EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following uses security and encryption as means to prevent unauthorized copying and limitations on distribution to only those who pay?

Question2: IT Risk management is best described in:

Question3: All of the following are type of access controls except:

Question4: Which one of the following is NOT a level of CSA star program?

Question5: Which is the set of technologies that are designed to detect conditions indicative of a security vulnerability in an application in its running state?

Question6: Who is responsible for Application Security in Software as a Service(SaaS) service model?

Question7: Which of the following is the key difference between cloud computing and traditional virtualization?

Question8: Which of the following items is NOT an example of Security as a Service (SecaaS)?

Question9: A unit of processing, which can be in a virtual machine, a container, or other abstraction and always run somewhere on a processor and consume memory is called:

Question10: ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:

Question11: Which of the following establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information(PII) in accordance with the privacy principles in IS0/IEC 29100 for the public cloud computing environment?

Question12: Which of the following is NOT true about CSA Cloud control metrix (CCM)?

Question13: Which of the following Storage type is NOT associated with SaaS solution?

Question14: The ability of a cloud services datacentre and its associated components. including servers. storage. and so on. to continue operating in the event of a disruption. which may be equipment failure. power outage. or a natural disaster. known as:

Question15: Which of the cloud service model has least maintenance or administration from a cloud customer perspective?

Question16: Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches. Which one of the five characteristics is described as: a consumer can unilaterally provision computing capabilities such as server time and network storage as needed.

Question17: One of key focus of ISO 27001 standard is:

Question18: What is the process to determine any weaknesses in the application and the potential ingress, egress, and actors involved before the weakness is introduced to production?

Question19: Lack of CPU or network bandwidth and intermittent access to provisioned resources are examples of which of the following cloud risk?

Question20: Which of the following functions maps to all the phases of Data security life cycle?

Question21: Which of the following processes plays a major role in managing system vulnerabilities?

Question22: NIST defines five characteristics of cloud computing- Rapid Elasticity, Broad Network Access, 0n demand self-service, Metered Usage & Resource pooling. However, IS0/lEC17788 mentions one more characteristic in addition is those 5. Which of the following is that characterstic?

Question23: ISO 27001 certification can be taken as proof to achieve Third-party assessment level in CSA star program.

Question24: Cloud Security provider is responsible for Platform Security in Platform as a Service(PaaS) model.

Question25: One of the part of STRIDE model is:

Question26: In cloud services. risks and responsibilities are shared between the cloud provider and customer.
however. which of the following holds true?

Question27: Which of the following can result in vendor lock-in?

Question28: What is known as a code execution environment running within an operating system that shares and uses the resources of the operating system?

Question29: The intermediary that provides connectivity and transport of cloud services between the CSPs and the cloud service consumers is called:

Question30: Enterprise Risk Management is part of over all information Risk Management of the organization

Question31: Which of the following is also knows as white-box test and can be used to find XSS errors, SQL injection.
buffer overflows. unhandled error conditions. and potential backdoors?

Question32: Which of the following is NOT atypical approach of Key Storage in cloud?

Question33: The risk left in any system after all countermeasures and strategies have been applied is called:

Question34: The basis for deciding which laws are most appropriate in a situation where conflicting laws exist. refers to:

Question35: John said that he is looking for cloud service which is self-serviced and has a on-demand capacity. Which service model is he referring to?

Question36: The characteristics and traits of an individual that when aggregated could reveal the identity of that person. are known as:

Question37: Which one of the following is the key techniques to create cloud infrastructure?

Question38: CCM: A hypothetical company called: "Health4Sure" is located in the United States and provides cloud based services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document to potential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure's cloud service?

Question39: Which of the following Standards define "Application Security Management Process" (ASMP)?

Question40: Which attack surfaces, if any, does virtualization technology introduce?

Question41: Which of the following is NOT a component of Software Defined Perimeter as defined by Cloud Security Alliance Working group on SDP?

Question42: A SIEM device should be tuned in regularly to:

Question43: As with security. compliance in the cloud is a shared responsibility model.

Question44: Which of the following leverages virtual network topologies to run more. smaller. and more isolated networks without incurring additional hardware costs that historically make such models prohibitive?

Question45: Under the new EU data protection rules. data destruction and corruption of personal data.

Question46: Which of the following is correct about Due Care & Due Diligence?

Question47: Which of the following best describes the relationship between a cloud provider and the customer?

Question48: What is the key difference between Business Continuity and Business Continuity Management?

Question49: In the IaaS hosted environment. who is ultimately responsible for platform security?

Question50: REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.

