EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?

Question2: The MAIN reason for internal certification of web-based business applications is to ensure:

Question3: Web application firewalls are needed in addition to other intrusion prevention and detection technology PRIMARILY because:

Question4: Which of the following is the MOST appropriate board-level activity for information security governance?

Question5: Which of the following is the MOST effective approach for integrating security into application development?

Question6: Which of the following would BEST mitigate identified vulnerabilities in a timely manner?

Question7: In a risk assessment after the identification of threats to organizational assets, the information security manager would:

Question8: When introducing security measures into a software development life cycle, which of the following should be the FIRST step?

Question9: Which of the following is the BEST approach to identify noncompliance issues with legal, regulatory, and contractual requirements?

Question10: An access rights review revealed that some former employees' access is still active. Once the access is revoked, which of the following is the BEST course of action to help prevent recurrence?

Question11: An information security manager learns that a departmental system is out of compliance with the information security policy's authentication requirements. Which of the following should be the information security manager's FIRST course of action?

Question12: The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

Question13: Which of the following is the PRIMARY purpose for establishing a bring your own device (BYOD) policy that only permits application downloads from designated online markets.

Question14: What is the MOST effective way to ensure information security incidents will be managed effectively and in a timely manner?

Question15: Which of the following is an important criterion for developing effective key risk indicators (KRIs) to monitor information security risk?

Question16: Which of the following will BEST help to ensure security is addressed when developing a custom application?

Question17: Which of the following is MOST helpful in integrating information security governance with corporate governance?

Question18: Key systems necessary for branch operations reside at corporate headquarters. Branch A is negotiating with a third party to provide disaster recovery facilities. Which of the following contract terms would be the MOST significant concern?

Question19: Which of the following processes would BEST help to ensure that information security risks will be evaluated when implementing a new payroll system?

Question20: An organization plans to implement a document collaboration solution to allow employees to share company information. Which of the following is the MOST important control to mitigate the risk associated with the new solution?

Question21: Establishing which of the following is the BEST way of ensuring that the emergence of new risk is promptly identified?

Question22: An information security manager has implemented an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager's BEST course of action?

Question23: Which of the following is the KST way to align security and business strategies?

Question24: Which of the following BEST indicates senior management support for an information security program?

Question25: Which of the following should be the PRIMARY expectation of management when an organization introduces an information security governance framework?

Question26: An organization is leveraging tablets to replace desktop computers shared by shift-basd staff. These tables contain critical business data and are inherently at increased risk of the ..

Question27: Which of the following is an information security manager's MOST important consideration during the investigative process of analyzing the hard drive of 3 compromises..

Question28: The selection of security controls is PRIMARILY linked to:

Question29: The BEST way to determine the current state of information security with regard to defined security objectives is by performing a:

Question30: Which of the following is MOST helpful to review to gain an understanding of the effectiveness of an organization s information security program?

Question31: Which of the following is the MOST effective way to detect security incidents?

Question32: For proper escalation of events, it is MOST important for the information security manager to ensure:

Question33: The MOST important outcome of information security governance is:

Question34: A policy has been established requiting users to install mobile device management (MDM) software on their personal devices Which of the following would BEST mitigate the risk created by noncompliance with this policy?

Question35: Information security governance is PRIMARILY a:

Question36: Which of the following is the MOST significant benefit of effective change management?

Question37: Which of the following presents the GREATEST concern to the information security manager when using account locking features on an online application? It can increase vulnerability to.

Question38: The value of information assets relative to the organization is BEST determined by:

Question39: Which of the following BEST enables effective closure of noncompliance issues?

Question40: Which of the following has the PRIMARY responsibility of ensuring an organizations information security strategy supports business goals?

Question41: When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:

Question42: Which of the following is the MOST important element of a response plan for IT security incidents?

Question43: A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of activity----

Question44: An information security manager is planning to purchase a mobile device management (MDM) system to manage personal devices used by employees to access corpor Which of the following is MOST important to include in the business case?

Question45: A large organization is considering a policy that would allow employees to briog their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

Question46: An organization is considering a self-service solution for the deployment of virtualized development servers.

Question47: Which of the following is the GREATEST benefit of a comprehensive set of security program metrics?

Question48: Which of the following should an information security manager establish FIRST to ensure security-related activities are adequately monitored?

Question49: Which of the following should be PRIMARILY included in a security training program for business process owners?

Question50: Knowing which of the following is MOST important when the information security manager is seeking senior management commitment?

Question51: Which of the following is the PRIMARY reason for performing an analysis of the threat landscape on a regular basis?

