EMT Practice Test

1. Question Content...


Question List

Question1: Aidan McGraw is a cloud security engineer in a multinational company. In 2018, his organization deployed its workloads and data in a cloud environment. Aidan was given the responsibility of securing high-valued information that needs to be shared outside the organization from unauthorized intruders and hackers. He would like to protect sensitive information about his organization, which will be shared outside the organization, from attackers by encrypting the data and including user permissions inside the file containing this information. Which technology satisfies Aidan's requirements?

Question2: Teresa Palmer has been working as a cloud security engineer in a multinational company. Her organization contains a huge amount of data; if these data are transferred to AWS S3 through the internet, it will take weeks. Teresa's organization does not want to spend money on upgrading its internet to a high-speed internet connection. Therefore, Teresa has been sending large amounts of backup data (terabytes to petabytes) to AWS from on-premises using a physical device, which was provided by Amazon. The data in the physical device are imported and exported from and to AWS S3 buckets. This method of data transfer is cost-effective, secure, and faster than the internet for her organization. Based on the given information, which of the following AWS services is being used by Teresa?

Question3: A large e-commerce company named ShopZone uses GCP to host its online store. Recently, the company noticed several errors reported by customers while trying to make purchases on their website. They suspect that there may be some issue with the payment processing system. To investigate this issue, the cloud forensic team of the company decided to look at the logs for the payment processing system and identify anomalies that may be causing the problem. Which of the following GCP log categories helps the team gain the relevant information?

Question4: On database system of a hospital maintains rarely-accessed patients' data such as medical records including high-resolution images of ultrasound reports, MRI scans, and X-Ray reports for years. These records occupy a lot of space and need to be kept safe as it contains sensitive medical data. Which of the following Azure storage services best suitable for such rarely-accessed data with flexible latency requirement?

Question5: Katie Holmes has been working as a cloud security engineer over the past 7 years in an MNC. Since the outbreak of the COVID-19 pandemic, the cloud service provider could not provide cloud services efficiently to her organization. Therefore, Katie suggested to the management that they should design and build their own data center. Katie's requisition was approved, and after 8 months, Katie's team successfully designed and built an on-premises data center. The data center meets all organizational requirements; however, the capacity components are not redundant. If a component is removed, the data center comes to a halt. Which tier data center was designed and constructed by Katie's team?

Question6: Shell Solutions Pvt. Ltd. is an IT company that develops software products and services for BPO companies.
The organization became a victim of a cybersecurity attack. Therefore, it migrated its applications and workloads from on-premises to a cloud environment. Immediately, the organization established an incident response team to prevent such incidents in the future. Using intrusion detection system and antimalware software, the incident response team detected a security incident and mitigated the attack. The team recovered the resources from the incident and identified various vulnerabilities and flaws in their cloud environment.
Which step of the incident response lifecycle includes the lessons learned from previous attacks and analyzes and documents the incident to understand what should be improved?

Question7: A multinational company decided to shift its organizational infrastructure and data to the cloud. Their team finalized the service provider. Which of the following is a contract that can define the security standards agreed upon by the service provider to maintain the security of the organizational data and infrastructure and define organizational data compliance?

Question8: Global SciTech Pvt. Ltd. is an IT company that develops healthcare-related software. Using an incident detection system (IDS) and antivirus software, the incident response team of the organization has observed that attackers are targeting the organizational network to gain access to the resources in the on-premises environment. Therefore, their team of cloud security engineers met with a cloud service provider to discuss the various security provisions offered by the cloud service provider. While discussing the security of the organization's virtual machine in the cloud environment, the cloud service provider stated that the Network Security Groups (NSGs) will secure the VM by allowing or denying network traffic to VM instances in a virtual network based on inbound and outbound security rules. Which of the following cloud service provider filters the VM network traffic in a virtual network using NSGs?

Question9: Rachel McAdams works as a senior cloud security engineer in a cloud service provider company. Owing to the robust services and security features provided by her organization, the number of cloud consumers continues to increase. To mee the increasing cloud consumer requirements, her organization decided to build more data centers. Therefore, Rachel's organization formed a new team to design and construct data centers.
Rachel is also part of the team and was given the responsibility of designing the data center. How can Racheal maintain a stable temperature in the HVAC unit?

Question10: An organization with resources on Google Cloud regularly backs up its service capabilities to ensure high availability and reduce the downtime when a zone or instance becomes unavailable owing to zonal outage or memory shortage in an instance. However, as protocol, the organization must frequently test whether these regular backups are configured. Which tool's high availability settings must be checked for this?

Question11: VoxCloPro is a cloud service provider based in South America that offers all types of cloud-based services to cloud consumers. The cloud-based services provided by VoxCloPro are secure and cost-effective. Terra Soft.
Pvt. Ltd. is an IT company that adopted the cloud-based services of VoxCloPro and transferred the data and applications owned by the organization from on-premises to the VoxCloPro cloud environment. According to the data protection laws of Central and South American countries, who among the following is responsible for ensuring the security and privacy of personal data?

Question12: Alice, a cloud forensic investigator, has located, a relevant evidence during his investigation of a security breach in an organization's Azure environment. As an investigator, he needs to sync different types of logs generated by Azure resources with Azure services for better monitoring. Which Azure logging and auditing feature can enable Alice to record information on the Azure subscription layer and obtain the evidence (information related to the operations performed on a specific resource, timestamp, status of the operation, and the user responsible for it)?

Question13: Kenneth Danziger has been working as a cloud security engineer in a multinational company. His organization uses AWS cloud-based services. Kenneth would like to review the changes in configuration and the relationships between AWS resources, examine the detailed resource configuration history, and determine the overall compliance of his organization against the configurations specified in internal guidelines. Which of the following AWS services enables Kenneth to assess, audit, and evaluate the configuration of AWS resources?

Question14: SevocSoft Private Ltd. is an IT company that develops software and applications for the banking sector. The security team of the organization found a security incident caused by misconfiguration in Infrastructure-as-Code (laC) templates. Upon further investigation, the security team found that the server configuration was built using a misconfigured laC template, which resulted in security breach and exploitation of the organizational cloud resources. Which of the following would have prevented this security breach and exploitation?

Question15: SecureSoftWorld Pvt. Ltd. is an IT company that develops software solutions catering to the needs of the healthcare industry. Most of its services are hosted in Google cloud. In the cloud environment, to secure the applications and services, the organization uses Google App Engine Firewall that controls the access to the App Engine with a set of rules that denies or allows requests from a specified range of IPs. How many unique firewall rules can SecureSoftWorld Pvt. Ltd define using App Engine Firewall?

Question16: TechnoSoft Pvt. Ltd. is a BPO company that provides 24 * 7 customer service. To secure the organizational data and applications from adversaries, the organization adopted cloud computing. The security team observed that the employees are browsing restricted and inappropriate web pages. Which of the following techniques will help the security team of TechnoSoft Pvt. Ltd. in preventing the employees from accessing restricted or inappropriate web pages?

Question17: Teresa Ruiz works as a cloud security engineer in an IT company. In January 2021, the data deployed by her in the cloud environment was corrupted, which caused a tremendous loss to her organization. Therefore, her organization changed its cloud service provider. After deploying the workload and data in the new service provider's cloud environment, Teresa backed up the entire data of her organization. A new employee, Barbara Houston, who recently joined Teresa's organization as a cloud security engineer, only backed up those files that changed since the last executed backup. Which type of backup was performed by Barbara in the cloud?

Question18: Global SoftTechSol is a multinational company that provides customized software solutions and services to various clients located in different countries. It uses a public cloud to host its applications and services. Global SoftTechSol uses Cloud Debugger to inspect the current state of a running application in real-time, find bugs, and understand the behavior of the code in production. Identify the service provider that provides the Cloud Debugger feature to Global SoftTechSol?

Question19: Chris Noth has recently joined CloudAppSec Private Ltd. as a cloud security engineer. Owing to several instances of malicious activities performed by former employees on his organization's applications and data that reside in an on-premises environment, in 2010, his organization adopted cloud computing and migrated all applications and data to the cloud. Chris would like to manage user identities in cloud-based services and applications. Moreover, he wants to reduce the risk caused by the accounts of former users (employees) by ensuring that the users who leave the system can no longer log in to the system. Therefore, he has enforced an IAM standard that can automate the provisioning and de-provisioning of users when they enter and leave the system. Which of the following IAM standards is implemented by Chris Noth?

Question20: Coral IT Systems is a multinational company that consumes cloud services. As a cloud service consumer (CSC), the organization should perform activities such as selecting, monitoring, implementing, reporting, and securing the cloud services. The CSC and cloud service provider (CSP) have a business relationship in which the CSP delivers cloud services to the CSC. Which cloud governance role is applicable to the organization?

Question21: Sandra Oliver has been working as a cloud security engineer in an MNC. Her organization adopted the Microsoft Azure cloud environment owing to its on-demand scalability, robust security, and high availability features. Sandra's team leader assigned her the task to increase the availability of organizational applications; therefore, Sandra is looking for a solution that can be utilized for distributing the traffic to backend Azure virtual machines based on the attributes of the HTTP request received from clients. Which of the following Azure services fulfills Sarah's requirements?

