Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. EC-Council
  3. 312-40

EC-Council 312-40 Exam (page: 1)
EC-Council Certified Cloud Security Engineer (CCSE)
Updated on: 12-Aug-2025

Viewing Page 1 of 26
312-40 PDF 147 Questions

Ray Nicholson works as a senior cloud security engineer in TerraCloud Sec Pvt. Ltd. His organization deployed all applications in a cloud environment in various virtual machines. Using IDS, Ray identified that an attacker compromised a particular VM. He would like to limit the scope of the incident and protect other resources in the cloud. If Ray turns off the VM, what will happen?

  1. The data required to be investigated will be lost
  2. The data required to be investigated will be recovered
  3. The data required to be investigated will be stored in the VHD
  4. The data required to be investigated will be saved

Answer(s): A

Explanation:

When Ray Nicholson, the senior cloud security engineer, identifies that an attacker has compromised a particular virtual machine (VM) using an Intrusion Detection System (IDS), his priority is to limit the scope of the incident and protect other resources in the cloud environment. Turning off the compromised VM may seem like an immediate protective action, but it has significant implications:

Shutdown Impact: When a VM is turned off, its current state and all volatile data in 1.
the RAM are lost. This includes any data that might be crucial for forensic analysis, such as the attacker's tools and running processes.

Forensic Data Loss: Critical evidence needed for a thorough investigation, such as 2.
memory dumps, active network connections, and ephemeral data, will no longer be accessible.

Data Persistence: While some data is stored in the Virtual Hard Disk (VHD), not all 3.

of the forensic data can be retrieved from the disk image alone. Live analysis often provides insights that cannot be captured from static data.

Thus, by turning off the VM, Ray risks losing essential forensic data that is necessary for a complete investigation into the incident.


Reference:

1. NIST SP 800-86: Guide to Integrating Forensic Techniques into Incident Response

2. AWS Cloud Security Best Practices

3. Azure Security Documentation



An IT company uses two resource groups, named Production-group and Security-group, under the same subscription ID. Under the Production-group, a VM called Ubuntu18 is suspected to be compromised. As a forensic investigator, you need to take a snapshot (ubuntudisksnap) of the OS disk of the suspect virtual machine Ubuntu18 for further investigation and copy the snapshot to a storage account under Security-group.

Identify the next step in the investigation of the security incident in Azure?

  1. Copy the snapshot to file share
  2. Generate shared access signature
  3. Create a backup copy of snapshot in a blob container
  4. Mount the snapshot onto the forensic workstation

Answer(s): B

Explanation:

When an IT company suspects that a VM called Ubuntu18 in the Production-group has been compromised, it is essential to perform a forensic investigation. The process of taking a snapshot and ensuring its integrity and accessibility involves several steps:

Snapshot Creation: First, create a snapshot of the OS disk of the suspect VM,
1. named ubuntudisksnap. This snapshot is a point-in-time copy of the VM's disk, ensuring that all data at that moment is captured.

Snapshot Security: Next, to transfer this snapshot securely to a storage account
2. under the Security-group, a shared access signature (SAS) needs to be generated. A SAS provides delegated access to Azure storage resources without exposing the storage account keys.

Data Transfer: With the SAS token, the snapshot can be securely copied to a storage
3. account in the Security-group. This method ensures that only authorized personnel can access the snapshot for further investigation.

Further Analysis: After copying the snapshot, it can be mounted onto a forensic
4. workstation for detailed examination. This step involves examining the contents of the snapshot for any malicious activity or artifacts left by the attacker.

Generating a shared access signature is a critical step in ensuring that the snapshot can be securely accessed and transferred without compromising the integrity and security of the data.


Reference:

1. Microsoft Azure Documentation on Shared Access Signatures (SAS)

2. Azure Security Best Practices and Patterns

3. Cloud Security Alliance (CSA) Security Guidance for Critical Areas of Focus in Cloud Computing



The GCP environment of a company named Magnitude IT Solutions encountered a security incident. To respond to the incident, the Google Data Incident Response Team was divided based on the different aspects of the incident.
Which member of the team has an authoritative knowledge of incidents and can be involved in different domains such as security, legal, product, and digital forensics?

  1. Operations Lead
  2. Subject Matter Experts
  3. Incident Commander
  4. Communications Lead

Answer(s): C

Explanation:

In the context of a security incident within the GCP environment of Magnitude IT Solutions, the Google Data Incident Response Team would be organized to address various aspects of the incident effectively. Among the team, the role with the authoritative knowledge of incidents and involvement in different domains such as security, legal, product, and digital forensics is the Incident Commander. Here's why:

Authority and Responsibility: The Incident Commander (IC) is typically responsible 1.
for the overall management of the incident response. This includes making critical decisions, coordinating the efforts of the entire response team, and ensuring that all aspects of the incident are addressed.

Cross-Functional Involvement: The IC has the expertise and authority to interact 2.
with various domains such as security (to understand and mitigate threats), legal (to ensure compliance and manage legal risks), product (to understand the impact on services), and digital forensics (to guide the investigation and evidence collection).

Leadership and Coordination: The IC leads the response effort, ensuring that all 3.
team members, including Subject Matter Experts (SMEs), Operations Leads, and Communications Leads, are working in sync and that the incident response plan is effectively executed.

Communication: The IC is the primary point of contact for internal and external 4.
stakeholders, ensuring clear and consistent communication about the status and actions being taken in response to the incident.

In summary, the Incident Commander is the central figure with the authoritative knowledge and cross-functional involvement necessary to manage a security incident comprehensively.


