EMT Practice Test
1. Question Content...
Question3: The regular review of a firewall ruleset is considered a
Question4: When managing the security architecture for your company you must consider:
Question7: If your organization operates under a model of "assumption of breach", you should:
Question13: File Integrity Monitoring (FIM) is considered a
Question15: The total cost of security controls should:
Question22: When analyzing and forecasting a capital expense budget what are not included?
Question24: The Information Security Management program MUST protect:
Question31: The PRIMARY objective of security awareness is to:
Question35: The risk found after a control has been fully implemented is called:
Question37: Which of the following best describes revenue?
Question44: The ultimate goal of an IT security projects is:
Question54: The FIRST step in establishing a security governance program is to?
Question57: An organization's Information Security Policy is of MOST importance because
Question61: Which of the following is the MOST important goal of risk management?
Question63: The primary purpose of a risk register is to:
Question64: Your incident response plan should include which of the following?
Question65: Credit card information, medical data, and government records are all examples of:
Question70: With respect to the audit management process, management response serves what function?
Question71: A method to transfer risk is to:
Question75: Which of the following illustrates an operational control process:
Question82: What is the definition of Risk in Information Security?
Question83: At what level of governance are individual projects monitored and managed?
Question90: You have implemented the new controls. What is the next step?
Question91: Which of the following is the MOST important component of any change management process?
Question96: Which of the following provides an audit framework?
Question100: What is the primary reason for performing vendor management?
Question105: A digital signature addresses which of the following concerns?
Question107: Which of the following defines the boundaries and scope of a risk assessment?
Question117: How often should an environment be monitored for cyber threats, risks, and exposures?
Question120: Information security policies should be reviewed:
Question121: What is the main purpose of the Incident Response Team?
Question123: The PRIMARY objective for information security program development should be:
Question124: Which of the following statements about Encapsulating Security Payload (ESP) is true?
Question136: What two methods are used to assess risk impact?
Question137: Which of the following is considered a project versus a managed process?
Question138: What are the three stages of an identity and access management system?