Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-40

EC-Council 312-40 Exam Questions
Certified Cloud Security Engineer (CCSE) (Page 4 )

Updated On: 24-Feb-2026
Page 4 of 31
PDF with 147 Questions

Colin Farrell works as a senior cloud security engineer in a healthcare company. His organization has migrated all workloads and data in a private cloud environment. An attacker used the cloud environment as a point to disrupt the business of Colin's organization. Using intrusion detection prevention systems, antivirus software, and log analyzers, Colin successfully detected the incident; however, a group of users were not able to avail the critical services provided by his organization. Based on the incident impact level classification scales, select the severity of the incident encountered by Colin's organization?

  1. High
  2. None
  3. Low
  4. Medium

Answer(s): A



Sam, a cloud admin, works for a technology company that uses Azure resources. Because Azure contains the resources of numerous organizations and several alerts are received timely, it is difficult for the technology company to identify risky resources, determine their owner, know whether they are needed, and know who pays for them. How can Sam organize resources to determine this information immediately?

  1. By using tags
  2. By setting up Azure Front Door
  3. By configuring workflow automation
  4. By using ASC Data Connector

Answer(s): A



Georgia Lyman works as a cloud security engineer in a multinational company. Her organization uses cloud-based services. Its virtualized networks and associated virtualized resources encountered certain capacity limitations that affected the data transfer performance and virtual server communication. How can Georgia eliminate the data transfer capacity thresholds imposed on a virtual server by its virtualized environment?

  1. By allowing the virtual appliance to bypass the hypervisor and access the I/O card of the physical server directly
  2. By restricting the virtual appliance to bypass the hypervisor and access the I/O card of the physical server directly
  3. By restricting the virtual server to bypass the hypervisor and access the I/O card of the physical server directly
  4. By allowing the virtual server to bypass the hypervisor and access the I/O card of the physical server directly

Answer(s): D

Explanation:

Virtual servers can face performance limitations due to the overhead introduced by the hypervisor in a virtualized environment. To improve data transfer performance and communication between virtual servers, Georgia can eliminate the data transfer capacity thresholds by allowing the virtual server to bypass the hypervisor and directly access the I/O card of the physical server. This technique is known as Single Root I/O Virtualization (SR-IOV), which allows virtual machines to directly access network interfaces, thereby reducing latency and improving throughput. Understanding SR-IOV: SR-IOV enables a network interface card (NIC) to appear as multiple separate physical devices to the virtual machines, allowing them to bypass the hypervisor. Performance Benefits: By bypassing the hypervisor, the virtual server can achieve near-native performance for network I/O, eliminating bottlenecks and improving data transfer rates. Implementation: This requires hardware support for SR-IOV and appropriate configuration in the hypervisor and virtual machines.

Reference
VMware SR-IOV
Intel SR-IOV Overview



A client wants to restrict access to its Google Cloud Platform (GCP) resources to a specified IP range by making a trust-list. Accordingly, the client limits GCP access to users in its organization network or grants company auditors access to a requested GCP resource only.
Which of the following GCP services can help the client?

  1. Cloud IDS
  2. VPC Service Controls
  3. Cloud Router
  4. Identity and Access Management

Answer(s): B

Explanation:

To restrict access to Google Cloud Platform (GCP) resources to a specified IP range, the client can use VPC Service Controls. VPC Service Controls provide additional security for data by allowing the creation of security perimeters around GCP resources to help mitigate data exfiltration risks. VPC Service Controls: This service allows the creation of secure perimeters to define and enforce security policies for GCP resources, restricting access to specific IP ranges. Trust-List Implementation: By using VPC Service Controls, the client can configure access policies that only allow access from trusted IP ranges, ensuring that only users within the specified network can access the resources.
Granular Access Control: VPC Service Controls can be used in conjunction with Identity and Access Management (IAM) to provide fine-grained access controls based on IP addresses and other conditions.
Reference
Google Cloud VPC Service Controls Overview

VPC Service Controls enable clients to define a security perimeter around Google Cloud Platform resources to control communication to and from those resources. By using VPC Service Controls, the client can restrict access to GCP resources to a specified IP range. Create a Service Perimeter: The client can create a service perimeter that includes the GCP resources they want to protect.
Define Access Levels: Within the service perimeter, the client can define access levels based on attributes such as IP address ranges.
Enforce Access Policies: Access policies are enforced, which restrict access to the resources within the service perimeter to only those requests that come from the specified IP range. Grant Access to Auditors: The client can grant access to company auditors by including their IP addresses in the allowed range.


Reference:

VPC Service Controls provide a way to secure sensitive data and enforce a perimeter around GCP resources. It is designed to prevent data exfiltration and manage access to services within the perimeter based on defined criteria, such as source IP address12. This makes it the appropriate service for the client's requirement to restrict access to a specified IP range.



SecureSoft IT Pvt. Ltd. is an IT company located in Charlotte, North Carolina, that develops software for the healthcare industry. The organization generates a tremendous amount of unorganized data such as video and audio files. Kurt recently joined SecureSoft IT Pvt. Ltd. as a cloud security engineer. He manages the organizational data using NoSQL databases. Based on the given information, which of the following data are being generated by Kurt's organization?

  1. Metadata
  2. Structured Data
  3. Unstructured Data
  4. Semi-Structured Data

Answer(s): C

Explanation:

The data generated by SecureSoft IT Pvt. Ltd., which includes video and audio files, is categorized as unstructured data. This is because it does not follow a specific format or structure that can be easily stored in traditional relational databases.
Understanding Unstructured Data: Unstructured data refers to information that either does not have a pre-defined data model or is not organized in a pre-defined manner. It includes formats like audio, video, and social media postings.
Role of NoSQL Databases: NoSQL databases are designed to store, manage, and retrieve unstructured data efficiently. They can handle a variety of data models, including document, graph, key-value, and wide-column stores.
Management of Data: As a cloud security engineer, Kurt's role involves managing this unstructured data using NoSQL databases, which provide the flexibility required for such diverse data types. Significance in Healthcare: In the healthcare industry, unstructured data is particularly prevalent due to the vast amounts of patient information, medical records, imaging files, and other forms of data that do not fit neatly into tabular forms.


Reference:

Unstructured data is a common challenge in the IT sector, especially in fields like healthcare that generate large volumes of complex data. NoSQL databases offer a solution to manage this data effectively, providing scalability and flexibility. SecureSoft IT Pvt. Ltd.'s use of NoSQL databases aligns with industry practices for handling unstructured data efficiently.






Post your Comments and Discuss EC-Council 312-40 exam dumps with other Community members:

Join the 312-40 Discussion