Question22: Daffod is an American cloud service provider that provides cloud-based services to customers worldwide.
Several customers are adopting the cloud services provided by Daffod because they are secure and cost- effective. Daffod complies with the cloud computing law enacted in the US to realize the importance of information security in the economic and national security interests of the US. Based on the given information, which law order does Daffod adhere to?

Question23: A web server passes the reservation information to an application server and then the application server queries an Airline service. Which of the following AWS service allows secure hosted queue server-side encryption (SSE), or uses custom SSE keys managed in AWS Key Management Service (AWS KMS)?

Question24: Brentech Services allows its clients to access (read, write, or delete) Google Cloud Storage resources for a limited time without a Google account while it controls access to Cloud Storage. How does the organization accomplish this?

Question25: A new public web application is deployed on AWS that will run behind an Application Load Balancer (ALB).
An AWS security expert needs to encrypt the newly deployed application at the edge with an SSL/TLS certificate issued by an external certificate authority. In addition, he needs to ensure the rotation of the certificate yearly before it expires. Which of the following AWS services can be used to accomplish this?

Question26: Cosmic IT Services wants to migrate to cloud computing. Before migrating to the cloud, the organization must set business goals for cloud computing as per the guidelines of a standard IT governance body. Which standard IT governance body can help the organization to set business goals and objectives for cloud computing by offering the IT governance named COBIT (Control Objective for Information and Related Technology)?

Question27: Shannon Elizabeth works as a cloud security engineer in VicPro Soft Pvt. Ltd. Microsoft Azure provides all cloud-based services to her organization. Shannon created a resource group (ProdRes), and then created a virtual machine (myprodvm) in the resource group. On myprodvm virtual machine, she enabled JIT from the Azure Security Center dashboard. What will happen when Shannon enables JIT VM access?

Question28: A mid-sized company uses Azure as its primary cloud provider for its infrastructure. Its cloud security analysts are responsible for monitoring security events across multiple Azure resources (subscriptions, VMs, Storage, and SQL databases) and getting threat intelligence and intelligent security analytics throughout their organization. Which Azure service would the security analysts use to achieve their goal of having a centralized view of all the security events and alerts?

Question29: Jerry Mulligan is employed by an IT company as a cloud security engineer. In 2014, his organization migrated all applications and data from on-premises to a cloud environment. Jerry would like to perform penetration testing to evaluate the security across virtual machines, installed apps, and OSes in the cloud environment, including conducting various security assessment steps against risks specific to the cloud that could expose them to serious threats. Which of the following cloud computing service models does not allow cloud penetration testing (CPEN) to Jerry?

Question30: Being a cloud security administrator, Jonathan is responsible for securing the large-scale cloud infrastructure of his organization SpectrumIT Solutions. The organization has to implement a threat detection and analysis system so that Jonathan would receive alerts regarding all misconfigurations and network intrusions in the organization's cloud infrastructure. Which AWS service would enable him to use to receive alerts related to risks?

Question31: Global InfoSec Solution Pvt. Ltd. is an IT company that develops mobile-based software and applications. For smooth, secure, and cost-effective facilitation of business, the organization uses public cloud services. Now, Global InfoSec Solution Pvt. Ltd. is encountering a vendor lock-in issue. What is vendor lock-in in cloud computing?

Question32: SecureSoft IT Pvt. Ltd. is an IT company located in Charlotte, North Carolina, that develops software for the healthcare industry. The organization generates a tremendous amount of unorganized data such as video and audio files. Kurt recently joined SecureSoft IT Pvt. Ltd. as a cloud security engineer. He manages the organizational data using NoSQL databases. Based on the given information, which of the following data are being generated by Kurt's organization?

Question33: An organization, PARADIGM PlayStation, moved its infrastructure to a cloud as a security practice. It established an incident response team to monitor the hosted websites for security issues. While examining network access logs using SIEM, the incident response team came across some incidents that suggested that one of their websites was targeted by attackers and they successfully performed an SQL injection attack.
Subsequently, the incident response team made the website and database server offline. In which of the following steps of the incident response lifecycle, the incident team determined to make that decision?

Question34: Thomas Gibson is a cloud security engineer who works in a multinational company. His organization wants to host critical elements of its applications; thus, if disaster strikes, applications can be restored quickly and completely. Moreover, his organization wants to achieve lower RTO and RPO values. Which of the following disaster recovery approach should be adopted by Thomas' organization?

