Eccouncil 312-40 Certified Cloud Security Engineer (CCSE) Exam Practice Test

Page: 1 / 14
Total 147 questions
Question 1

Shannon Elizabeth works as a cloud security engineer in VicPro Soft Pvt. Ltd. Microsoft Azure provides all cloud-based services to her organization. Shannon created a resource group (ProdRes), and then created a virtual machine (myprodvm) in the resource group. On myprodvm virtual machine, she enabled JIT from the Azure Security Center dashboard. What will happen when Shannon enables JIT VM access?



Answer : B

When Shannon Elizabeth enables Just-In-Time (JIT) VM access on the myprodvm virtual machine from the Azure Security Center dashboard, the following happens:

Inbound Traffic Control: JIT VM access locks down the inbound traffic to the virtual machine.

Azure Firewall Rule: It creates a rule in the Azure firewall to control this inbound traffic, allowing access only when required and for a specified duration.

Enhanced Security: This approach minimizes exposure to potential attacks by reducing the time that the VM ports are open.


Azure Security Center Documentation: Just-In-Time VM Access

Microsoft Learn: Configure Just-In-Time VM Access in Azure

Question 2

The tech giant TSC uses cloud for its operations. As a cloud user, it should implement an effective risk management lifecycle to measure and monitor high and critical risks regularly. Additionally, TSC should define what exactly should be measured and the acceptable variance to ensure timely mitigated risks. In this case, which of the following can be used as a tool for cloud risk management?



Answer : D

The CSA CCM (Cloud Controls Matrix) Framework is a cybersecurity control framework for cloud computing, developed by the Cloud Security Alliance (CSA). It is designed to provide a structured and standardized set of security controls that help organizations assess the overall security posture of their cloud infrastructure and services.

Here's how the CSA CCM Framework serves as a tool for cloud risk management:

Comprehensive Controls: The CCM consists of 197 control objectives structured in 17 domains covering all key aspects of cloud technology.

Risk Assessment: It can be used for the systematic assessment of a cloud implementation, providing guidance on which security controls should be implemented.

Alignment with Standards: The controls framework is aligned with the CSA Security Guidance for Cloud Computing and other industry-accepted security standards and regulations.

Shared Responsibility Model: The CCM clarifies the shared responsibility model between cloud service providers (CSPs) and customers (CSCs).

Monitoring and Measurement: The CCM includes metrics and implementation guidelines that help define what should be measured and the acceptable variance for risks.


CSA's official documentation on the Cloud Controls Matrix (CCM), which outlines its use as a tool for cloud risk management1.

An article providing a checklist for CSA's Cloud Controls Matrix v4, which discusses how it can be used for managing risk in cloud environments2.

Question 3

Colin Farrell works as a senior cloud security engineer in a healthcare company. His organization has migrated all workloads and data in a private cloud environment. An attacker used the cloud environment as a point to disrupt the business of Colin's organization. Using intrusion detection prevention systems, antivirus software, and log analyzers, Colin successfully detected the incident; however, a group of users were not able to avail the critical services provided by his organization. Based on the incident impact level classification scales, select the severity of the incident encountered by Colin's organization?



Answer : A


Question 4

Scott Herman works as a cloud security engineer in an IT company located in Ann Arbor, Michigan. His organization uses Office 365 Business Premium that provides Microsoft Teams, secure cloud storage, business email, premium Office applications across devices, advanced cyber threat protection, and device management.

Which of the following cloud computing service models does Microsoft Office 365 represent?



Answer : D

SaaS, or Software as a Service, is a cloud computing model where software applications are delivered over the internet. Users subscribe to the service rather than purchasing and installing software on individual devices. Microsoft Office 365 fits this model as it provides access to various applications such as Microsoft Teams, secure cloud storage, business email, and more through a subscription service. Users can access these services from any device, provided they have an internet connection.

Here's a breakdown of how Office 365 aligns with the SaaS model:

Subscription-Based: Office 365 operates on a subscription model, where users pay a recurring fee to use the service.

