EMT Practice Test

1. Question Content...


Question List

Question1: Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

Question2: What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

Question3: An important consideration when performing a remote vulnerability test of a cloud-based application is to

Question4: An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor's independence?

Question5: How can virtual machine communications bypass network security controls?

Question6: REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.

Question7: ENISA: A reason for risk concerns of a cloud provider being acquired is:

Question8: What is defined as the process by which an opposing party may obtain private documents for use in litigation?

Question9: What is true of security as it relates to cloud network infrastructure?

Question10: CCM: In the CCM tool, "Encryption and Key Management" is an example of which of the following?

Question11: Which of the following is NOT normally a method for detecting and preventing data migration into the cloud?

Question12: Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?

Question13: Which of the following should be the PRIMARY concern of an IS auditor during a review of an external IT service level agreement (SLA) for computer operations?

Question14: CCM: In the CCM tool, ais a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.

Question15: Which of the following is the GREATEST security risk associated with data migration from a legacy human resources (HR) system to a cloud-based system''

Question16: Select the best definition of"compliance" from the options below.

Question17: If there are gaps in network logging data,what can you do?

Question18: How does virtualized storage help avoid data loss if a drive fails?

Question19: Which communication methods within a cloud environment must be exposed for partners or consumers to access database information using a web application?

Question20: What is known as a code execution environment running within an operating system that shares and uses the resources of the operating system?

Question21: A third-party service provider is hosting a private cloud for an organization. Which of the following findings during an audit of the provider poses the GREATEST risk to the organization?

Question22: Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?

Question23: In volume storage, what method is often used to support resiliency and security?

Question24: ENISA: "VMhopping" is:

Question25: APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.

Question26: Sending data to a provider's storage over an API is likely as much morereliable and secure than setting up your own SFTP server on a VM in the same provider

Question27: What factors should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?