Question35: Allen Smith works as a cloud security engineer in a multinational company. Using an intrusion detection system, the incident response team of this company identified that an attacker has been continuously attacking the organization's AWS services. The team leader asked Allen to track the changes made to AWS resources and perform security analysis. Which AWS service can provide the AWS API call history for AWS accounts, including calls made via the AWS Management Console or Command Line tools, AWS Software Development Kits, and other AWS services to Allen?

Question36: Assume you work for an IT company that collects user behavior data from an e-commerce web application.
This data includes the user interactions with the applications, such as purchases, searches, saved items, etc.
Capture this data, transform it into zip files, and load these massive volumes of zip files received from an application into Amazon S3. Which AWS service would you use to do this?

Question37: Rebecca Mader has been working as a cloud security engineer in an IT company located in Detroit, Michigan.
Her organization uses AWS cloud-based services. An application is launched by a developer on an EC2 instance that needs access to the S3 bucket (photos). Rebecca created a get-pics service role and attached it to the EC2 instance. This service role comprises a permission policy that allows read-only access to the S3 bucket and a trust policy that allows the instance to assume the role and retrieve temporary credentials. The application uses the temporary credentials of the role to access the photo bucket when it runs on the instance.
Does the developer need to share or manage credentials or does the admin need to grant permission to the developer to access the photo bucket?

Question38: James Harden works as a cloud security engineer in an IT company. James' organization has adopted a RaaS architectural model in which the production application is placed in the cloud and the recovery or backup target is kept in the private data center. Based on the given information, which RaaS architectural model is implemented in James' organization?

Question39: YourTrustedCloud is a cloud service provider that provides cloud-based services to several multinational companies. The organization adheres to various frameworks and standards. YourTrustedCloud stores and processes credit card and payment-related data in the cloud environment and ensures the security of transactions and the credit card processing system. Based on the given information, which of the following standards does YourTrustedCloud adhere to?

Question40: A security incident has occurred within an organization's AWS environment. A cloud forensic investigation procedure is initiated for the acquisition of forensic evidence from the compromised EC2 instances. However, it is essential to abide by the data privacy laws while provisioning any forensic instance and sending it for analysis. What can the organization do initially to avoid the legal implications of moving data between two AWS regions for analysis?

Question41: Rebecca Gibel has been working as a cloud security engineer in an IT company for the past 5 years. Her organization uses cloud-based services. Rebecca's organization contains personal information about its clients,which is encrypted and stored in the cloud environment. The CEO of her organization has asked Rebecca to delete the personal information of all clients who utilized their services between 2011 and 2015.
Rebecca deleted the encryption keys that are used to encrypt the original data; this made the data unreadable and unrecoverable. Based on the given information, which deletion method was implemented by Rebecca?

Question42: The GCP environment of a company named Magnitude IT Solutions encountered a security incident. To respond to the incident, the Google Data Incident Response Team was divided based on the different aspects of the incident. Which member of the team has an authoritative knowledge of incidents and can be involved in different domains such as security, legal, product, and digital forensics?

Question43: Karen Gillan has recently joined an IT company as a cloud security engineer. Her organization would like to adopt cloud-based services to provide 24 x 7 customer support to its clients. It wants to transfer its customer database and transaction details along with the applications used for managing and supporting its customers.
Before migrating to cloud, which of the following analyses should be performed by Karen on the security capabilities and services provided by cloud service providers to understand the security requirements of the organization and those provided by the cloud service provider?

Question44: Cindy Williams has been working as a cloud security engineer in an IT company situated in Austin, Texas.
Owing to the robust security and cost-effective features provided by AWS, her organization adopted AWS cloud-based services. Cindy has deployed an application in the Amazon Elastic Compute Cloud (EC2) instance.
Which of the following cloud computing service model does the Amazon EC2 instance represent?

Question45: An organization wants to detect its hidden cloud infrastructure by auditing its cloud environment and resources such that it shuts down unused/unwanted workloads, saves money, minimizes security risks, and optimizes its cloud inventory. In this scenario, which standard is applicable for cloud security auditing that enables the management of customer data?

Question46: Richard Roxburgh works as a cloud security engineer in an IT company. His organization was dissatisfied with the services of its previous cloud service provider. Therefore, in January 2020, his organization adopted AWS cloud-based services and shifted all workloads and data in the AWS cloud. Richard wants to provide complete security to the hosted applications before deployment and while running in the AWS ecosystem.
Which of the following automated security assessment services provided by AWS can be used by Richard to improve application security and check the application for any type of vulnerability or deviation from the best practices automatically?

