Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. EC-Council
  3. 312-40

EC-Council 312-40 Exam (page: 4)
EC-Council Certified Cloud Security Engineer (CCSE)
Updated on: 12-Feb-2026

Viewing Page 4 of 26
312-40 PDF 147 Questions

Global InfoSec Solution Pvt. Ltd. is an IT company that develops mobile-based software and applications. For smooth, secure, and cost-effective facilitation of business, the organization uses public cloud services. Now, Global InfoSec Solution Pvt. Ltd. is encountering a vendor lock-in issue.
What is vendor lock-in in cloud computing?

  1. It is a situation in which a cloud consumer cannot switch to another cloud service broker without substantial switching costs
  2. It is a situation in which a cloud consumer cannot switch to a cloud carrier without substantial switching costs
  3. It is a situation in which a cloud service provider cannot switch to another cloud service broker without substantial switching costs
  4. It is a situation in which a cloud consumer cannot switch to another cloud service provider without substantial switching costs

Answer(s): D

Explanation:

Vendor lock-in in cloud computing refers to a scenario where a customer becomes dependent on a single cloud service provider and faces significant challenges and costs if they decide to switch to a different provider.

1. Dependency: The customer relies heavily on the services, technologies, or platforms provided by one cloud service provider.

2. Switching Costs: If the customer wants to switch providers, they may encounter substantial costs related to data migration, retraining staff, and reconfiguring applications to work with the new provider's platform.

3. Business Disruption: The process of switching can lead to business disruptions, as it may involve downtime or a learning curve for new services.

4. Strategic Considerations: Vendor lock-in can also limit the customer's ability to negotiate better terms or take advantage of innovations and price reductions from competing providers.


Reference:

Vendor lock-in is a well-known issue in cloud computing, where customers may find it difficult to move databases or services due to high costs or technical incompatibilities. This can result from using proprietary technologies or services that are unique to a particular cloud provider12. It is important for organizations to consider the potential for vendor lock-in when choosing cloud service providers and to plan accordingly to mitigate these risks1.



A web server passes the reservation information to an application server and then the application server queries an Airline service.
Which of the following AWS service allows secure hosted queue server-side encryption (SSE), or uses custom SSE keys managed in AWS

Key Management Service (AWS KMS)?

  1. Amazon Simple Workflow
  2. Amazon SQS
  3. Amazon SNS
  4. Amazon CloudSearch

Answer(s): B

Explanation:

Amazon Simple Queue Service (Amazon SQS) supports server-side encryption (SSE) to protect the contents of messages in queues using SQS-managed encryption keys or keys managed in the AWS Key Management Service (AWS KMS).

1. Enable SSE on Amazon SQS: When you create a new queue or update an existing queue, you can enable SSE by selecting the option for server-side encryption.

2. Choose Encryption Keys: You can choose to use the default SQS-managed keys (SSE-SQS) or select a custom customer-managed key in AWS KMS (SSE-KMS).

3. Secure Data Transmission: With SSE enabled, messages are encrypted as soon as Amazon SQS receives them and are stored in encrypted form.

4. Decryption for Authorized Consumers: Amazon SQS decrypts messages only when they are sent to an authorized consumer, ensuring the security of the message contents during transit.


Reference:

Amazon SQS provides server-side encryption to protect sensitive data in queues, using either SQS- managed encryption keys or customer-managed keys in AWS KMS1. This feature helps in meeting strict encryption compliance and regulatory requirements, making it suitable for scenarios where secure message transmission is critical12.



A security incident has occurred within an organization's AWS environment. A cloud forensic investigation procedure is initiated for the acquisition of forensic evidence from the compromised EC2 instances. However, it is essential to abide by the data privacy laws while provisioning any forensic instance and sending it for analysis.
What can the organization do initially to avoid the legal implications of moving data between two AWS regions for analysis?

