EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following service capabilities gives the cloud customer an established and maintained framework to deploy code and applications?

Question2: Typically, SSDs are ____________.
Response:

Question3: Which of the following tasks within a SaaS environment would NOT be something the cloud customer would be responsible for?

Question4: Which of the following roles is responsible for obtaining new customers and securing contracts and agreements?

Question5: What are the objectives of change management?
(Choose all that apply.)
Response:

Question6: Which technology is most associated with tunneling?
Response:

Question7: In attempting to provide a layered defense, the security practitioner should convince senior management to include security controls of which type?
Response:

Question8: From the perspective of compliance, what is the most important consideration when it comes to data center location?

Question9: Which of the following methods for the safe disposal of electronic records can always be used in a cloud environment?
Response:

Question10: What does dynamic application security testing (DAST) NOT entail?

Question11: What is the term we use to describe the general ease and efficiency of moving data from one cloud provider either to another cloud provider or down from the cloud?

Question12: What is the amount of fuel that should be on hand to power generators for backup datacenter power, in all tiers, according to the Uptime Institute?

Question13: An audit scope statement defines the limits and outcomes from an audit. Which of the following would NOT be included as part of an audit scope statement?

Question14: All of the following methods can be used to attenuate the harm caused by escalation of privilege except:

Question15: A honeypot can be used for all the following purposes except ____________.

Question16: Of the following, which is probably the most significant risk in a managed cloud environment?

Question17: DNSSEC was designed to add a layer of security to the DNS protocol.
Which type of attack was the DNSSEC extension designed to mitigate?

Question18: Which of the following storage types are used with an Infrastructure as a Service (IaaS) solution?

Question19: Penetration testing is a(n) __________ form of security assessment.

Question20: Access should be based on ____________.
Response:

Question21: SOX was enacted because of which of the following?

Question22: Administrative penalties for violating the General Data Protection Regulation (GDPR) can range up to ____________.

Question23: Which of the following threat types involves leveraging a user's browser to send untrusted data to be executed with legitimate access via the user's valid credentials?

Question24: Who will determine data classifications for the cloud customer?

Question25: Which of the following methods of addressing risk is most associated with insurance?
Response:

Question26: Which of the following best describes a cloud carrier?

Question27: You are the security manager of a small firm that has just purchased a DLP solution to implement in your cloud-based production environment.
In order to get truly holistic coverage of your environment, you should be sure to include
__________ as a step in the deployment process.

Question28: Which of the following is the concept of segregating information or processes, within the same system or application, for security reasons?

Question29: Tokenization requires two distinct ______________.
Response:

Question30: Which of the following is a widely used tool for code development, branching, and collaboration?

Question31: Which of the following roles would be responsible for managing memberships in federations and the use and integration of federated services?

Question32: A loosely coupled storage cluster will have performance and capacity limitations based on the
____________.
Response:

Question33: Because PaaS implementations are so often used for software development, what is one of the vulnerabilities that should always be kept in mind?

Question34: Cloud environments are based entirely on virtual machines and virtual devices, and those images are also in need of storage within the environment. What type of storage is typically used for virtual images?
Response:

Question35: Which United States law is focused on PII as it relates to the financial industry?

Question36: Which of the following roles involves overseeing billing, purchasing, and requesting audit reports for an organization within a cloud environment?

Question37: When data discovery is undertaken, three main approaches or strategies are commonly used to determine what the type of data, its format, and composition are for the purposes of classification.
Which of the following is NOT one of the three main approaches to data discovery?

Question38: Security is a critical yet often overlooked consideration for BCDR planning.
At which stage of the planning process should security be involved?

Question39: Firewalls are used to provide network security throughout an enterprise and to control what information can be accessed--and to a certain extent, through what means.
Which of the following is NOT something that firewalls are concerned with?

Question40: Which type of threat is often used in conjunction with phishing attempts and is often viewed as greatly increasing the likeliness of success?

Question41: Which of the following is NOT a function performed by the record protocol of TLS?

Question42: With IaaS, what is responsible for handling the security and control over the volume storage space?

