Advance Your Career by Using Online 312-40 Dumps

1. Ray Nicholson works as a senior cloud security engineer in TerraCloud Sec Pvt. Ltd. His organization deployed all applications in a cloud environment in various virtual machines. Using IDS, Ray identified that an attacker compromised a particular VM. He would like to limit the scope of the incident and protect other resources in the cloud.

If Ray turns off the VM, what will happen?

2. Assume you work for an IT company that collects user behavior data from an e-commerce web application. This data includes the user interactions with the applications, such as purchases, searches, saved items, etc. Capture this data, transform it into zip files, and load these massive volumes of zip files received from an application into Amazon S3.

Which AWS service would you use to do this?

3. InternSoft Solution Pvt. Ltd. is an IT company located in Boston, Massachusetts. The IT and InfoSec teams of the organization uses CASP to customize access rules and automate compliance policies. Using CASP solutions, they could access the account activities in the cloud, which makes it easy for them to achieve compliance, data security, and threat protection.

What is CASP?

4. Kevin Ryan has been working as a cloud security engineer over the past 2 years in a multinational company, which uses AWS-based cloud services. He launched an EC2 instance with Amazon Linux AMI. By disabling password-based remote logins, Kevin wants to eliminate all possible loopholes through which an attacker can exploit a user account remotely. To disable password-based remote logins, using the text editor, Kevin opened the /etc/ssh/sshd_config file and found the #PermitRootLogin yes line.

Which of the following command lines should Kevin use to change the #PermitRootLogin yes line to disable password-based remote logins?

5. The e-commerce platform www.evoucher.com observes overspending 15% to 30% due to unawareness of the mistakes in threat detection and security governance while using the services of its cloud provider AWS. It feels it requires a well-thought-out roadmap to improve its cloud journey.

How can the company accelerate its cloud journey with desired outcomes and business value?

6. Alex Hales works as a cloud security specialist in an IT company. He wants to make his organization's business faster and more efficient by implementing Security Assertion Mark-up Language (SAML) that will enable employees to securely access multiple cations with a single set of credentials.

What is SAML?

7. An organization wants to detect its hidden cloud infrastructure by auditing its cloud environment and resources such that it shuts down unused/unwanted workloads, saves money, minimizes security risks, and optimizes its cloud inventory. In this scenario, which standard is applicable for cloud security auditing that enables the management of customer data?

8. AWS runs 35+ instances that are all CentOS machines. Updating these machines manually is a time-intensive task that may lead to missed updates for some instances and create vulnerabilities.

Which of the following can be used to prevent each port of each instance from being opened to access the machine and install updates?

9. Shannon Elizabeth works as a cloud security engineer in VicPro Soft Pvt. Ltd. Microsoft Azure provides all cloud-based services to her organization. Shannon created a resource group (ProdRes), and then created a virtual machine (myprodvm) in the resource group. On myprodvm virtual machine, she enabled JIT from the Azure Security Center dashboard.

What will happen when Shannon enables JIT VM access?

10. The cloud administrator John was assigned a task to create a different subscription for each division of his organization. He has to ensure all the subscriptions are linked to a single Azure AD tenant and each subscription has identical role assignments.

Which Azure service will he make use of?

11. Coral IT Systems is a multinational company that consumes cloud services. As a cloud service consumer (CSC), the organization should perform activities such as selecting, monitoring, implementing, reporting, and securing the cloud services. The CSC and cloud service provider (CSP) have a business relationship in which the CSP delivers cloud services to the CSC.

Which cloud governance role is applicable to the organization?

12. Melissa George is a cloud security engineer in an IT company. Her organization has adopted cloud-based services. The integration of cloud services has become significantly complicated to be managed by her organization. Therefore, her organization requires a third-party to consult, mediate, and facilitate the selection of a solution.

Which of the following NIST cloud deployment reference architecture actors manages cloud service usage, performance, and delivery, and maintains the relationship between the CSPs and cloud consumers?

13. An organization wants to securely connect to the AWS environment with a speed of 20 Gbps directly through its data centers, branch offices, and colocation facilities to ensure that its customers can securely access public (objects stored in Amazon S3) and private (limited access features such as VPC) resources by bypassing the internet service providers in the path.

Which of the following AWS services can be helpful for the organization?

