EMT Practice Test

1. Question Content...


Question List

Question1: When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

Question2: Which of the following is used to lure attackers into false environments so they can be monitored, contained, or blocked from reaching critical systems?

Question3: The regular review of a firewall ruleset is considered a

Question4: When managing the security architecture for your company you must consider:

Question5: A CISO has implemented a risk management capability within the security portfolio. Which of the following terms best describes this functionality?

Question6: Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?

Question7: If your organization operates under a model of "assumption of breach", you should:

Question8: Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?

Question9: A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?

Question10: When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?

Question11: Which of the following is MOST important when dealing with an Information Security Steering committee:

Question12: SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
In what phase of the response will the team extract information from the affected systems without altering original data?

Question13: File Integrity Monitoring (FIM) is considered a

Question14: Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

Question15: The total cost of security controls should:

Question16: In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?

Question17: When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

Question18: The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

Question19: When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

Question20: The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

Question21: Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Your Corporate Information Security Policy should include which of the following?

Question22: When analyzing and forecasting a capital expense budget what are not included?

Question23: The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

Question24: The Information Security Management program MUST protect:

Question25: Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and dat a. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
Recently, members of your organization have been targeted through a number of sophisticated phishing attempts and have compromised their system credentials. What action can you take to prevent the misuse of compromised credentials to change bank account information from outside your organization while still allowing employees to manage their bank information?

Question26: Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

Question27: Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?

Question28: An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

Question29: What are the three hierarchically related aspects of strategic planning and in which order should they be done?

Question30: When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

Question31: The PRIMARY objective of security awareness is to:

Question32: The single most important consideration to make when developing your security program, policies, and processes is:

Question33: Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

Question34: A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

Question35: The risk found after a control has been fully implemented is called:

Question36: Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

Question37: Which of the following best describes revenue?

Question38: The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

Question39: SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
The CISO has implemented remediation activities. Which of the following is the MOST logical next step?

Question40: At which point should the identity access management team be notified of the termination of an employee?

Question41: As the Business Continuity Coordinator of a financial services organization, you are responsible for ensuring assets are recovered timely in the event of a disaster. Which is the BEST Disaster Recovery performance indicator to validate that you are prepared for a disaster?

Question42: An information security department is required to remediate system vulnerabilities when they are discovered. Please select the three primary remediation methods that can be used on an affected system.

Question43: The process of creating a system which divides documents based on their security level to manage access to private data is known as

Question44: The ultimate goal of an IT security projects is:

Question45: An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?

Question46: A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

Question47: Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:

Question48: As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1. Covering tracks
2. Scanning and enumeration
3. Maintaining Access
4. Reconnaissance
5. Gaining Access

Question49: In effort to save your company money which of the following methods of training results in the lowest cost for the organization?

Question50: As the Chief Information Security Officer, you want to ensure data shared securely, especially when shared with third parties outside the organization. What protocol provides the ability to extend the network perimeter with the use of encapsulation and encryption?

Question51: The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

Question52: Which of the following is a primary method of applying consistent configurations to IT systems?

Question53: Risk appetite is typically determined by which of the following organizational functions?

Question54: The FIRST step in establishing a security governance program is to?

Question55: Which of the following is the MOST important reason for performing assessments of the security portfolio?

Question56: A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered

Question57: An organization's Information Security Policy is of MOST importance because

Question58: As the CISO, you have been tasked with the execution of the company's key management program. You MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key control will ensure no single individual can constitute or re-constitute a key?

Question59: What is the MAIN reason for conflicts between Information Technology and Information Security programs?

Question60: Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.
What action should you take FIRST?

Question61: Which of the following is the MOST important goal of risk management?

Question62: Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

Question63: The primary purpose of a risk register is to:

Question64: Your incident response plan should include which of the following?

Question65: Credit card information, medical data, and government records are all examples of:

Question66: A newly-hired CISO needs to understand the organization's financial management standards for business units and operations. Which of the following would be the best source of this information?

Question67: Which of the following is the MOST effective method for discovering common technical vulnerabilities within the IT environment?

Question68: Which technology can provide a computing environment without requiring a dedicated hardware backend?

Question69: An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security

Question70: With respect to the audit management process, management response serves what function?

Question71: A method to transfer risk is to:

Question72: A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

Question73: A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

Question74: The alerting, monitoring and life-cycle management of security related events is typically handled by the

Question75: Which of the following illustrates an operational control process:

Question76: When briefing senior management on the creation of a governance process, the MOST important aspect should be:

Question77: Which of the following are the MOST important factors for proactively determining system vulnerabilities?

Question78: Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

Question79: What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

Question80: You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?

Question81: A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

Question82: What is the definition of Risk in Information Security?

Question83: At what level of governance are individual projects monitored and managed?

Question84: What type of attack requires the least amount of technical equipment and has the highest success rate?

Question85: SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

Question86: A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization's need?

Question87: You have implemented a new security control. Which of the following risk strategy options have you engaged in?

Question88: Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

Question89: A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

Question90: You have implemented the new controls. What is the next step?

Question91: Which of the following is the MOST important component of any change management process?

Question92: The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Question93: Scenario: You are the CISO and are required to brief the C-level executive team on your information security audit for the year. During your review of the audit findings you discover that many of the controls that were put in place the previous year to correct some of the findings are not performing as needed. You have thirty days until the briefing.
To formulate a remediation plan for the non-performing controls what other document do you need to review before adjusting the controls?

Question94: According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

Question95: As the CISO for your company you are accountable for the protection of information resources commensurate with:

Question96: Which of the following provides an audit framework?

Question97: A recommended method to document the respective roles of groups and individuals for a given process is to:

Question98: You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

Question99: You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

Question100: What is the primary reason for performing vendor management?

Question101: Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.

Question102: Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?

Question103: A large number of accounts in a hardened system were suddenly compromised to an external party. Which of the following is the MOST probable threat actor involved in this incident?

Question104: Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

Question105: A digital signature addresses which of the following concerns?

Question106: After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

Question107: Which of the following defines the boundaries and scope of a risk assessment?

Question108: Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

Question109: The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?

Question110: A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

Question111: Michael starts a new job and discovers that he has unnecessary access to a variety of systems. Which of the following best describes the problem he has encountered?

Question112: An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?

Question113: When a CISO considers delaying or not remediating system vulnerabilities which of the following are MOST important to take into account?

Question114: IT control objectives are useful to IT auditors as they provide the basis for understanding the:

Question115: An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

Question116: When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

Question117: How often should an environment be monitored for cyber threats, risks, and exposures?

Question118: Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers." What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

Question119: When managing the critical path of an IT security project, which of the following is MOST important?

Question120: Information security policies should be reviewed:

Question121: What is the main purpose of the Incident Response Team?

Question122: Which of the following is critical in creating a security program aligned with an organization's goals?

Question123: The PRIMARY objective for information security program development should be:

Question124: Which of the following statements about Encapsulating Security Payload (ESP) is true?

Question125: An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?

Question126: The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

Question127: An organization has a number of Local Area Networks (LANs) linked to form a single Wide Area Network (WAN). Which of the following would BEST ensure network continuity?

Question128: Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
Symmetric encryption in general is preferable to asymmetric encryption when:

Question129: Which one of the following BEST describes which member of the management team is accountable for the day-to-day operation of the information security program?

Question130: As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting process?

Question131: Which of the following is the MOST important benefit of an effective security governance process?

Question132: The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

Question133: The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization's

Question134: Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agend a.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

Question135: This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

Question136: What two methods are used to assess risk impact?

Question137: Which of the following is considered a project versus a managed process?

Question138: What are the three stages of an identity and access management system?