Question51: One of the main reasons and advantage of having external audit is:

Question52: GRC is responsibility of ______ in the all cloud services models

Question53: Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

Question54: Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub.

Question55: Network logs from cloud providers are typically flow records, not full packet captures.

Question56: In which service model, cloud consumer is responsible to manage authorizations and entitlements only?

Question57: Which one of the following is the key tool of Cloud Governance?

Question58: Cloud customer can do vulnerability assessment of their whole infrastructure on cloud just like they conduct vulnerbility assessment of their traditional infrastructure.

Question59: What is it called when you lose control of the amount of content on your image store?

Question60: Why is a service type of network typically isolated on different hardware?

Question61: Which of the following is not an abuse or misuse of cloud services?

Question62: Which of the following is an assurance program and documentation registry for cloud provider assessments?

Question63: Which of the following is NOT part of Risk management process?

Question64: According to Cloud Security Alliance logical model of cloud computing, which of the following defines the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers.

Question65: When deploying Security as a Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA?

Question66: Identifying the specific threats against servers and determine the effectiveness of existing security controls in counteracting the threats. is known as:

Question67: Which of the following Standards is normally followed to manage Enterprise Risk?

Question68: What is the newer application development methodology and philosophy focused on automation of application development and deployment?

Question69: Which of the following authentication is most secured?

Question70: One of the primary benefits of the cloud is the ability to perform dynamic allocation of physical resources when required. The most common approach is a multi-tenant environment. However, it increases risk of disclosure of customer dat a. This can happen because of which of the following?

Question71: Which of the following reports is of most interest to the customer but may not be provided by Cloud Service Provider?

Question72: Which of the authentication is more secured?

Question73: Use elastic servers when possible and move workloads to new instances.

Question74: An important consideration when performing a remote vulnerability test of a cloud-based application is to

Question75: Your cloud and on-premises infrastructures should always use the same network address ranges.

Question76: Operating System management is done by customer in which service model of cloud computing?

Question77: ln which of the following cloud service models is the customer required to maintain the operating system?

Question78: What is the characteristic that allows the cloud provider to meet various demands from customers while remaining financially viable?

Question79: Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.

Question80: Which of the standards is related to risk management?

Question81: Which of the following is a form of compliance inheritance and the cloud service provider takes responsibility for the costs and maintenance of certifications for its infrastructure or services?

Question82: Which of the following allows organizations to access, report, and obtain evidence of actions, controls, and processes that were performed or run by a specified user?

Question83: Which is the primary tool for governance in Cloud Computing environment?

Question84: One of the purpose of incident response is to minimize the adverse impact on business organizations.

Question85: What item below allows disparate directory services and independent security domains to be interconnected?

Question86: Which of the following is NOT a characteristic of cloud computing?

Question87: Which standard offers guidelines for information security controls applicable to the provision and use of cloud services?

Question88: Which provides guidelines for organizational information security standards including the selection, implementation, and management of controls taking into consideration the organization's information security risk environments?

Question89: Stopping a function to control further risk to business is called:

Question90: CCM: The following list of controls belong to which domain of the CCM?
GRM 06 - Policy GRM 07 - Policy Enforcement GRM 08 - Policy Impact on Risk Assessments GRM 09 - Policy Reviews GRM 10 - Risk Assessments GRM 11 - Risk Management Framework

Question91: In which cloud service model is the customer only responsible for the data?

Question92: "Cloud provider acquisition" as a risk fall under which of the following categories?

Question93: CCM: In the CCM tool, "Encryption and Key Management" is an example of which of the following?

Question94: What refers refer the model that allows customers to scale their computer and/ or storage needs with little or no intervention from or prior communication with the provider. The services happen in real time?

Question95: Which of the following decouples the network control plane from the data plane and allows to abstract networking from the tradition a limitations of a LAN?

Question96: Which one of the following is NOT one of phases for cloud auditing?

Question97: Which communication methods within a cloud environment must be exposed for partners or consumers to access database information using a web application?

Question98: Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?

Question99: Which of the following processes leverages virtual network topologies to run more smaller and more isolated networks without incurring additional hardware costs?

Question100: Code execution environments that run within an operating system. sharing and leveraging resources of that operating system is called :

Question101: The key focus of any business continuity or disaster recovery should be:

Question102: Which is the most common control used for Risk Transfer?

Question103: As we move from Software as a Service Model towards Infrastructure as a service Model. security responsibility decreases from towards cloud consumer from that of Cloud Service Provider.

Question104: Who is responsible for the safe custody, transport, data storage. and implementation of business rules in relation to the privacy?

Question105: The entity that has the primary relationship with an individual from whom his/her PII is collected is known as: