ECCouncil 312-40 - Certified Cloud Security Engineer Exam
Page: 2 / 25
Total 125 questions
Question #6 (Topic: Exam A)
Kelsey Lewis has been working as a cloud security engineer in a BPO company that provides 24 × 7 customer service. Owing to the cost-effective storage and security features provided by cloud computing, her organization adopted the cloud environment 4 years ago. Kelsey implemented the TLS protocol to provide security to e-mail communications, voice over IP (VoIP) communication, web traffic, messaging clients, file transfers, and internet services (Domain Name Service (DNS) and Network Time Protocol (NTP)). Which certificate is used by TLS for communication authentication and encryption between hosts?
A. X.507 certificates issued by the Certificate Authority
B. X.508 certificates issued by the Certificate Authority
C. X.506 certificate issued by the Certificate Authority
D. X.509 certificates issued by the Certificate Authority
Answer: D
Question #7 (Topic: Exam A)
Tom Holland works as a cloud security engineer in an IT company located in Lansing, Michigan. His organization has adopted cloud-based services wherein user access, application, and data security are the responsibilities of the organization, and the OS, hypervisor, physical, infrastructure, and network security are the responsibilities of the cloud service provider. Based on the aforementioned cloud security shared responsibilities, which of the following cloud computing service models is enforced in Tom’s organization?
A. Software-as-a-Service
B. On-Premises
C. Infrastructure-as-a-Service
D. Platform-as-a-Service
Answer: C
Question #8 (Topic: Exam A)
An organization, PARADIGM PlayStation, moved its infrastructure to a cloud as a security practice. It established an incident response team to monitor the hosted websites for security issues. While examining network access logs using SIEM, the incident response team came across some incidents that suggested that one of their websites was targeted by attackers and they successfully performed an SQL injection attack. Subsequently, the incident response team made the website and database server offline. In which of the following steps of the incident response lifecycle, the incident team determined to make that decision?
A. Containment
B. Analysis
C. Coordination and information sharing
D. Post-mortem
Answer: A
Question #9 (Topic: Exam A)
Global CloudEnv is a cloud service provider that provides various cloud-based services to cloud consumers. The cloud service provider adheres to the framework that can be used as a tool to systematically assess cloud implementation by providing guidance on the security controls that should be implemented by specific actors within the cloud supply chain. It is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. Based on the given information, which of the following cybersecurity control frameworks does Global CloudEnv adhere to?
A. CDMI
B. CSA CAIQ
C. CSA CCM
D. ITU-T X.1601
Answer: C
Question #10 (Topic: Exam A)
Global SoftTechSol is a multinational company that provides customized software solutions and services to various clients located in different countries. It uses a public cloud to host its applications and services. Global SoftTechSol uses Cloud Debugger to inspect the current state of a running application in real-time, find bugs, and understand the behavior of the code in production. Identify the service provider that provides the Cloud Debugger feature to Global SoftTechSol?
A. Google
B. IBM
C. Azure
D. AWS
Answer: A
