312-40 Practice Questions

Kevin Ryan has been working as a cloud security engineer over the past 2 years in a multinational company, which uses AWS-based cloud services. He launched an EC2 instance with Amazon Linux AMI. By disabling password-based remote logins, Kevin wants to eliminate all possible loopholes through which an attacker can exploit a user account remotely. To disable password-based remote logins, using the text editor, Kevin opened the /etc/ssh/sshd_config file and found the #PermitRootLogin yes line. Which of the following command lines should Kevin use to change the #PermitRootLogin yes line to disable password-based remote logins?

TeratInfo Pvt. Ltd. is an IT company that develops software products and applications for financial

organizations. Owing to the cost-effective storage features and robust services provided by cloud computing, TeratInfo Pvt. Ltd. adopted cloud-based services. Recently, its security team observed a dip in the organizational system performance. Susan, a cloud security engineer, reviewed the list of publicly accessible resources, security groups, routing tables, ACLs, subnets, and IAM policies. What is this process called?

AWS runs 35+ instances that are all CentOS machines. Updating these machines manually is a time-intensive task that may lead to missed updates for some instances and create vulnerabilities. Which of the following can be used to prevent each port of each instance from being opened to access the machine and install updates?

The e-commerce platform www.evoucher.com observes overspending 15% to 30% due to unawareness of the mistakes in threat detection and security governance while using the services of its cloud provider AWS. It feels it requires a well-thought-out roadmap to improve its cloud journey. How can the company accelerate its cloud journey with desired outcomes and business value?

The organization TechWorld Ltd. used cloud for its business. It operates from an EU country (Poland and Greece). Currently, the organization gathers and processes the data of only EU users. Once, the organization experienced a severe security breach, resulting in loss of critical user data. In such a case, along with its cloud service provider, the organization should be held responsible for non-compliance or breaches. Under which cloud compliance framework will the company and cloud provider be penalized?

Kevin Williamson has been working as a cloud security engineer in a startup IT company. The business performed by his organization does not require live updating. A DRaaS company provided a disaster recovery site to Kevin's organization with little or no equipment, backup services with no network connectivity, it does not perform automatic failover. and involves data synchronization with a high risk of data loss. Based on the given information, which of the following disaster recovery sites is provided by the DRaaS company to Kevin's organization?

Veronica Lauren has an experience of 4 years as a cloud security engineer. Recently, she joined an IT company as a senior cloud security engineer. In 2010, her organization became a victim of a cybersecurity attack in which the attacker breached her organization's cloud security perimeter and stole sensitive information. Since then, her organization started using Google cloud-based services and migrated the organizational workload and data in the Google cloud environment. Veronica would like to detect security breaches in her organization's cloud security perimeter. Which of the following built-in service of Google Security Command Center can help Veronica in monitoring her organization's cloud logging stream and collect logs from one or multiple projects to detect security breaches such as the presence of malware, brute force SSH attempts, and cryptomining?

Samuel Jackson has been working as a cloud security engineer for the past 12 years in VolkSec Pvt. Ltd., whose applications are hosted in a private cloud. Owing to the increased number of users for its services, the organizations is finding it difficult to manage the on-premises data center. To overcome scalability and data storage issues, Samuel advised the management of his organization to migrate to a public cloud and shift the applications and data. Once the suggestion to migrate to public cloud was accepted by the management, Samuel was asked to select a cloud service provider. After extensive research on the available public cloud service providers, Samuel made his recommendation. Within a short period, Samuel along with his team successfully transferred all applications and data to the public cloud. Samuel's team would like to configure and maintain the platform, infrastructure, and applications in the new cloud computing environment. Which

component of a cloud platform and infrastructure provides tools and interfaces to Samuel's team for

configuring and maintaining the platform, infrastructure, and application?

Stephen Cyrus has been working as a cloud security engineer in an MNC over the past 7 years. The database administration team requested Stephen to configure a server instance that can enhance the performance of their new database server running on Compute Engine. The database is built on MySQL running on Debian Linux and it is used to import and normalize the company's performance statistics. They have an n2-standard-8 virtual machine with 80 GB of SSD zonal persistent disk, which cannot be restarted until the next maintenance event. Which of the following can help Stephen to enhance the performance of this VM quickly and in a cost-effective manner?

Global CloudEnv is a cloud service provider that provides various cloud-based services to cloud consumers. The cloud service provider adheres to the framework that can be used as a tool to systematically assess cloud implementation by providing guidance on the security controls that should be implemented by specific actors within the cloud supply chain. It is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. Based on the given information, which of the following cybersecurity control frameworks does Global CloudEnv adhere to?