14. VenturiaCloud is a cloud service provider that offers robust and cost-effective cloud-based services to cloud consumers. The organization became a victim of a cybersecurity attack. An attacker performed a DDoS attack over the cloud that caused failure in the entire cloud environment. VenturiaCloud conducted a forensics investigation.

Who among the following are the first line of defense against cloud security attacks with their primary role being responding against any type of security incident immediately?

15. An AWS customer was targeted with a series of HTTPS DDoS attacks, believed to be the largest layer 7 DDoS reported to date. Starting around 10 AM ET on March 1, 2023, more than 15,500 requests per second (rps) began targeting the AWS customer's load balancer. After 10 min, the number of requests increased to 2,50,000 rps.

This attack resembled receiving the entire daily traffic in only 10s. An AWS service was used to sense and mitigate this DDoS attack as well as prevent bad bots and application vulnerabilities. Identify which of the following AWS services can accomplish this.

16. A cloud organization, AZS, wants to maintain homogeneity in its cloud operations because the CPU speed measured by AZS varies and the measurement units lack consistency in the standards. For example, AWS defines the CPU speed with Elastic Compute Unit, Google with Google Compute Engine Unit, and Microsoft with clock speed.

Here, which cloud computing standard can leverage frameworks and architectures specific to the cloud for maintaining homogeneity in operations?

17. Rebecca Mader has been working as a cloud security engineer in an IT company located in Detroit, Michigan. Her organization uses AWS cloud-based services. An application is launched by a developer on an EC2 instance that needs access to the S3 bucket (photos). Rebecca created a get-pics service role and attached it to the EC2 instance. This service role comprises a permission policy that allows read-only access to the S3 bucket and a trust policy that allows the instance to assume the role and retrieve temporary credentials. The application uses the temporary credentials of the role to access the photo bucket when it runs on the instance.

Does the developer need to share or manage credentials or does the admin need to grant permission to the developer to access the photo bucket?

18. Ocular Private Ltd. is an IT company that develops software related to graphic design. The organization has been using Google cloud services. Margot Robbie has been working as a cloud security engineer in Ocular Private Ltd. over the past three years. She uses the CCP Cloud Operations Suite (formerly Stack Driver} logging and monitoring tool to monitor and debug CCP hosted applications. Margot would like to monitor a compute engine instance with cloud monitoring; therefore, she created a compute engine instance, then she installed the cloud monitoring agent.

Which of the following command can Margot use to start the cloud monitoring agent?

19. You are the manager of a cloud-based security platform that offers critical services to government agencies and private companies. One morning, your team receives an alert from the platform's intrusion detection system indicating that there has been a potential breach in the system.

As the manager, which tool you will use for viewing and monitoring the sensitive data by scanning storage systems and reviewing the access rights to critical resources via a single centralized dashboard?

20. Rachel McAdams works as a senior cloud security engineer in a cloud service provider company. Owing to the robust services and security features provided by her organization, the number of cloud consumers continues to increase. To mee the increasing cloud consumer requirements, her organization decided to build more data centers. Therefore, Rachel's organization formed a new team to design and construct data centers. Rachel is also part of the team and was given the responsibility of designing the data center.

How can Racheal maintain a stable temperature in the HVAC unit?

21. QuickServ Solutions is an organization that wants to migrate to the cloud. It is in the phase of signing an agreement with a cloud vendor. For that, QuickServ Solutions must assess the current vendor procurement process to determine how the company can mitigate cloud-related risks.

How can the company accomplish that?

22. Thomas Gibson is a cloud security engineer who works in a multinational company. His organization wants to host critical elements of its applications; thus, if disaster strikes, applications can be restored quickly and completely. Moreover, his organization wants to achieve lower RTO and RPO values.

Which of the following disaster recovery approach should be adopted by Thomas' organization?

23. Brentech Services allows its clients to access (read, write, or delete) Google Cloud Storage resources for a limited time without a Google account while it controls access to Cloud Storage.

How does the organization accomplish this?

24. Gabriel Bateman has been working as a cloud security engineer in an IT company for the past 5 years. Owing to the recent onset of the COVID-19 pandemic, his organization has given the provision to work from home to all employees. Gabriel's organization uses Microsoft Office 365 that allows all employees access files, emails, and other Office programs securely from various locations on multiple devices.

Who among the following is responsible for patch management in Microsoft Office 365?

