EMT Practice Test

1. Question Content...


Question List

Question1: The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials. Which of following physical security measures should the administrator use?

Question2: A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

Question3: A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

Question4: An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

Question5: The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization's

Question6: The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help
mitigate the risks?

Question7: Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?

Question8: A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment.
What is this system capability commonly known as?

Question9: Which of the following can the company implement in order to avoid this type of security issue in the future?

Question10: What is one key difference between Capital expenditures and Operating expenditures?

Question11: Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network.
Which is the single most important factor to introducing digital evidence into a court of law?

Question12: Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
How can you reduce the administrative burden of distributing symmetric keys for your employer?

Question13: SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization's needs.
The CISO discovers the scalability issue will only impact a small number of network segments. What is the next logical step to ensure the proper application of risk management methodology within the two-facto implementation project?

Question14: Payment Card Industry (PCI) compliance requirements are based on what criteria?

Question15: Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Question16: When should IT security project management be outsourced?

Question17: The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Question18: An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?

Question19: As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1. Covering tracks
2. Scanning and enumeration
3. Maintaining Access
4. Reconnaissance
5. Gaining Access

Question20: The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for:

Question21: Which of the following is the MOST important reason for performing assessments of the security portfolio?

Question22: In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

Question23: An anonymity network is a series of?

Question24: Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.
What action should you take FIRST?

Question25: The rate of change in technology increases the importance of:

Question26: You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process.
Which of the following represents your BEST course of action?

Question27: Creating a secondary authentication process for network access would be an example of?

Question28: Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture.
What would be the BEST choice of security metrics to present to the BOD?

Question29: When should IT security project management be outsourced?

Question30: When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

Question31: Smith, the project manager for a larger multi-location firm, is leading a software project team that has 18 members, 5 of which are assigned to testing. Due to recent recommendations by an organizational quality audit team, the project manager is convinced to add a quality professional to lead to test team at additional cost to the project.
The project manager is aware of the importance of communication for the success of the project and takes the step of introducing additional communication channels, making it more complex, in order to assure quality levels of the project. What will be the first project management document that Smith should change in order to accommodate additional communication channels?

Question32: The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

Question33: The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?

Question34: What oversight should the information security team have in the change management process for application security?

Question35: When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it___________

Question36: Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

Question37: The process of creating a system which divides documents based on their security level to manage access to private data is known as ____________________.

Question38: The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

Question39: What oversight should the information security team have in the change management process for application security?

Question40: A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

Question41: SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization's needs.
The CISO discovers the scalability issue will only impact a small number of network segments. What is the next logical step to ensure the proper application of risk management methodology within the two-facto implementation project?

Question42: John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they've already completed the project work they were contracted to do.
What can John do in this instance?

Question43: Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?

Question44: From an information security perspective, information that no longer supports the main purpose of the business should be:

Question45: Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?

Question46: Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

Question47: What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

Question48: When deploying an Intrusion Prevention System (IPS), the BEST way to get maximum protection from the system is to deploy it___________

Question49: Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO's approach to security?

Question50: A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

Question51: Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

Question52: Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

Question53: File Integrity Monitoring (FIM) is considered a

Question54: What are the primary reasons for the development of a business case for a security project?

Question55: Your company has a "no right to privacy" notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee's email account.
What should you do?

Question56: Which of the following is critical in creating a security program aligned with an organization's goals?

Question57: The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is

Question58: As the Chief Information Security Officer, you want to ensure data shared securely, especially when shared with third parties outside the organization. What protocol provides the ability to extend the network perimeter with the use of encapsulation and encryption?

Question59: Which of the following would negatively impact a log analysis of a multinational organization?

Question60: According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

Question61: You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults.
Which of the following is a default community string?

Question62: Dataflow diagrams are used by IT auditors to:

Question63: Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Question64: When choosing a risk mitigation method what is the MOST important factor?

Question65: Which of the following is a primary method of applying consistent configurations to IT systems?

Question66: The process for identifying, collecting, and producing digital information in support of legal proceedings is called

Question67: The PRIMARY objective of security awareness is to:

Question68: What type of attack requires the least amount of technical equipment and has the highest success rate?

Question69: The PRIMARY objective for information security program development should be:

Question70: A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units.
Which of the following standards and guidelines can BEST address this organization's need?

Question71: Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:

Question72: Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

Question73: Which of the following reports should you as an IT auditor use to check on compliance with a Service Level Agreement (SLA) requirement for uptime?

Question74: What does RACI stand for?

Question75: Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?

Question76: The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to_________________________.

Question77: Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?

Question78: The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Question79: A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old.
After reading it, what should be your first priority?

Question80: Which of the following is considered the MOST effective tool against social engineering?

