EMT Practice Test

1. Question Content...


Question List

Question1: When designing a cloud-native application that requires scalable and durable data storage, which storage option should be primarily considered?

Question2: Who is responsible for the security of the physical infrastructure and virtualization platform?

Question3: Which AI workload mitigation strategy best addresses model inversion attacks that threaten data confidentiality?

Question4: When investigating an incident in an Infrastructure as a Service (IaaS) environment, what can the user investigate on their own?

Question5: How is encryption managed on multi-tenant storage?

Question6: Which of the following best describes compliance in the context of cybersecurity?

Question7: Any given processor and memory will nearly always be running multiple workloads, often from different tenants.

Question8: When comparing different Cloud Service Providers (CSPs), what should a cybersecurity professional be mindful of regarding their organizational structures?

Question9: In a cloud context, what does entitlement refer to in relation to a user's permissions?

Question10: Which of the following best describes the Identity Provider (IdP) and its role in managing access to deployments?

Question11: What is one of the primary advantages of including Static Application Security Testing (SAST) in Continuous Integration (CI) pipelines?

Question12: ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:

Question13: Which of the following best describes a key aspect of cloud risk management?

Question14: What is a key component of governance in the context of cybersecurity?

Question15: Select the statement below which best describes the relationship between identities and attributes

Question16: Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?

Question17: Which principle reduces security risk by granting users only the permissions essential for their role?

Question18: Which of the following best describes a primary risk associated with the use of cloud storage services?

Question19: Which feature in cloud enhances security by isolating deployments similar to deploying in distinct data centers?

Question20: Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches. Which one of the five characteristics is described as: a consumer can unilaterally provision computing capabilities such as server time and network storage as needed.

Question21: What is critical for securing serverless computing models in the cloud?

Question22: Network logs from cloud providers are typically flow records, not full packet captures.

Question23: Select the best definition of "compliance" from the options below.

Question24: What item below allows disparate directory services and independent security domains to be interconnected?

Question25: What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

Question26: CCM: The Architectural Relevance column in the CCM indicates the applicability of the cloud security control to which of the following elements?

Question27: Why is consulting with stakeholders important for ensuring cloud security strategy alignment?

Question28: What type of information is contained in the Cloud Security Alliance's Cloud Control Matrix?

Question29: In the context of cloud workload security, which feature directly contributes to enhanced performance and resource utilization without incurring excess costs?

Question30: How does SASE enhance traffic management when compared to traditional network models?

Question31: What is a primary benefit of implementing Zero Trust (ZT) architecture in cloud environments?

Question32: How does virtualized storage help avoid data loss if a drive fails?

Question33: How does running applications on distinct virtual networks and only connecting networks as needed help?

Question34: In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?

Question35: Why is a service type of network typically isolated on different hardware?

Question36: What are the encryption options available for SaaS consumers?

Question37: In the Software-as-a-service relationship, who is responsible for the majority of the security?

Question38: All cloud services utilize virtualization technologies.

Question39: An important consideration when performing a remote vulnerability test of a cloud-based application is to

Question40: What's the difference between DNS Logs and Flow Logs?

Question41: What is the primary function of a Load Balancer Service in a Software Defined Network (SDN) environment?

Question42: Which of the following cloud computing models primarily provides storage and computing resources to the users?

Question43: Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

Question44: Which cloud storage technology is basically a virtual hard drive for instanced or VMs?

Question45: Which plane in a network architecture is responsible for controlling all administrative actions?

Question46: What is the primary advantage of implementing Continuous Integration and Continuous Delivery/Deployment (CI/CD) pipelines in the context of cybersecurity?

Question47: What is the newer application development methodology and philosophy focused on automation of application development and deployment?

Question48: Which aspect is crucial for crafting and enforcing CSP (Cloud Service Provider) policies?

Question49: Which of the following best describes an authoritative source in the context of identity management?

Question50: Which of the following is used for governing and configuring cloud resources and is a top priority in cloud security programs?

Question51: What is a primary benefit of consolidating traffic through a central bastion/transit network in a hybrid cloud environment?

Question52: Which aspects are most important for ensuring security in a hybrid cloud environment?

Question53: Which of the following is a primary purpose of establishing cloud risk registries?

Question54: Why is it essential to include key metrics and periodic reassessment in cybersecurity governance?

Question55: What is the primary advantage of implementing Continuous Integration and Continuous Delivery/Deployment (CI/CD) pipelines in the context of cybersecurity?

Question56: Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?

Question57: What is the primary purpose of cloud governance in an organization?

Question58: What is the most significant security difference between traditional infrastructure and cloud computing?

Question59: What is a key consideration when implementing AI workloads to ensure they adhere to security best practices?

Question60: How does cloud sprawl complicate security monitoring in an enterprise environment?