Question43: Which data state would be most likely to use TLS as a protection mechanism?

Question44: Which security concept is focused on the trustworthiness of data?

Question45: What are the two protocols that TLS uses?

Question46: A comprehensive BCDR plan will encapsulate many or most of the traditional concerns of operating a system in any data center.
However, what is one consideration that is often overlooked with the formulation of a BCDR plan?

Question47: Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a legacy environment. Using a managed service allows the customer to realize significant cost savings through the reduction of ____________.
Response:

Question48: What is a data custodian responsible for?

Question49: What concept does the A represent within the DREAD model?

Question50: Which of the following is NOT a factor that is part of a firewall configuration?

Question51: Which characteristic of automated patching makes it attractive?
Response:

Question52: Data labels could include all the following, except:

Question53: Devices in the cloud datacenter should be secure against attack. All the following are means of hardening devices, except:
Response:

Question54: Which technology can be useful during the "share" phase of the cloud data lifecycle to continue to protect data as it leaves the original system and security controls?

Question55: What is the main reason virtualization is used in the cloud?
Response:

Question56: According to the (ISC)2 Cloud Secure Data Life Cycle, which phase comes soon after (or at the same time as) the Create phase?

Question57: Setting thermostat controls by measuring the temperature will result in the ________ highest energy costs.
Response:

Question58: The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes "injection." In most cases, what is the method for reducing the risk of an injection attack?
Response:

Question59: Which aspect of cloud computing would make the use of a cloud the most attractive as a BCDR solution?

Question60: Which of the following is a valid risk management metric?

Question61: Although indirect identifiers cannot alone point to an individual, the more of them known can lead to a specific identity. Which strategy can be used to avoid such a connection being made?
Response:

Question62: You need to gain approval to begin moving your company's data and systems into a cloud environment. However, your CEO has mandated the ability to easily remove your IT assets from the cloud provider as a precondition.
Which of the following cloud concepts would this pertain to?

Question63: Which format is the most commonly used standard for exchanging information within a federated identity system?

Question64: Many activities within a cloud environment are performed via programmatic means, where complex and distributed operations are handled without the need to perform each step individually.
Which of the following concepts does this describe?

Question65: Upon completing a risk analysis, a company has four different approaches to addressing risk.
Which approach it takes will be based on costs, available options, and adherence to any regulatory requirements from independent audits.
Which of the following groupings correctly represents the four possible approaches?

Question66: Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?

Question67: Which security concept would business continuity and disaster recovery fall under?

Question68: Which of the following data sanitation methods would be the MOST effective if you needed to securely remove data as quickly as possible in a cloud environment?

Question69: What strategy involves hiding data in a data set to prevent someone from identifying specific individuals based on other data fields present?

Question70: When reviewing the BIA after a cloud migration, the organization should take into account new factors related to data breach impacts. One of these new factors is:

Question71: What type of device is often leveraged to assist legacy applications that may not have the programmatic capability to process assertions from modern web services?

Question72: Proper implementation of DLP solutions for successful function requires which of the following?

Question73: A denial of service (DoS) attack can potentially impact all customers within a cloud environment with the continued allocation of additional resources. Which of the following can be useful for a customer to protect themselves from a DoS attack against another customer?

Question74: A localized incident or disaster can be addressed in a cost-effective manner by using which of the following?

Question75: The goals of DLP solution implementation include all of the following, except:

Question76: Which key storage solution would be the BEST choice in a situation where availability might be of a particular concern?

Question77: Which of the following statements about Type 1 hypervisors is true?

Question78: Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP network traffic instead?

Question79: Which protocol, as a part of TLS, handles the actual secure communications and transmission of data?

Question80: What controls the formatting and security settings of a volume storage system within a cloud environment?

Question81: Which security certification serves as a general framework that can be applied to any type of system or application?

Question82: Which of the following is a possible negative aspect of bit-splitting?

Question83: A cloud provider is looking to provide a higher level of assurance to current and potential cloud customers about the design and effectiveness of their security controls. Which of the following audit reports would the cloud provider choose as the most appropriate to accomplish this goal?
Response:

Question84: Which of the following terms is not associated with cloud forensics?