  1. Create evidence volume from the snapshot
  2. Provision and launch a forensic workstation
  3. Mount the evidence volume on the forensic workstation
  4. Attach the evidence volume to the forensic workstation

Answer(s): A

Explanation:

When dealing with a security incident in an AWS environment, it's crucial to handle forensic evidence in a way that complies with data privacy laws. The initial step to avoid legal implications when moving data between AWS regions for analysis is to create an evidence volume from the snapshot of the compromised EC2 instances.

1. Snapshot Creation: Take a snapshot of the compromised EC2 instance's EBS volume. This snapshot captures the state of the volume at a point in time and serves as forensic evidence.

2. Evidence Volume Creation: Create a new EBS volume from the snapshot within the same AWS region to avoid cross-regional data transfer issues.

3. Forensic Workstation Provisioning: Provision a forensic workstation within the same region where the evidence volume is located.

4. Evidence Volume Attachment: Attach the newly created evidence volume to the forensic workstation for analysis.


Reference:

Creating an evidence volume from a snapshot is a recommended practice in AWS forensics. It ensures that the integrity of the data is maintained and that the evidence is handled in compliance with legal requirements12. This approach allows for the preservation, acquisition, and analysis of data without violating data privacy laws that may apply when transferring data across regions12.



The cloud administrator John was assigned a task to create a different subscription for each division of his organization. He has to ensure all the subscriptions are linked to a single

Azure AD tenant and each subscription has identical role assignments.
Which Azure service will he make use of?

  1. Azure AD Privileged Identity Management
  2. Azure AD Multi-Factor Authentication
  3. Azure AD Identity Protection
  4. Azure AD Self-Service Password Reset

Answer(s): A

Explanation:

To manage multiple subscriptions under a single Azure AD tenant with identical role assignments, Azure AD Privileged Identity Management (PIM) is the service that provides the necessary capabilities.

1. Link Subscriptions to Azure AD Tenant: John can link all the different subscriptions to the single Azure AD tenant to centralize identity management across the organization1.

2. Manage Role Assignments: With Azure AD PIM, John can manage, control, and monitor access within Azure AD, Azure, and other Microsoft Online Services like Office 365 or Microsoft 3652.

3. Identical Role Assignments: Azure AD PIM allows John to configure role assignments that are consistent across all subscriptions. He can assign roles to users, groups, service principals, or managed identities at a particular scope3.

4. Role Activation and Review: John can require approval to activate privileged roles, enforce just-in-time privileged access, require reason for activating any role, and review access rights2.


Reference:

Azure AD PIM is a feature of Azure AD that helps organizations manage, control, and monitor access within their Azure environment. It is particularly useful for scenarios where there are multiple subscriptions and a need to maintain consistent role assignments across them23.



An organization is developing a new AWS multitier web application with complex queries and table joins.

However, because the organization is small with limited staff, it requires high availability.
Which of the following Amazon services is suitable for the requirements of the organization?

  1. Amazon HSM
  2. Amazon Snowball
  3. Amazon Glacier
  4. Amazon DynamoDB

Answer(s): D

Explanation:

For a multitier web application that requires complex queries and table joins, along with the need for high availability, Amazon DynamoDB is the suitable service. Here's why:

1. Support for Complex Queries: DynamoDB supports complex queries and table joins through its flexible data model and secondary indexes.

2. High Availability: DynamoDB is designed for high availability and durability, with data replicated across multiple AWS Availability Zones1.

3. Managed Service: As a fully managed service, DynamoDB requires minimal operational overhead, which is ideal for organizations with limited staff.

4. Scalability: It can handle large amounts of traffic and data, scaling up or down as needed to meet the demands of the application.


Reference:

Amazon DynamoDB is a NoSQL database service that provides fast and predictable performance with seamless scalability. It is suitable for applications that require consistent, single-digit millisecond latency at any scale1. It's a fully managed, multi-region, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications1.



