312-40 Exam Details

  • Exam Code
    :312-40
  • Exam Name
    :EC-Council Certified Cloud Security Engineer (CCSE)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :147 Q&As
  • Last Updated
    :Jul 14, 2026

EC-COUNCIL 312-40 Online Questions & Answers

  • Question 11:

    VoxCloPro is a cloud service provider based in South America that offers all types of cloud-based services to cloud consumers. The cloud-based services provided by VoxCloPro are secure and cost-effective. Terra Soft.

    Pvt. Ltd. is an IT company that adopted the cloud-based services of VoxCloPro and transferred the data and applications owned by the organization from on-premises to the VoxCloPro cloud environment. According to the data protection laws of Central and South American countries, who among the following is responsible for ensuring the security and privacy of personal data?

    A. Cloud Carrier
    B. Cloud Broker
    C. Terra Soft. Pvt. Ltd
    D. VoxCloPro

  • Question 12:

    TeratInfo Pvt. Ltd. is an IT company that develops software products and applications for financial organizations. Owing to the cost-effective storage features and robust services provided by cloud computing, TeratInfo Pvt. Ltd. adopted cloud-based services. Recently, its security team observed a dip in the organizational system performance. Susan, a cloud security engineer, reviewed the list of publicly accessible resources, security groups, routing tables, ACLs, subnets, and IAM policies. What is this process called?

    A. Checking audit and evidence-gathering features in the cloud service
    B. Checking for the right implementation of security management
    C. Testing for virtualization management security
    D. Performing cloud reconnaissance

  • Question 13:

    Assume you work for an IT company that collects user behavior data from an e-commerce web application. This data includes the user interactions with the applications, such as purchases, searches, saved items, etc. Capture this data, transform it into zip files, and load these massive volumes of zip files received from an application into Amazon S3. Which AWS service would you use to do this?

    A. AWS Migration Hub
    B. AWS Database Migration Service
    C. AWS Kinesis Data Firehose
    D. AWS Snowmobile

  • Question 14:

    Kenneth Danziger has been working as a cloud security engineer in a multinational company. His organization uses AWS cloud-based services. Kenneth would like to review the changes in configuration and the relationships between AWS resources, examine the detailed resource configuration history, and determine the overall compliance of his organization against the configurations specified in internal guidelines. Which of the following AWS services enables Kenneth to assess, audit, and evaluate the configuration of AWS resources?

    A. AWS CloudTrail
    B. AWS CloudFormation
    C. AWS Config
    D. AWS Security Hub

  • Question 15:

    Global SoftTechSol is a multinational company that provides customized software solutions and services to various clients located in different countries. It uses a public cloud to host its applications and services. Global SoftTechSol uses Cloud Debugger to inspect the current state of a running application in real-time, find bugs, and understand the behavior of the code in production. Identify the service provider that provides the Cloud Debugger feature to Global SoftTechSol?

    A. Google
    B. AWS
    C. IBM
    D. Azure

  • Question 16:

    IntSecureSoft Solutions Pvt. Ltd. is an IT company that develops software and applications for various educational institutions. The organization has been using Google cloud services for the past 10 years. Tara Reid works as a cloud security engineer in IntSecureSoft Solutions Pvt. Ltd. She would like to identify various misconfigurations and vulnerabilities such as open storage buckets, instances that have not implemented SSL, and resources without an enabled Web UI. Which of the following is a native scanner in the Security Command Center that assesses the overall security state and activity of virtual machines, containers, network, and storage along with the identity and access management policies?

    A. Log Analytics Workspace
    B. Google Front End
    C. Security Health Analytics
    D. Synapse Analytics

  • Question 17:

    Frances Fisher has been working as a cloud security engineer in a multinational company. Her organization uses Microsoft Azure cloud-based services. Frances created a resource group (devResourceGroup); then, she created a virtual machine (devVM) in that resource group. Next. Frances created a Bastion host for the virtual machine (devVM) and she connected the virtual machine using Bastion from the Azure portal. Which of the following protocols Is used by Azure Bastion to provide secure connectivity to Frances' virtual machine (devVM) from the Azure portal?

    A. TLS
    B. HTTP
    C. Telnet
    D. TCP

  • Question 18:

    Aidan McGraw is a cloud security engineer in a multinational company. In 2018, his organization deployed its workloads and data in a cloud environment. Aidan was given the responsibility of securing high-valued information that needs to be shared outside the organization from unauthorized intruders and hackers. He would like to protect sensitive information about his organization, which will be shared outside the organization, from attackers by encrypting the data and including user permissions inside the file containing this information. Which technology satisfies Aidan's requirements?

    A. Information Rights Management
    B. Identity and Access Management
    C. System for Cross-Domain Identity Management
    D. Privileged User Management

  • Question 19:

    An organization wants to implement a zero-trust access model for its SaaS application on the GCP as well as its on-premises applications. Which of the following GCP services can be used to eliminate the need for setting up a company-wide VPN and implement the RBAC feature to verify employee identities to access organizational applications?

    A. Cloud Endpoints
    B. Identity-Aware Proxy (IAP)
    C. Cloud Security Scanner
    D. Web Application and API Protection

  • Question 20:

    FinTech Inc. is an IT company that utilizes a cloud platform to run its IT infrastructure. Employees belonging to various departments do not implement the rules and regulations framed by the IT department, which leads to fragmented control and breaches that affect the efficiency of cloud services. How can the organization effectively overcome shadow IT and unwarranted usage of cloud resources in this scenario?

    A. By implementing cloud risk management
    B. By implementing cloud governance
    C. By implementing regulatory compliance
    D. By implementing corporate compliance

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-40 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.