Question85: With a federated identity system, where would a user perform their authentication when requesting services or application access?

Question86: In which cloud service model is the customer required to maintain the OS?

Question87: The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing.
According to the CSA, what aspect of managed cloud services makes the threat of malicious insiders so alarming?

Question88: Which of the following service categories entails the least amount of support needed on the part of the cloud customer?

Question89: TLS provides and ________ for ________ communications.

Question90: Which of the following is NOT a function performed by the handshake protocol of TLS?

Question91: Which of the following frameworks focuses specifically on design implementation and management?

Question92: ____________ can often be the result of inadvertent activity.

Question93: What is a form of cloud storage where data is stored as objects, arranged in a hierarchal structure, like a file tree?

Question94: Tokenization requires two distinct _________________ .

Question95: What is the term that describes the situation when a malicious user/attacker can exit the restrictions of a single host and access other nodes on the network?

Question96: Which of the following threat types can occur when an application does not properly validate input and can be leveraged to send users to malicious sites that appear to be legitimate?

Question97: Which cloud storage type uses an opaque value or descriptor to categorize and organize data?

Question98: What is the minimum regularity for testing a BCDR plan to meet best practices?

Question99: An SLA contains the official requirements for contract performance and satisfaction between the cloud provider and cloud customer.
Which of the following would NOT be a component with measurable metrics and requirements as part of an SLA?

Question100: Within a federated identity system, which entity accepts tokens from the identity provider?

Question101: The GAPP framework was developed through a joint effort between the major Canadian and American professional accounting associations in order to assist their members with managing and preventing risks to the privacy of their data and customers.
Which of the following is the meaning of GAPP?

Question102: With software-defined networking (SDN), which two types of network operations are segregated to allow for granularity and delegation of administrative access and functions?

Question103: What type of identity system allows trust and verifications between the authentication systems of multiple organizations?
Response:

Question104: Who is the entity identified by personal data?

Question105: Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight.
Which of the following is not a regulatory framework for more sensitive or specialized data?

Question106: Which aspect of archiving must be tested regularly for the duration of retention requirements?

Question107: There are two general types of smoke detectors. Which type uses a small portion of radioactive material?

Question108: A user signs on to a cloud-based social media platform. In another browser tab, the user finds an article worth posting to the social media platform. The user clicks on the platform's icon listed on the article's website, and the article is automatically posted to the user's account on the social media platform.
This is an example of what?
Response:

Question109: You have been tasked with creating an audit scope statement and are making your project outline. Which of the following is NOT typically included in an audit scope statement?

Question110: With software-defined networking, what aspect of networking is abstracted from the forwarding of traffic?

Question111: Just like the risk management process, the BCDR planning process has a defined sequence of steps and processes to follow to ensure the production of a comprehensive and successful plan.
Which of the following is the correct sequence of steps for a BCDR plan?

Question112: Which document will enforce uptime and availability requirements between the cloud customer and cloud provider?

Question113: Which of the following concepts is NOT one of the core components to an encryption system architecture?

Question114: A honeypot should contain _________ data.

Question115: What are the phases of a software development lifecycle process model?

Question116: Which cloud service category most commonly uses client-side key management systems?

Question117: Which of the following roles involves the provisioning and delivery of cloud services?

Question118: Which of the following is an example of useful and sufficient data masking of the string "CCSP"?
Response:

Question119: The goals of SIEM solution implementation include all of the following, except:

Question120: How many additional DNS queries are needed when DNSSEC integrity checks are added?

Question121: What is the federal agency that accepts applications for new patents?

Question122: The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes "unvalidated redirects and forwards." Which of the following is a good way to protect against this problem?

Question123: Your organization has made it a top priority that any cloud environment being considered to host production systems have guarantees that resources will always be available for allocation when needed.
Which of the following concepts will you need to ensure is part of the contract and SLA?

Question124: Which of the following is NOT part of a retention policy?

Question125: Which jurisdiction lacks specific and comprehensive privacy laws at a national or top level of legal authority?

Question126: There are two reasons to conduct a test of the organization's recovery from backup in an environment other than the primary production environment. Which of the following is one of them?
Response:

Question127: Which protocol does the REST API depend on?

Question128: All of the following are usually nonfunctional requirements except ____________.

Question129: You are the security subject matter expert (SME) for an organization considering a transition from the legacy environment into a hosted cloud provider's data center. One of the challenges you're facing is whether the provider will have undue control over your data once it is within the provider's data center; will the provider be able to hold your organization hostage because they have your data?
This is a(n) _________ issue.

Question130: The share phase of the cloud data lifecycle involves allowing data to leave the application, to be shared with external systems, services, or even other vendors/contractors.
What technology would be useful for protecting data at this point?

Question131: Cryptographic keys for encrypted data stored in the cloud should be ________________ .

Question132: Which of the following is essential for getting full security value from your system baseline?

Question133: Which regulatory system pertains to the protection of healthcare data?

Question134: Cloud environments pose many unique challenges for a data custodian to properly adhere to policies and the use of data. What poses the biggest challenge for a data custodian with a PaaS implementation, over and above the same concerns with IaaS?

Question135: Which of the following is NOT an application or utility to apply and enforce baselines on a system?

Question136: Static software security testing typically uses __________ as a measure of how thorough the testing was.

Question137: _________ is the legal concept whereby a cloud customer is held to a reasonable expectation for providing security of its users' and clients' privacy data.

Question138: Which publication from the United States National Institute of Standards and Technology pertains to defining cloud concepts and definitions for the various core components of cloud computing?

Question139: Which of the following is not a risk management framework?

Question140: What is the primary reason that makes resolving jurisdictional conflicts complicated?

Question141: Which of the following is NOT a core component of an SIEM solution?

Question142: DAST checks software functionality in ____________.

Question143: Which SSAE 16 audit report is simply an attestation of audit results?

Question144: With a cloud service category where the cloud customer is responsible for deploying all services, systems, and components needed for their applications, which of the following storage types are MOST likely to be available to them?

Question145: One of the security challenges of operating in the cloud is that additional controls must be placed on file storage systems because ____________.

Question146: Every cloud service provider that opts to join the CSA STAR program registry must complete a
___________.

Question147: Cryptographic keys should be secured ________________ .

Question148: Which of the following is NOT a regulatory system from the United States federal government?

Question149: With the rapid emergence of cloud computing, very few regulations were in place that pertained to it specifically, and organizations often had to resort to using a collection of regulations that were not specific to cloud in order to drive audits and policies.
Which standard from the ISO/IEC was designed specifically for cloud computing?

Question150: Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?

Question151: If a key feature of cloud computing that your organization desires is the ability to scale and expand without limit or concern about available resources, which cloud deployment model would you MOST likely be considering?

Question152: Which of the following is not a component of the of the STRIDE model?
Response:

Question153: Which of the following would NOT be a reason to activate a BCDR strategy?

Question154: Which of the following does NOT relate to the hiding of sensitive data from data sets?

Question155: The SOC Type 2 reports are divided into five principles.
Which of the five principles must also be included when auditing any of the other four principles?

Question156: Which of the following is the sole responsibility of the cloud provider, regardless of which cloud model is used?

Question157: What is the risk to the organization posed by dashboards that display data discovery results?

Question158: The WS-Security standards are built around all of the following standards except which one?

Question159: Which of the following aids in the ability to demonstrate due diligence efforts?
Response:

Question160: If bit-splitting is used to store data sets across multiple jurisdictions, how may this enhance security?
Response:

Question161: What is a cloud storage architecture that manages the data in caches of copied content close to locations of high demand?

Question162: Limits for resource utilization can be set at different levels within a cloud environment to ensure that no particular entity can consume a level of resources that impacts other cloud customers.
Which of the following is NOT a unit covered by limits?

Question163: Which of the following is NOT a criterion for data within the scope of eDiscovery?

Question164: Vulnerability scans are dependent on ________ in order to function.

Question165: What is one of the reasons a baseline might be changed?

Question166: Which of the following roles involves testing, monitoring, and securing cloud services for an organization?

Question167: Which of the following is a risk associated with manual patching especially in the cloud?

Question168: Which of the following is characterized by a set maximum capacity?

Question169: Which of the following security measures done at the network layer in a traditional data center are also applicable to a cloud environment?

Question170: Which of the following is considered an internal redundancy for a data center?

Question171: What are SOC 1/SOC 2/SOC 3?

Question172: Which of the following pertains to a macro level approach to data center design rather than the traditional tiered approach to data centers?

Question173: What does static application security testing (SAST) offer as a tool to the testers?

Question174: BCDR strategies do not typically involve the entire operations of an organization, but only those deemed critical to their business.
Which concept pertains to the amount of services that need to be recovered to meet BCDR objectives?

Question175: Which one of the following is not one of the three common threat modeling techniques?

Question176: When designing a cloud data center, which of the following aspects is not necessary to ensure continuity of operations during contingency operations?

Question177: What is the experimental technology that might lead to the possibility of processing encrypted data without having to decrypt it first?

Question178: Which of the following is the least challenging with regard to eDiscovery in the cloud?

Question179: What is the biggest challenge to data discovery in a cloud environment?

Question180: What is the intellectual property protection for the logo of a new video game?

Question181: The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes "sensitive data exposure." Which of these is a technique to reduce the potential for a sensitive data exposure?

Question182: Which of the following represents a minimum guaranteed resource within a cloud environment for the cloud customer?

Question183: Aside from the fact that the cloud customer probably cannot locate/reach the physical storage assets of the cloud provider, and that wiping an entire storage space would impact other customers, why would degaussing probably not be an effective means of secure sanitization in the cloud?

Question184: What type of software is often considered secured and validated via community knowledge?

Question185: What could be the result of failure of the cloud provider to secure the hypervisor in such a way that one user on a virtual machine can see the resource calls of another user's virtual machine?

Question186: Which of the following is considered an administrative control?

Question187: When using a PaaS solution, what is the capability provided to the customer?

Question188: Your company maintains an on-premises data center for daily production activities but wants to use a cloud service to augment this capability during times of increased demand (cloud bursting).
Which deployment model would probably best suit the company's needs?
Response:

Question189: In order to comply with regulatory requirements, which of the following secure erasure methods would be available to a cloud customer using volume storage within the IaaS service model?

Question190: Which of the following is a commonly used tool for maintaining system configurations?

Question191: Although much of the attention given to data security is focused on keeping data private and only accessible by authorized individuals, of equal importance is the trustworthiness of the data.
Which concept encapsulates this?

Question192: Which of the following is the optimal humidity level for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE)?

Question193: Which of the following statements accurately describes VLANs?

Question194: Which type of audit report does many cloud providers use to instill confidence in their policies, practices, and procedures to current and potential customers?

Question195: Which of the following best describes the Organizational Normative Framework (ONF)?

Question196: Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?

Question197: Federation allows _________ across organizations.
Response:

Question198: DLP solutions can aid all of the following security-related efforts except ____________.
Response:

Question199: BCDR strategies typically do not involve the entire operations of an organization, but only those deemed critical to their business.
Which concept pertains to the required amount of time to restore services to the predetermined level?

Question200: You are performing an audit of the security controls used in a cloud environment. Which of the following would best serve your purpose?

Question201: Your organization is considering a move to a cloud environment and is looking for certifications or audit reports from cloud providers to ensure adequate security controls and processes. Which of the following is NOT a security certification or audit report that would be pertinent?

Question202: The Cloud Security Alliance (CSA) publishes, the Notorious Nine, a list of common threats to organizations participating in cloud computing.
According to the CSA, all of the following activity can result in data loss except ____________.

Question203: What is the best source for information about securing a physical asset's BIOS?

Question204: Data centers have enormous power resources that are distributed and consumed throughout the entire facility.
Which of the following standards pertains to the proper fire safety standards within that scope?

Question205: Which of the following best describes a cloud carrier?

Question206: In addition to whatever audit results the provider shares with the customer, what other mechanism does the customer have to ensure trust in the provider's performance and duties?

Question207: What is the biggest benefit to leasing space in a data center versus building or maintain your own?

Question208: Which of the following is a file server that provides data access to multiple, heterogeneous machines/users on the network?

Question209: Which phase of the cloud data lifecycle also typically entails the process of data classification?

Question210: With a cloud service category where the cloud customer is provided a full application framework into which to deploy their code and services, which storage types are MOST likely to be available to them?

Question211: Which ISO/IEC standards set documents the cloud definitions for staffing and official roles?
Response:

Question212: Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?

Question213: Which of the following best describes SAML?

Question214: The cloud deployment model that features joint ownership of assets among an affinity group is known as:

Question215: Identity and access management (IAM) is a security discipline that ensures which of the following?

Question216: Which United States law is focused on accounting and financial practices of organizations?

Question217: Within an IaaS implementation, which of the following would NOT be a metric used to quantify service charges for the cloud customer?

Question218: In application-level encryption, where does the encryption engine reside?

Question219: You were recently hired as a project manager at a major university to implement cloud services for the academic and administrative systems. Because the load and demand for services at a university are very cyclical in nature, commensurate with the academic calendar, which of the following aspects of cloud computing would NOT be a primary benefit to you?

Question220: What are the U.S. Commerce Department controls on technology exports known as?

Question221: A data custodian is responsible for which of the following?

Question222: Which of the following is NOT a major regulatory framework?

Question223: All of these are reasons an organization may want to consider cloud migration except:
Response:

Question224: It's important to maintain a current asset inventory list, including surveying your environment on a regular basis, in order to ____________.
Response:

Question225: Which of the cloud deployment models offers the easiest initial setup and access for the cloud customer?

Question226: Which of the following roles is responsible for overseeing customer relationships and the processing of financial transactions?

Question227: Gathering business requirements can aid the organization in determining all of this information about organizational assets, except:

Question228: When using transparent encryption of a database, where does the encryption engine reside?

Question229: Data labels could include all the following, except:

Question230: What concept does the "D" represent with the STRIDE threat model?

Question231: Which of the following is considered a physical control?

Question232: The BIA can be used to provide information about all the following, except:

Question233: Which type of audit report is considered a "restricted use" report for its intended audience?

Question234: Which of the following publishes the most commonly used standard for data center design in regard to tiers and topologies?

Question235: In the wake of many scandals with major corporations involving fraud and the deception of investors and regulators, which of the following laws was passed to govern accounting and financial records and disclosures?

Question236: Why are PaaS environments at a higher likelihood of suffering backdoor vulnerabilities?

Question237: A bare-metal hypervisor is Type ____________.

Question238: Impact resulting from risk being realized is often measured in terms of ____________.

Question239: The Cloud Security Alliance's (CSA's) Cloud Controls Matrix (CCM) addresses all the following security architecture elements except ____________.

Question240: Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?

Question241: When a user accesses a system, what process determines the roles and privileges that user is granted within the application?
Response:

Question242: Digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM) often protect unauthorized distribution of what type of intellectual property?
Response:

Question243: Which of the following aspects of the BC/DR process poses a risk to the organization?
Response:

Question244: TLS uses ___________ to authenticate a connection and create a shared secret for the duration of the session.

Question245: What is the first stage of the cloud data lifecycle where security controls can be implemented?

Question246: Which of the following best describes a sandbox?

Question247: What changes are necessary to application code in order to implement DNSSEC?

Question248: You are the security manager for a software development firm. Your company is interested in using a managed cloud service provider for hosting its testing environment. Previous releases have shipped with major flaws that were not detected in the testing phase; leadership wants to avoid repeating that problem.
What tool/technique/technology might you suggest to aid in identifying programming errors?

Question249: Which of the following threat types involves the sending of invalid and manipulated requests through a user's client to execute commands on the application under their own credentials?

Question250: Configurations and policies for a system can come from a variety of sources and take a variety of formats. Which concept pertains to the application of a set of configurations and policies that is applied to all systems or a class of systems?

Question251: Jurisdictions have a broad range of privacy requirements pertaining to the handling of personal data and information.
Which jurisdiction requires all storage and processing of data that pertains to its citizens to be done on hardware that is physically located within its borders?

Question252: When using an Infrastructure as a Service (IaaS) solution, what is the capability provided to the customer?
Response:

Question253: Which cloud service category offers the most customization options and control to the cloud customer?

Question254: Fiber-optic lines are considered part of layer __________ of the OSI model.
Response:

Question255: Where is an XML firewall most commonly deployed in the environment?

Question256: Which of the following roles is responsible for peering with other cloud services and providers?

Question257: When a data center is configured such that the backs of the devices face each other and the ambient temperature in the work area is cool, it is called ___________.

Question258: An audit against the __________ will demonstrate that an organization has a holistic, comprehensive security program.
Response:

Question259: Where is an XML firewall most commonly and effectively deployed in the environment?

Question260: Within a federated identity system, which of the following would you be MOST likely to use for sending information for consumption by a relying party?

Question261: Data labels could include all the following, except:

Question262: What type of solution is at the core of virtually all directory services?

Question263: Which of the following best describes the purpose and scope of ISO/IEC 27034-1?

Question264: Although host-based and network-based IDSs perform similar functions and have similar capabilities, which of the following is an advantage of a network-based IDS over a host-based IDS, assuming all capabilities are equal?

Question265: Which kind of SSAE audit report is most beneficial for a cloud customer, even though it's unlikely the cloud provider will share it?

Question266: Resolving resource contentions in the cloud will most likely be the job of the ____________.

Question267: Which of the following terms is NOT a commonly used category of risk acceptance?

Question268: What process is used within a clustered system to provide high availability and load balancing?

Question269: Which of the following is a method for apportioning resources that involves prioritizing resource requests to resolve contention situations?

Question270: Which of the following best describes SAML?

Question271: It is important to include _______ in the design of underfloor plenums if they are also used for wiring.
Response:

Question272: Which of the following concepts refers to a cloud customer paying only for the resources and offerings they use within a cloud environment, and only for the duration that they are consuming them?

Question273: What is one of the benefits of implementing an egress monitoring solution?
Response:

Question274: Which OSI layer does IPsec operate at?

Question275: You are the security policy lead for your organization, which is considering migrating from your on- premises, legacy environment into the cloud. You are reviewing the Cloud Security Alliance Cloud Controls Matrix (CSA CCM) as a tool for your organization. Which of the following benefits will the CSA CCM offer your organization?

Question276: When an organization implements an SIEM solution and begins aggregating event data, the configured event sources are only valid at the time it was configured. Application modifications, patching, and other upgrades will change the events generated and how they are represented over time.
What process is necessary to ensure events are collected and processed with this in mind?

Question277: ISO/IEC has established international standards for many aspects of computing and any processes or procedures related to information technology.
Which ISO/IEC standard has been established to provide a framework for handling eDiscovery processes?

Question278: What does the management plane typically utilize to perform administrative functions on the hypervisors that it has access to?

Question279: All of the following entitles are required to use FedRAMP-accredited Cloud Service Providers except ___________.

Question280: Which of the following report is most aligned with financial control audits?

Question281: The cloud customer's trust in the cloud provider can be enhanced by all of the following except:

Question282: With finite resources available within a cloud, even the largest cloud providers will at times need to determine which customers will receive additional resources first.
What is the term associated with this determination?

Question283: What masking strategy involves the replacing of sensitive data at the time it is accessed and used as it flows between the data and application layers of a service?

Question284: Countermeasures for protecting cloud operations against external attackers include all of the following except:

Question285: Which of the following are contractual components that the CSP should review and understand fully when contracting with a cloud service provider?
(Choose two.)

Question286: Which strategy involves using a fake production system to lure attackers in order to learn about their tactics?

Question287: What concept does the "I" represent with the STRIDE threat model?

Question288: What process is used within a cloud environment to maintain resource balancing and ensure that resources are available where and when needed?

Question289: Which type of web application monitoring most closely measures actual activity?
Response:

Question290: Which of the following are the storage types associated with PaaS?