Viewing Page 4 of 26



Share your comments for EC-Council 312-40 exam with other users:

rsmyth 5/18/2023 12:44:00 PM

q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk
IRELAND


Keny 6/23/2023 9:00:00 PM

thanks, very relevant
PERU


Muhammad Rawish Siddiqui 11/29/2023 12:14:00 PM

wrong answer. it is true not false.
SAUDI ARABIA


Josh 7/10/2023 1:54:00 PM

please i need the mo-100 questions
Anonymous


VINNY 6/2/2023 11:59:00 AM

very good use full
Anonymous


Andy 12/6/2023 5:56:00 AM

very valid questions
Anonymous


Mamo 8/12/2023 7:46:00 AM

will these question help me to clear pl-300 exam?
UNITED STATES


Marial Manyang 7/26/2023 10:13:00 AM

please provide me with these dumps questions. thanks
Anonymous


Amel Mhamdi 12/16/2022 10:10:00 AM

in the pdf downloaded is write google cloud database engineer i think that it isnt the correct exam
FRANCE


Angel 8/30/2023 10:58:00 PM

i think you have the answers wrong regarding question: "what are three core principles of web content accessibility guidelines (wcag)? answer: robust, operable, understandable
UNITED STATES


SH 5/16/2023 1:43:00 PM

these questions are not valid , they dont come for the exam now
UNITED STATES


sudhagar 9/6/2023 3:02:00 PM

question looks valid
UNITED STATES


Van 11/24/2023 4:02:00 AM

good for practice
Anonymous


Divya 8/2/2023 6:54:00 AM

need more q&a to go ahead
Anonymous


Rakesh 10/6/2023 3:06:00 AM

question 59 - a newly-created role is not assigned to any user, nor granted to any other role. answer is b https://docs.snowflake.com/en/user-guide/security-access-control-overview
Anonymous


Nik 11/10/2023 4:57:00 AM

just passed my exam today. i saw all of these questions in my text today. so i can confirm this is a valid dump.
HONG KONG


Deep 6/12/2023 7:22:00 AM

needed dumps
INDIA


tumz 1/16/2024 10:30:00 AM

very helpful
UNITED STATES


NRI 8/27/2023 10:05:00 AM

will post once the exam is finished
UNITED STATES


kent 11/3/2023 10:45:00 AM

relevant questions
Anonymous


Qasim 6/11/2022 9:43:00 AM

just clear exam on 10/06/2202 dumps is valid all questions are came same in dumps only 2 new questions total 46 questions 1 case study with 5 question no lab/simulation in my exam please check the answers best of luck
Anonymous


Cath 10/10/2023 10:09:00 AM

q.112 - correct answer is c - the event registry is a module that provides event definitions. answer a - not correct as it is the definition of event log
VIET NAM


Shiji 10/15/2023 1:31:00 PM

good and useful.
INDIA


Ade 6/25/2023 1:14:00 PM

good questions
Anonymous


Praveen P 11/8/2023 5:18:00 AM

good content
UNITED STATES


Anastasiia 12/28/2023 9:06:00 AM

totally not correct answers. 21. you have one gcp account running in your default region and zone and another account running in a non-default region and zone. you want to start a new compute engine instance in these two google cloud platform accounts using the command line interface. what should you do? correct: create two configurations using gcloud config configurations create [name]. run gcloud config configurations activate [name] to switch between accounts when running the commands to start the compute engine instances.
Anonymous


Priyanka 7/24/2023 2:26:00 AM

kindly upload the dumps
Anonymous


Nabeel 7/25/2023 4:11:00 PM

still learning
Anonymous


gure 7/26/2023 5:10:00 PM

excellent way to learn
UNITED STATES


ciken 8/24/2023 2:55:00 PM

help so much
Anonymous


Biswa 11/20/2023 9:28:00 AM

understand sql col.
Anonymous


Saint Pierre 10/24/2023 6:21:00 AM

i would give 5 stars to this website as i studied for az-800 exam from here. it has all the relevant material available for preparation. i got 890/1000 on the test.
Anonymous


Rose 7/24/2023 2:16:00 PM

this is nice.
Anonymous


anon 10/15/2023 12:21:00 PM

q55- the ridac workflow can be modified using flow designer, correct answer is d not a
UNITED STATES