Reference:

1. NIST SP 800-61 Revision 2: Computer Security Incident Handling Guide

2. Google Cloud Platform Incident Response and Management Guidelines

3. Cloud Security Alliance (CSA) Incident Response Framework



Jayson Smith works as a cloud security engineer in CloudWorld SecCo Pvt. Ltd. This is a third-party vendor that provides connectivity and transport services between cloud service providers and cloud consumers. Select the actor that describes CloudWorld SecCo Pvt. Ltd. based on the NIST cloud deployment reference architecture?

  1. Cloud Broker
  2. Cloud Auditor
  3. Cloud Carrier
  4. Cloud Provider

Answer(s): C



Brentech Services allows its clients to access (read, write, or delete) Google Cloud Storage resources for a limited time without a Google account while it controls access to Cloud Storage. How does the organization accomplish this?

  1. Using BigQuery column-level security
  2. Using Signed Documents
  3. Using Signed URLs
  4. Using BigQuery row-level-security

Answer(s): C



Viewing Page 1 of 26



Share your comments for EC-Council 312-40 exam with other users:

Deepika Narayanan 7/13/2023 11:05:00 PM

yes need this exam dumps
Anonymous


Blessious Phiri 8/15/2023 3:31:00 PM

these questions are a great eye opener
Anonymous


Jagdesh 9/8/2023 8:17:00 AM

thank you for providing these questions and answers. they helped me pass my exam. you guys are great.
CANADA


TS 7/18/2023 3:32:00 PM

good knowledge
Anonymous


Asad Khan 11/1/2023 2:44:00 AM

answer 10 should be a because only a new project will be created & the organization is the same.
Anonymous


Raj 9/12/2023 3:49:00 PM

can you please upload the dump again
UNITED STATES


Christian Klein 6/23/2023 1:32:00 PM

is it legit questions from sap certifications ?
UNITED STATES


anonymous 1/12/2024 3:34:00 PM

question 16 should be b (changing the connector settings on the monitor) pc and monitor were powered on. the lights on the pc are on indicating power. the monitor is showing an error text indicating that it is receiving power too. this is a clear sign of having the wrong input selected on the monitor. thus, the "connector setting" needs to be switched from hdmi to display port on the monitor so it receives the signal from the pc, or the other way around (display port to hdmi).
UNITED STATES


NSPK 1/18/2024 10:26:00 AM

q 10. ans is d (in the target org: open deployment settings, click edit next to the source org. select allow inbound changes and save
Anonymous


mohamed abdo 9/1/2023 4:59:00 AM

very useful
Anonymous


Tom 3/18/2022 8:00:00 PM

i purchased this exam dumps from another website with way more questions but they were all invalid and outdate. this exam dumps was right to the point and all from recent exam. it was a hard pass.
UNITED KINGDOM


Edrick GOP 10/24/2023 6:00:00 AM

it was a good experience and i got 90% in the 200-901 exam.
Anonymous


anonymous 8/10/2023 2:28:00 AM

hi please upload this
Anonymous


Bakir 7/6/2023 7:24:00 AM

please upload it
UNITED KINGDOM


Aman 6/18/2023 1:27:00 PM

really need this dump. can you please help.
UNITED KINGDOM


Neela Para 1/8/2024 6:39:00 PM

really good and covers many areas explaining the answer.
NEW ZEALAND


Karan Patel 8/15/2023 12:51:00 AM

yes, can you please upload the exam?
UNITED STATES


NISHAD 11/7/2023 11:28:00 AM

how many questions are there in these dumps?
UNITED STATES


Pankaj 7/3/2023 3:57:00 AM

hi team, please upload this , i need it.
UNITED STATES


DN 9/4/2023 11:19:00 PM

question 14 - run terraform import: this is the recommended best practice for bringing manually created or destroyed resources under terraform management. you use terraform import to associate an existing resource with a terraform resource configuration. this ensures that terraform is aware of the resource, and you can subsequently manage it with terraform.
Anonymous


Zhiguang 8/19/2023 11:37:00 PM

please upload dump. thanks in advance.
Anonymous


deedee 12/23/2023 5:51:00 PM

great great
UNITED STATES


Asad Khan 11/1/2023 3:10:00 AM

answer 16 should be b your organizational policies require you to use virtual machines directly
Anonymous


Sale Danasabe 10/24/2023 5:21:00 PM

the question are kind of tricky of you didnt get the hnag on it.
Anonymous


Luis 11/16/2023 1:39:00 PM

can anyone tell me if this is for rhel8 or rhel9?
UNITED STATES


hik 1/19/2024 1:47:00 PM

good content
UNITED STATES


Blessious Phiri 8/15/2023 2:18:00 PM

pdb and cdb are critical to the database
Anonymous


Zuned 10/22/2023 4:39:00 AM

till 104 questions are free, lets see how it helps me in my exam today.
UNITED STATES


Muhammad Rawish Siddiqui 12/3/2023 12:11:00 PM

question # 56, answer is true not false.
SAUDI ARABIA


Amaresh Vashishtha 8/27/2023 1:33:00 AM

i would be requiring dumps to prepare for certification exam
Anonymous


Asad 9/8/2023 1:01:00 AM

very helpful
PAKISTAN


Blessious Phiri 8/13/2023 3:10:00 PM

control file is the heart of rman backup
Anonymous


Senthil 9/19/2023 5:47:00 AM

hi could you please upload the ibm c2090-543 dumps
Anonymous


Harry 6/27/2023 7:20:00 AM

appriciate if you could upload this again
AUSTRALIA