Question81: Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and dat a. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
Recently, members of your organization have been targeted through a number of sophisticated phishing attempts and have compromised their system credentials. What action can you take to prevent the misuse of compromised credentials to change bank account information from outside your organization while still allowing employees to manage their bank information?

Question82: Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?

Question83: Which type of physical security control scan a person's external features through a digital video camera before granting access to a restricted area?

Question84: Which of the following terms is used to describe countermeasures implemented to minimize risks to physical property, information, and computing systems?

Question85: SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization's needs.
The CISO discovers the scalability issue will only impact a small number of network segments. What is the next logical step to ensure the proper application of risk management methodology within the two-facto implementation project?

Question86: The PRIMARY objective for information security program development should be:

Question87: What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

Question88: Which of the following best describes an access control process that confirms the identity of the entity seeking access to a logical or physical area?

Question89: A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets.
This demonstrates which of the following principles?

Question90: When project costs continually increase throughout implementation due to large or rapid changes in customer or user requirements, this is commonly known as:

Question91: A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability.
What do you do?

Question92: When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it___________

Question93: Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has implemented remediation activities.
Which of the following is the MOST logical next step?

Question94: Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

Question95: Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Question96: The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is _______________.

Question97: Which of the following activities is the MAIN purpose of the risk assessment process?

Question98: What is the first thing that needs to be completed in order to create a security program for your organization?

Question99: Which of the following are the MOST important factors for proactively determining system vulnerabilities?

Question100: Which of the following is a countermeasure to prevent unauthorized database access from web applications?

Question101: When managing the security architecture for your company you must consider:

Question102: The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

Question103: An organization's firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?

Question104: Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
When multiple regulations or standards apply to your industry you should set controls to meet the___________________________.

Question105: Which of the following is true regarding expenditures?

Question106: The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

Question107: During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

Question108: Who is responsible for securing networks during a security incident?

Question109: Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
Symmetric encryption in general is preferable to asymmetric encryption when:

Question110: The process of identifying and classifying assets is typically included in the

Question111: The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

Question112: The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.
Which of the following needs to be performed NEXT?

Question113: SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
After determining the audit findings are accurate, which of the following is the MOST logical next activity?

Question114: Which of the following is an accurate description of a balance sheet?

Question115: What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?

Question116: Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

Question117: Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

Question118: The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.
Which of the following needs to be performed NEXT?

Question119: A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

Question120: Physical security measures typically include which of the following components?

Question121: What is the first thing that needs to be completed in order to create a security program for your organization?

Question122: Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?

Question123: Your penetration testing team installs an in-line hardware key logger onto one of your
network machines. Which of the following is of major concern to the security organization?

Question124: Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization.
From an organizational perspective, which of the following is the LIKELY reason for this?

Question125: An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization's IT environment.
Which of the following can be used to measure the effectiveness of this newly implemented process?

Question126: The PRIMARY objective for information security program development should be:

Question127: Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
How can you reduce the administrative burden of distributing symmetric keys for your employer?

Question128: Which of the following is the BEST indicator of a successful project?

Question129: You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?

Question130: Risk is defined as:

Question131: Using the Transport Layer Security (TLS) protocol enables a client in a network to be:

Question132: An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

Question133: Human resource planning for security professionals in your organization is a:

Question134: The exposure factor of a threat to your organization is defined by?

Question135: When briefing senior management on the creation of a governance process, the MOST important aspect should be:

Question136: Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

Question137: What oversight should the information security team have in the change management process for application security?

Question138: Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

Question139: The Information Security Management program MUST protect:

Question140: Scenario: The new CISO was informed of all the Information Security projects that the section has in progress.
Two projects are over a year behind schedule and way over budget. Using the best business practices for project management, you determine that the project correctly aligns with the organization goals.
What should be verified next?

Question141: The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because_______________.

Question142: An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

Question143: After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

Question144: Who should be involved in the development of an internal campaign to address email phishing?

Question145: When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

Question146: Which of the following is the MOST important benefit of an effective security governance process?

Question147: A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company's building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted are a. Which type of attack did the consultant perform?

Question148: SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Question149: A company wants to fill a Chief Information Security Officer position in the organization. They need to define and implement a more holistic security program.
Which of the following qualifications and experience would be MOST desirable to find in a candidate?

Question150: An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator. The most appropriate course of action for the IT auditor is to:

Question151: When dealing with risk, the information security practitioner may choose to:

Question152: You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

Question153: One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

Question154: SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
The CISO has implemented remediation activities. Which of the following is the MOST logical next step?

Question155: Which of the following most commonly falls within the scope of an information security
governance steering committee?

Question156: Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. You have decided to deal with risk to information from people first.
How can you minimize risk to your most sensitive information before granting access?

Question157: The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called

Question158: Which of the following are not stakeholders of IT security projects?

Question159: The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees.
Which of the following can be used as a KPI?