Question47: Rick Warren has been working as a cloud security engineer in an IT company for the past 4 years. Owing to the robust security features and various cost-effective services offered by AWS, in 2010, his organization migrated to the AWS cloud environment. While inspecting the intrusion detection system, Rick detected a security incident. Which of the following AWS services collects logs from various data sources and stores them on a centralized location as logs files that can be used during forensic investigation in the event of a security incident?

Question48: IntSecureSoft Solutions Pvt. Ltd. is an IT company that develops software and applications for various educational institutions. The organization has been using Google cloud services for the past 10 years. Tara Reid works as a cloud security engineer in IntSecureSoft Solutions Pvt. Ltd. She would like to identify various misconfigurations and vulnerabilities such as open storage buckets, instances that have not implemented SSL, and resources without an enabled Web UI. Which of the following is a native scanner in the Security Command Center that assesses the overall security state and activity of virtual machines, containers, network, and storage along with the identity and access management policies?

Question49: Melissa George is a cloud security engineer in an IT company. Her organization has adopted cloud-based services. The integration of cloud services has become significantly complicated to be managed by her organization. Therefore, her organization requires a third-party to consult, mediate, and facilitate the selection of a solution. Which of the following NIST cloud deployment reference architecture actors manages cloud service usage, performance, and delivery, and maintains the relationship between the CSPs and cloud consumers?

Question50: Tom Holland works as a cloud security engineer in an IT company located in Lansing, Michigan. His organization has adopted cloud-based services wherein user access, application, and data security are the responsibilities of the organization, and the OS, hypervisor, physical, infrastructure, and network security are the responsibilities of the cloud service provider. Based on the aforementioned cloud security shared responsibilities, which of the following cloud computing service models is enforced in Tom's organization?

Question51: An IT organization named WITEC Solutions has adopted cloud computing. The organization must manage risks to keep its business data and services secure and running by gaining knowledge about the approaches suitable for specific risks. Which risk management approach can compensate the organization if it loses sensitive data owing to the risk of an activity?

Question52: WinSun Computers is a software firm that adopted cloud computing. To keep the cloud environment secure, the organization must ensure that it adheres to the regulations, controls, and rules framed by its management in the cloud environment. Which of the following represents the adherence to these regulations, controls, and rules framed by the organization in this scenario?

Question53: Jordon Bridges has been working as a senior cloud security engineer in a multinational company. His organization uses Google cloud-based services. Jordon stored his organizational data in the bucket and named the bucket in the Google cloud storage following the guidelines for bucket naming. Which of the following is a valid bucket name given by Jordon?

Question54: Veronica Lauren has an experience of 4 years as a cloud security engineer. Recently, she joined an IT company as a senior cloud security engineer. In 2010, her organization became a victim of a cybersecurity attack in which the attacker breached her organization's cloud security perimeter and stole sensitive information. Since then, her organization started using Google cloud-based services and migrated the organizational workload and data in the Google cloud environment. Veronica would like to detect security breaches in her organization's cloud security perimeter. Which of the following built-in service of Google Security Command Center can help Veronica in monitoring her organization's cloud logging stream and collect logs from one or multiple projects to detect security breaches such as the presence of malware, brute force SSH attempts, and cryptomining?

Question55: An organization is developing a new AWS multitier web application with complex queries and table joins.
However, because the organization is small with limited staff, it requires high availability. Which of the following Amazon services is suitable for the requirements of the organization?

Question56: Martin Sheen is a senior cloud security engineer in SecGlob Cloud Pvt. Ltd. Since 2012, his organization has been using AWS cloud-based services. Using an intrusion detection system and antivirus software, Martin noticed that an attacker is trying to breach the security of his organization. Therefore, Martin would like to identify and protect the sensitive data of his organization. He requires a fully managed data security service that supports S3 storage and provides an inventory of publicly shared buckets, unencrypted buckets, and the buckets shared with AWS accounts outside his organization. Which of the following Amazon services fulfills Martin's requirement?

Question57: The tech giant TSC uses cloud for its operations. As a cloud user, it should implement an effective risk management lifecycle to measure and monitor high and critical risks regularly. Additionally, TSC should define what exactly should be measured and the acceptable variance to ensure timely mitigated risks. In this case, which of the following can be used as a tool for cloud risk management?

Question58: Richard Branson works as a senior cloud security engineer in a multinational company. Owing to the cost-effective security features and services provided by cloud computing, his organization uses cloud-based services. Richard deliberately wants to cause problems in an application/software system deployed in the production environment as a part of the testing strategy and analyze how the application/software system deals with the disruption, detects vulnerabilities, and fixes them. Which of the following refers to the process of experimenting on a software system that is deployed in production to check the system's capability to withstand sudden and unexpected conditions?