25. Securelnfo Pvt. Ltd. has deployed all applications and data in the AWS cloud. The security team of this organization would like to examine the health of the organization's website regularly and switch (or failover) to a backup site if the primary website becomes unresponsive.

Which of the following AWS services can provide DNS failover capabilities and health checks to ensure the availability of the organization's website?

26. SeaCloud Soft Pvt. Ltd. is an IT company that develops software and applications related to the healthcare industry. To safeguard the data and applications against. The organization did not trust the cloud service attackers, the organization adopted cloud computing. provider; therefore, it Implemented an encryption technique that secures data during communication and storage. SeaCloud Soft Pvt. Ltd. performed computation on the encrypted data and then sent the data to the cloud service provider.

Based on the given information, which of the following encryption techniques was implemented by SeaCloud Soft Pvt. Ltd.?

27. Georgia Lyman works as a cloud security engineer in a multinational company. Her organization uses cloud-based services. Its virtualized networks and associated virtualized resources encountered certain capacity limitations that affected the data transfer performance and virtual server communication.

How can Georgia eliminate the data transfer capacity thresholds imposed on a virtual server by its virtualized environment?

28. An organization wants to implement a zero-trust access model for its SaaS application on the GCP as well as its on-premises applications.

Which of the following GCP services can be used to eliminate the need for setting up a company-wide VPN and implement the RBAC feature to verify employee identities to access organizational applications?

29. Global CloudEnv is a cloud service provider that provides various cloud-based services to cloud consumers. The cloud service provider adheres to the framework that can be used as a tool to systematically assess cloud implementation by providing guidance on the security controls that should be implemented by specific actors within the cloud supply chain. It is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry.

Based on the given information, which of the following cybersecurity control frameworks does Global CloudEnv adhere to?

30. An Azure organization wants to enforce its on-premises AD security and password policies to filter brute-force attacks. Instead of using legacy authentication, the users should sign in to on-premises and cloud-based applications using the same passwords in Azure AD.

Which Azure AD feature can enable users to access Azure resources?

31. Jimmi Simpson has been working as a cloud security engineer in an IT company situated in Uvonia. Michigan. His organization uses Microsoft Azure's cloud-based services. Jimml wants a cloud-based, scalable SIEM and SOAP solution that uses threat intelligence and provides intelligent security analytics across his organization.

Which of the following Microsoft Azure services provides of single solution for threat visibility, alert detection, threat response, and proactive hunting that reduces the number of attacks, provides a birds-eye view across the organization, generates high volumes of alerts, and ensures long resolution time frames?

32. Andrew Gerrard has been working as a cloud security engineer in an MNC for the past 3 years. His organization uses cloud-based services and it has implemented a DR plan. Andrew wants to ensure that the DR plan works efficiently and his organization can recover and continue with its normal operation when a disaster strikes.

Therefore, the owner of the DR plan, Andrew, and other team members involved in the development and implementation of the DR plan examined it to determine the inconsistencies and missing elements. Based on the given scenario, which of the following type of DR testing was performed in Andrew's organization?

33. IntSecureSoft Solutions Pvt. Ltd. is an IT company that develops software and applications for various educational institutions. The organization has been using Google cloud services for the past 10 years. Tara Reid works as a cloud security engineer in IntSecureSoft Solutions Pvt. Ltd. She would like to identify various misconfigurations and vulnerabilities such as open storage buckets, instances that have not implemented SSL, and resources without an enabled Web UI.

Which of the following is a native scanner in the Security Command Center that assesses the overall security state and activity of virtual machines, containers, network, and storage along with the identity and access management policies?

34. Samuel Jackson has been working as a cloud security engineer for the past 12 years in VolkSec Pvt. Ltd., whose applications are hosted in a private cloud. Owing to the increased number of users for its services, the organizations is finding it difficult to manage the on-premises data center. To overcome scalability and data storage issues, Samuel advised the management of his organization to migrate to a public cloud and shift the applications and data. Once the suggestion to migrate to public cloud was accepted by the management, Samuel was asked to select a cloud service provider. After extensive research on the available public cloud service providers, Samuel made his recommendation. Within a short period, Samuel along with his team successfully transferred all applications and data to the public cloud. Samuel's team would like to configure and maintain the platform, infrastructure, and applications in the new cloud computing environment.

Which component of a cloud platform and infrastructure provides tools and interfaces to Samuel's team for configuring and maintaining the platform, infrastructure, and application?

