documents such as terrorist and illegal mon

Question 6

(0)

Scott Herman works as a cloud security engineer in an IT company. His organization has deployed a 3-tier web application in the same Google Cloud Virtual Private Cloud. Each tier (web interface (UI)

Question 7

(0)

VenturiaCloud is a cloud service provider that offers robust and cost-effective cloud-based services to cloud consumers. The organization became a victim of a cybersecurity attack. An attacker perfo

Question 8

(0)

Sandra, who works for SecAppSol Technologies, is on a vacation. Her boss asked her to solve an urgent issue in an application. Sandra had to use applications present on her office laptop to solve th

Question 9

(0)

Alice, a cloud forensic investigator, has located, a relevant evidence during his investigation of a security breach in an organization's Azure environment. As an investigator, he needs to sync diff

Question 10

(0)

Rick Warren has been working as a cloud security engineer in an IT company for the past 4 years. Owing to the robust security features and various cost-effective services offered by AWS, in 2010, hi

Related questions

The TCK Bank adopts cloud for storing the private data of its customers. The bank usually explains its information sharing practices to its customers and safeguards sensitive data. However, there exist some security loopholes in its information sharing practices. Therefore, hackers could steal the critical data of the bank's customers. In this situation, under which cloud compliance framework will the bank be penalized?

An organization is developing a new AWS multitier web application with complex queries and table joins. However, because the organization is small with limited staff, it requires high availability. Which of the following Amazon services is suitable for the requirements of the organization?

Kenneth Danziger has been working as a cloud security engineer in a multinational company. His organization uses AWS cloud-based services. Kenneth would like to review the changes in configuration and the relationships between AWS resources, examine the detailed resource configuration history, and determine the overall compliance of his organization against the configurations specified in internal guidelines. Which of the following AWS services enables Kenneth to assess, audit, and evaluate the configuration of AWS resources?

A cloud organization, AZS, wants to maintain homogeneity in its cloud operations because the CPU speed measured by AZS varies and the measurement units lack consistency in the standards. For example, AWS defines the CPU speed with Elastic Compute Unit, Google with Google Compute Engine Unit, and Microsoft with clock speed. Here, which cloud computing standard can leverage frameworks and architectures specific to the cloud for maintaining homogeneity in operations?

Alice, a cloud forensic investigator, has located, a relevant evidence during his investigation of a security breach in an organization's Azure environment. As an investigator, he needs to sync different types of logs generated by Azure resources with Azure services for better monitoring. Which Azure logging and auditing feature can enable Alice to record information on the Azure subscription layer and obtain the evidence (information related to the operations performed on a specific resource, timestamp, status of the operation, and the user responsible for it)?

YourTrustedCloud is a cloud service provider that provides cloud-based services to several multinational companies. The organization adheres to various frameworks and standards. YourTrustedCloud stores and processes credit card and payment-related data in the cloud environment and ensures the security of transactions and the credit card processing system. Based on the given information, which of the following standards does YourTrustedCloud adhere to?

Steven Smith has been working as a cloud security engineer in an MNC for the past 4 years. His organization uses AWS cloud-based services. Steven handles a complex application on AWS that has several resources and it is difficult for him to manage these resources. Which of the following AWS services allows Steven to make a set of related AWS resources easily and use or provision them in an orderly manner so that he can spend less time managing resources and more time on the applications that run in the AWS environment?

Jerry Mulligan is employed by an IT company as a cloud security engineer. In 2014, his organization migrated all applications and data from on-premises to a cloud environment. Jerry would like to perform penetration testing to evaluate the security across virtual machines, installed apps, and OSes in the cloud environment, including conducting various security assessment steps against risks specific to the cloud that could expose them to serious threats. Which of the following cloud computing service models does not allow cloud penetration testing (CPEN) to Jerry?

Teresa Ruiz works as a cloud security engineer in an IT company. In January 2021, the data deployed by her in the cloud environment was corrupted, which caused a tremendous loss to her organization. Therefore, her organization changed its cloud service provider. After deploying the workload and data in the new service provider's cloud environment, Teresa backed up the entire data of her organization. A new employee, Barbara Houston, who recently joined Teresa's organization as a cloud security engineer, only backed up those files that changed since the last executed backup. Which type of backup was performed by Barbara in the cloud?

Georgia Lyman works as a cloud security engineer in a multinational company. Her organization uses cloud-based services. Its virtualized networks and associated virtualized resources encountered certain capacity limitations that affected the data transfer performance and virtual server communication. How can Georgia eliminate the data transfer capacity thresholds imposed on a virtual server by its virtualized environment?

Question 44 - 312-40 discussion

A client wants to restrict access to its Google Cloud Platform (GCP) resources to a specified IP range by making a trust-list. Accordingly, the client limits GCP access to users in its organization network or grants company auditors access to a requested GCP resource only. Which of the following GCP services can help the client?

Cloud IDS

VPC Service Controls

Cloud Router

Identity and Access Management

Suggested answer: B

Explanation:

To restrict access to Google Cloud Platform (GCP) resources to a specified IP range, the client can use VPC Service Controls. VPC Service Controls provide additional security for data by allowing the creation of security perimeters around GCP resources to help mitigate data exfiltration risks.

1.VPC Service Controls: This service allows the creation of secure perimeters to define and enforce security policies for GCP resources, restricting access to specific IP ranges.

1.Trust-List Implementation: By using VPC Service Controls, the client can configure access policies that only allow access from trusted IP ranges, ensuring that only users within the specified network can access the resources.

1.Granular Access Control: VPC Service Controls can be used in conjunction with Identity and Access Management (IAM) to provide fine-grained access controls based on IP addresses and other conditions.

Reference

Google Cloud VPC Service Controls Overview

VPC Service Controls enable clients to define a security perimeter around Google Cloud Platform resources to control communication to and from those resources. By using VPC Service Controls, the client can restrict access to GCP resources to a specified IP range.

1.Create a Service Perimeter: The client can create a service perimeter that includes the GCP resources they want to protect.

1.Define Access Levels: Within the service perimeter, the client can define access levels based on attributes such as IP address ranges.

1.Enforce Access Policies: Access policies are enforced, which restrict access to the resources within the service perimeter to only those requests that come from the specified IP range.

1.Grant Access to Auditors: The client can grant access to company auditors by including their IP addresses in the allowed range.

Reference: VPC Service Controls provide a way to secure sensitive data and enforce a perimeter around GCP resources. It is designed to prevent data exfiltration and manage access to services within the perimeter based on defined criteria, such as source IP address12. This makes it the appropriate service for the client's requirement to restrict access to a specified IP range.

Show Answer

asked 18/09/2024

Amar Lojo

30 questions

Your answer: A B C D

0 comments

Sorted by