Cloud-Hosted Applications: The suite includes cloud-hosted versions of traditional Microsoft applications, as well as new tools like Microsoft Teams.

Managed by Provider: Microsoft manages the infrastructure, security, and updates for these applications, relieving users from these responsibilities.

Accessible from Anywhere: As a cloud service, Office 365 can be accessed from anywhere, on any device with internet connectivity.

Business Services: It includes business services like email and device management, which are typical features of SaaS offerings.


Microsoft's description of Office 365 as a cloud-based service1.

Microsoft Azure's definition of SaaS, mentioning Office 365 as an example2.

Microsoft support page explaining Microsoft 365 as a subscription service3.

Question 5

Richard Harris works as a senior cloud security engineer in a multinational company. His organization uses Microsoft Azure cloud-based services. Richard would like to manage, control, and monitor the access to important resources in his organization. Which service in Azure AD can enable Richard to manage, control, and monitor the access to resources in Azure. Azure AD. and other Microsoft online services such as Microsoft Intune or Microsoft 365?



Answer : A


Question 6

VenturiaCloud is a cloud service provider that offers robust and cost-effective cloud-based services to cloud consumers. The organization became a victim of a cybersecurity attack. An attacker performed a DDoS attack over the cloud that caused failure in the entire cloud environment. VenturiaCloud conducted a forensics investigation. Who among the following are the first line of defense against cloud security attacks with their primary role being responding against any type of security incident immediately?



Answer : D

Incident Handlers are typically the first line of defense against cloud security attacks, with their primary role being to respond immediately to any type of security incident. In the context of a cybersecurity attack such as a DDoS (Distributed Denial of Service), incident handlers are responsible for the initial response, which includes identifying, managing, recording, and analyzing security threats or incidents in real-time.

Here's how Incident Handlers function as the first line of defense:

Immediate Response: They are trained to respond quickly to security incidents to minimize impact and manage the situation.

Incident Analysis: Incident Handlers analyze the nature and scope of the incident, including the type of attack and its origin.

Mitigation Strategies: They implement strategies to mitigate the attack, such as rerouting traffic or isolating affected systems.

Communication: They communicate with relevant stakeholders, including IT professionals, management, and possibly law enforcement.

Forensics and Recovery: After an attack, they work on forensics to understand how the breach occurred and on recovery processes to restore services.


An ISACA journal article discussing the roles of various functions in information security, highlighting the first line of defense1.

An Australian Cyber Security Magazine article emphasizing the importance of identity and access management (IAM) as the first line of defense in securing the cloud2.

Question 7

Kevin Ryan has been working as a cloud security engineer over the past 2 years in a multinational company, which uses AWS-based cloud services. He launched an EC2 instance with Amazon Linux AMI. By disabling password-based remote logins, Kevin wants to eliminate all possible loopholes through which an attacker can exploit a user account remotely. To disable password-based remote logins, using the text editor, Kevin opened the /etc/ssh/sshd_config file and found the #PermitRootLogin yes line. Which of the following command lines should Kevin use to change the #PermitRootLogin yes line to disable password-based remote logins?



Answer : A

To disable password-based remote logins for the root account on an EC2 instance running Amazon Linux AMI, Kevin should modify the SSH configuration as follows:

Open SSH Configuration: Using a text editor, open the /etc/ssh/sshd_config file.

Find PermitRootLogin Directive: Locate the line #PermitRootLogin yes. The # indicates that the line is commented out.

Modify the Directive: Change the line to PermitRootLogin without-password. This setting allows root login using authentication methods other than passwords, such as SSH keys, while disabling password-based root logins.

Save and Close: Save the changes to the sshd_config file and exit the text editor.

Restart SSH Service: To apply the changes, restart the SSH service by running sudo service sshd restart or sudo systemctl restart sshd, depending on the system's init system.

Reference: The PermitRootLogin without-password directive in the SSH configuration file is used to enhance security by preventing password-based authentication for the root user, which is a common target for brute force attacks. Instead, it requires more secure methods like SSH key pairs for authentication. This change is part of best practices for securing SSH access to Linux servers.


Page:    1 / 14   
Total 147 questions