35. The tech giant TSC uses cloud for its operations. As a cloud user, it should implement an effective risk management lifecycle to measure and monitor high and critical risks regularly. Additionally, TSC should define what exactly should be measured and the acceptable variance to ensure timely mitigated risks.

In this case, which of the following can be used as a tool for cloud risk management?

36. A mid-sized company uses Azure as its primary cloud provider for its infrastructure. Its cloud security analysts are responsible for monitoring security events across multiple Azure resources (subscriptions, VMs, Storage, and SQL databases) and getting threat intelligence and intelligent security analytics throughout their organization.

Which Azure service would the security analysts use to achieve their goal of having a centralized view of all the security events and alerts?

37. YourTrustedCloud is a cloud service provider that provides cloud-based services to several multinational companies. The organization adheres to various frameworks and standards. YourTrustedCloud stores and processes credit card and payment-related data in the cloud environment and ensures the security of transactions and the credit card processing system.

Based on the given information, which of the following standards does YourTrustedCloud adhere to?

38. Simon recently joined a multinational company as a cloud security engineer. Due to robust security services and products provided by AWS, his organization has been using AWS cloud-based services. Simon has launched an Amazon EC2 Linux instance to deploy an application. He would like to secure Linux AMI.

Which of the following command should Simon run in the EC2 instance to disable user account passwords?

39. Dave Allen works as a cloud security engineer in an IT company located in Baltimore, Maryland. His organization uses cloud-based services; it also uses the Network Watcher regional service to monitor and diagnose problems at the network level. It contains network diagnostic and visualization tools that help in understanding, diagnosing, and obtaining visibility into the network in a cloud environment. This service helped Dave in detecting network vulnerabilities, monitoring network performance, and ensuring secure cloud operations.

Which of the following cloud service providers offers the Network Watcher service?

40. Cosmic IT Services wants to migrate to cloud computing. Before migrating to the cloud, the organization must set business goals for cloud computing as per the guidelines of a standard IT governance body.

Which standard IT governance body can help the organization to set business goals and objectives for cloud computing by offering the IT governance named COBIT (Control Objective for Information and Related Technology)?

41. In a tech organization's cloud environment, an adversary can rent thousands of VM instances for launching a DDoS attack. The criminal can also keep secret documents such as terrorist and illegal money transfer docs in the cloud storage. In such a situation, when a forensic investigation is initiated, it involves several stakeholders (government members, industry partners, third-parties, and law enforcement).

In this scenario, who acts as the first responder for the security issue on the cloud?

42. Karen Gillan has recently joined an IT company as a cloud security engineer. Her organization would like to adopt cloud-based services to provide 24 x 7 customer support to its clients. It wants to transfer its customer database and transaction details along with the applications used for managing and supporting its customers.

Before migrating to cloud, which of the following analyses should be performed by Karen on the security capabilities and services provided by cloud service providers to understand the security requirements of the organization and those provided by the cloud service provider?

43. A security incident has occurred within an organization's AWS environment. A cloud forensic investigation procedure is initiated for the acquisition of forensic evidence from the compromised EC2 instances. However, it is essential to abide by the data privacy laws while provisioning any forensic instance and sending it for analysis.

What can the organization do initially to avoid the legal implications of moving data between two AWS regions for analysis?

44. Billy Pratt works as a cloud security engineer in an MNC. In 2012, his organization transferred all applications and data into an AWS cloud environment. Billy would like to analyze, investigate, and identify the root cause of malicious activities in his organization's AWS cloud environment.

Which of the following Amazon services automatically collects data from various AWS resources and utilizes machine learning, statistical analysis, and graph theory to provide a unified and interactive view of resources and users that would help Billy in determining the root cause of suspicious activities?

45. Terry Diab has an experience of 6 years as a cloud security engineer. She recently joined a multinational company as a senior cloud security engineer. Terry learned that there is a high probability that her organizational applications could be hacked and user data such as passwords, usernames, and account information can be exploited by an attacker. The organizational applications have not yet been hacked, but this issue requires urgent action. Therefore, Terry, along with her team, released a software update that is designed to resolve this problem instantly with a quick-release procedure. Terry successfully fixed the problem (bug) in the software product immediately without following the normal quality assurance procedures. Terry's team resolved the problem immediately on the live system with zero downtime for users. Based on the given information, which of the following type of update was implemented by Terry?