Question61: The containment phase of the incident response lifecycle requires taking systems offline.

Question62: Which of the following is the MOST common cause of cloud-native security breaches?

Question63: Which concept provides the abstraction needed for resource pools?

Question64: Why is identity management at the organization level considered a key aspect in cybersecurity?

Question65: Which of the following is NOT normally a method for detecting and preventing data migration into the cloud?

Question66: Which practice ensures container security by preventing post-deployment modifications?

Question67: Which of the following encryption methods would be utilized when object storage is used as the back-end for an application?

Question68: Which type of controls should be implemented when required controls for a cybersecurity framework cannot be met?

Question69: Which of the following BEST describes a benefit of Infrastructure as Code (IaC) in cybersecurity contexts?

Question70: In a cloud environment, what does the Shared Security Responsibility Model primarily aim to define?

Question71: Which of the following best describes the concept of AI as a Service (AIaaS)?

Question72: What item below allows disparate directory services and independent security domains to be interconnected?

Question73: Your cloud and on-premises infrastructures should always use the same network address ranges.

Question74: What type of logs record interactions with specific services in a system?

Question75: In volume storage, what method is often used to support resiliency and security?

Question76: When designing an encryption system, you should start with a threat model.

Question77: In which deployment model should the governance strategy consider the minimum common set of controls comprised of the Cloud Service Provider contract and the organization's internal governance agreements?

Question78: Which strategic approach is most appropriate for managing a multi-cloud environment that includes multiple IaaS and PaaS providers?

Question79: Which type of AI workload typically requires large data sets and substantial computing resources?

Question80: Which of the following is one of the five essential characteristics of cloud computing as defined by NIST?

Question81: What should every cloud customer set up with its cloud service provider (CSP) that can be utilized in the event of an incident?

Question82: Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?

Question83: Which of the following statements best defines the "authorization" as a component of identity, entitlement, and access management?

Question84: Which Identity and Access Management (IAM) principle focuses on implementing multiple security layers to dilute access power, thereby averting a misuse or compromise?

Question85: What is the primary focus during the Preparation phase of the Cloud Incident Response framework?

Question86: What process involves an independent examination of records, operations, processes, and controls within an organization to ensure compliance with cybersecurity policies, standards, and regulations?

Question87: What is a core tenant of risk management?

Question88: What is true of security as it relates to cloud network infrastructure?

Question89: Which of the following events should be monitored according to CIS AWS benchmarks?

Question90: Which of the following statements is true in regards to Data Loss Prevention (DLP)?

Question91: What is a common characteristic of default encryption provided by cloud providers for data at rest?

Question92: What method can be utilized along with data fragmentation to enhance security?

Question93: Which of the following best describes an aspect of PaaS services in relation to network security controls within a cloud environment?

Question94: Which term describes any situation where the cloud consumer does
not manage any of the underlying hardware or virtual machines?

Question95: What is the purpose of access policies in the context of security?

Question96: Which of the following best describes the purpose of cloud security control objectives?

Question97: How should an SDLC be modified to address application security in a Cloud Computing environment?

Question98: Which of the following best describes a primary focus of cloud governance with an emphasis on security?

Question99: What is the primary goal of implementing DevOps in a software development lifecycle?

Question100: In the context of incident response, which phase involves alerts validation to reduce false positives and estimates the incident's scope?

Question101: Which cloud service model allows users to access applications hosted and managed by the provider, with the user only needing to configure the application?

Question102: Big data includes high volume, high variety, and high velocity.

Question103: How does serverless computing impact infrastructure management responsibility?

Question104: ENISA: Which is a potential security benefit of cloud computing?

Question105: What is the primary function of Privileged Identity Management (PIM) and Privileged Access Management (PAM)?

Question106: Which cloud service model typically places the most security responsibilities on the cloud customer?

Question107: Which tool is most effective for ensuring compliance and identifying misconfigurations in cloud management planes?

Question108: ENISA: Which is not one of the five key legal issues common across all scenarios:

Question109: How can virtual machine communications bypass network security controls?

Question110: Which approach creates a secure network, invisible to unauthorized users?

Question111: Which of the following best describes the shift-left approach in software development?

Question112: In Identity and Access Management (IAM) containment, why is it crucial to understand if an attacker escalated their identity?

Question113: What's the best way for organizations to establish a foundation for safeguarding data, upholding privacy, and meeting regulatory requirements in cloud applications?

Question114: In preparing for cloud incident response, why is it crucial to establish a cloud deployment registry?

Question115: Which statement best describes the impact of Cloud Computing on business continuity management?

Question116: What primary aspects should effective cloud governance address to ensure security and compliance?

Question117: A security failure at the root network of a cloud provider will not compromise the security of all customers because of multitenancy configuration.