EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?

Question2: Which of the following is the BEST tool to perform cloud security control audits?

Question3: Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?

Question4: Which of the following would be considered as a factor to trust in a cloud service provider?

Question5: After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?

Question6: Which of the following is an example of integrity technical impact?

Question7: An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?

Question8: To assist an organization with planning a cloud migration strategy to execution, an auditor should recommend the use of:

Question9: How should controls be designed by an organization?

Question10: In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?

Question11: Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?

Question12: Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization's architecture? The threat model:

Question13: The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:

Question14: During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization's DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor's NEXT course of action?

Question15: Which of the following quantitative measures is KEY for an auditor to review when assessing the implementation of continuous auditing of performance on a cloud system?

Question16: A cloud customer configured and developed a solution on top of the certified cloud services. Building on top of a compliant CSP:

Question17: Supply chain agreements between CSP and cloud customers should, at minimum, include:

Question18: A CSP providing cloud services currently being used by the United States federal government should obtain which of the following to assure compliance to stringent government standards?

Question19: What areas should be reviewed when auditing a public cloud?

Question20: To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

Question21: From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?

Question22: When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer to review which cloud services will be deployed?

Question23: Which of the following CSP activities requires a client's approval?

Question24: Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?

Question25: Within an organization, which of the following functions should be responsible for defining the cloud adoption approach?

Question26: Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization's SaaS vendor?

Question27: The rapid and dynamic rate of changes found in a cloud environment affects the organization's: