EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following compliance legal requirements are covered by the ISO/IEC 27000 series?
1. Intellectual Property Rights.
2. Protection of Organisational Records
3. Forensic recovery of data.
4. Data Deduplication.
5. Data Protection & Privacy.

Question2: Which of the following cloud delivery models is NOT intrinsically "trusted" in terms of security by clients using the service?

Question3: Why might the reporting of security incidents that involve personal data differ from other types of security incident?

Question4: Which types of organisations are likely to be the target of DDoS attacks?

Question5: According to ISO/IEC 27000, which of the following is the definition of a vulnerability?

Question6: What Is the KEY purpose of appending security classification labels to information?

Question7: Which of the following international standards deals with the retention of records?

Question8: In business continuity, what is a battle box?

Question9: Which of the following is MOST LIKELY to be described as a consequential loss?

Question10: Which of the following describes a qualitative risk assessment approach?

Question11: What type of diagram used in application threat modeling includes malicious users as well as descriptions like mitigates and threatens?

Question12: Which term describes the acknowledgement and acceptance of ownership of actions, decisions, policies and deliverables?

Question13: You are undertaking a qualitative risk assessment of a likely security threat to an information system.
What is the MAIN issue with this type of risk assessment?

Question14: When an organisation decides to operate on the public cloud, what does it lose?

Question15: What Is the PRIMARY reason for organisations obtaining outsourced managed security services?

Question16: Which of the following acronyms covers the real-time analysis of security alerts generated by applications and network hardware?

Question17: What type of attack could directly affect the confidentiality of an unencrypted VoIP network?

Question18: Which of the following is NOT considered to be a form of computer misuse?

Question19: What form of training SHOULD developers be undertaking to understand the security of the code they have written and how it can improve security defence whilst being attacked?

Question20: A security analyst has been asked to provide a triple A service (AAA) for both wireless and remote access network services in an organization and must avoid using proprietary solutions.
What technology SHOULD they adapt?

Question21: Why is it prudent for Third Parties to be contracted to meet specific security standards?

Question22: In business continuity (BC) terms, what is the name of the individual responsible for recording all pertinent information associated with a BC exercise or real plan invocation?

Question23: When seeking third party digital forensics services, what two attributes should one seek when making a choice of service provider?

Question24: In order to maintain the currency of risk countermeasures, how often SHOULD an organisation review these risks?

Question25: Which three of the following characteristics form the AAA Triad in Information Security?
1. Authentication
2. Availability
3. Accounting
4. Asymmetry
5. Authorisation

Question26: When establishing objectives for physical security environments, which of the following functional controls SHOULD occur first?

Question27: In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?

Question28: Once data has been created In a standard information lifecycle, what step TYPICALLY happens next?

Question29: Which of the following types of organisation could be considered the MOST at risk from the theft of electronic based credit card data?

Question30: Which standards framework offers a set of IT Service Management best practices to assist organisations in aligning IT service delivery with business goals - including security goals?

Question31: Why should a loading bay NEVER be used as a staff entrance?

Question32: When considering outsourcing the processing of data, which two legal "duty of care" considerations SHOULD the original data owner make?
1 Third party is competent to process the data securely.
2. Observes the same high standards as data owner.
3. Processes the data wherever the data can be transferred.
4. Archive the data for long term third party's own usage.

Question33: What types of web application vulnerabilities continue to be the MOST prolific according to the OWASP Top 10?

Question34: Which of the following testing methodologies TYPICALLY involves code analysis in an offline environment without ever actually executing the code?

Question35: Which of the following is NOT an accepted classification of security controls?