EMT Practice Test
1. Question Content...
Question2: IT Risk management is best described in:
Question3: All of the following are type of access controls except:
Question4: Which one of the following is NOT a level of CSA star program?
Question6: Who is responsible for Application Security in Software as a Service(SaaS) service model?
Question8: Which of the following items is NOT an example of Security as a Service (SecaaS)?
Question12: Which of the following is NOT true about CSA Cloud control metrix (CCM)?
Question13: Which of the following Storage type is NOT associated with SaaS solution?
Question17: One of key focus of ISO 27001 standard is:
Question20: Which of the following functions maps to all the phases of Data security life cycle?
Question21: Which of the following processes plays a major role in managing system vulnerabilities?
Question25: One of the part of STRIDE model is:
Question27: Which of the following can result in vendor lock-in?
Question32: Which of the following is NOT atypical approach of Key Storage in cloud?
Question37: Which one of the following is the key techniques to create cloud infrastructure?
Question40: Which attack surfaces, if any, does virtualization technology introduce?
Question42: A SIEM device should be tuned in regularly to:
Question43: As with security. compliance in the cloud is a shared responsibility model.
Question46: Which of the following is correct about Due Care & Due Diligence?
Question49: In the IaaS hosted environment. who is ultimately responsible for platform security?
Question51: One of the main reasons and advantage of having external audit is:
Question52: GRC is responsibility of ______ in the all cloud services models
Question55: Network logs from cloud providers are typically flow records, not full packet captures.
Question57: Which one of the following is the key tool of Cloud Governance?
Question59: What is it called when you lose control of the amount of content on your image store?
Question60: Why is a service type of network typically isolated on different hardware?
Question61: Which of the following is not an abuse or misuse of cloud services?
Question63: Which of the following is NOT part of Risk management process?
Question67: Which of the following Standards is normally followed to manage Enterprise Risk?
Question69: Which of the following authentication is most secured?
Question72: Which of the authentication is more secured?
Question73: Use elastic servers when possible and move workloads to new instances.
Question80: Which of the standards is related to risk management?
Question83: Which is the primary tool for governance in Cloud Computing environment?
Question86: Which of the following is NOT a characteristic of cloud computing?
Question89: Stopping a function to control further risk to business is called:
Question91: In which cloud service model is the customer only responsible for the data?
Question92: "Cloud provider acquisition" as a risk fall under which of the following categories?
Question96: Which one of the following is NOT one of phases for cloud auditing?
Question101: The key focus of any business continuity or disaster recovery should be:
Question102: Which is the most common control used for Risk Transfer?