Question52: Which of the following will BEST protect an organization against spear phishing?

Question53: Relying on which of the following methods when detecting new threats using IDS should be of MOST concern?

Question54: Of the following, who should have PRIMARY responsibility for assessing the security risk associated with an outsourced cloud provider contract?

Question55: Which of the following methods BEST ensures that a comprehensive approach is used to direct information security activities?

Question56: An information security manager has developed a strategy to address new information security risks resulting from recent change the business. Which of the following would be MOST important to include when presenting the strategy to senior management?

Question57: An information security manager learns of a new international standard related to information security. Which of the following would be the BEST course of action?

Question58: Which of the following is the MOST useful metric for determining how well firewall logs are being monitored?

Question59: Which of the following is the MOST important outcome from vulnerability scanning?

Question60: Which of the following is MOST important when establishing effective information security metrics?

Question61: When developing an incident response plan, which of the following is the MOST -effective way to ensure incidents common to the organization are handled properly?

Question62: In which of the following ways can an information security manager BEST ensure that security controls are adequate for supporting business goals and objectives?

Question63: A security incident has resulted in a failure of the enterprise resource planning (ERP) system. While the incident is handled by the incident response team, the help desk is overrun by queries from department managers on the state of the ERP system. What is the MOST likely reason for this situation?

Question64: The PRIMARY purpose of vulnerability assessments is to:

Question65: When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?

Question66: Which of the following should an information security manager do FIRST when developing a communication plan to support incident management?

Question67: An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:

Question68: Which of the following is the PRIMARY role of a data custodian?

Question69: Which of the following is the BEST way to ensure the effectiveness of a role-based access scheme?

Question70: Organization XYZ. a lucrative, Internet-only business, recently suffered a power outage that lasted 2 hours. The organization s data center was unavailable in the interim. In order to mitigate risk in the MOST cost-efficient manner, the organization should:

Question71: Which of the following is the BEST approach when using sensitive customer data during the testing phase of a systems development project?

Question72: What should the information security manager do FIRST when end users express that new security controls are too restrictive?

Question73: A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value c*n be mitigated by:

Question74: Which of the following would be an information security manager's BEST course of action upon learning a third-party cloud provider is not meeting information security with regard to data encryption?

Question75: A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management?

Question76: Which of the following is MOST likely to drive an update to the information security strategy?

Question77: Which of the following is the MOST important outcome of monitoring and reporting on information security processes?

Question78: Which of the following would be of GREATEST concern to an information security manager when evaluating a cloud service provider (CSP)?

Question79: A newly hired information security manager for a small organization has been tasked with improving data security. The BEST way to understand the organizations security postuie would be to:

Question80: Which of the following would provide nonrepudiation of electronic transactions?

Question81: The MOST important factors in determining the scope and timing for testing a business continuity plan are:

Question82: Risk management is MOST cost-effective;

Question83: Which of the following is an example of a vulnerability?

Question84: Which of the following is MOST helpful to management in determining whether risks are within an organization's tolerance level?

Question85: Which of the following is the BEST method to ensure that data owners take responsibility for implementing information security processes?

Question86: Which of the following is the FlRST step to promoting acceptable behavior with regard to information security throughout an organization?

Question87: An organization's operations have been significantly impacted by a cyber attack resulting in data loss. Once the attack has been contained, what should the security team.

Question88: The MOST important reason to use a centralized mechanism to identify information security incidents is to:

Question89: When developing security standards, which of the following would be MOST appropriate to include?

Question90: A risk profile supports effective security decisions PRIMARILY because it:

Question91: A validated patch to address a new vulnerability that may affect a mission-critical server has been released. What should be done immediately?

Question92: Which of the following helps to ensure that the appropriate resources are applied in a timely manner after an incident has occurred?

Question93: Which of the following is the BEST way to increase the visibility of information security within an organization's culture?

Question94: Which of the following is a PRIMARY responsibility of an information security governance committee'

Question95: Which of the following is the PRIMARY purpose of data classification?

Question96: Which of the following is the MOST effective way to ensure the development of an application system will align with organizational security standards?

Question97: Implementing a strong password policy is part of an organization s information security strategy for the year. A business unit believes the strategy may adversely affect a client's adoption of a recently developed mobile application and has decided not to implement the policy. Which of the following is the information security manager s BEST course of action?

Question98: Which of the following is the MOST effective data loss control when connecting a personally owned mobile device to the corporate email system?

Question99: Which of the following BEST indicates that information security will be considered when new IT technologies are implemented across an organization?

Question100: When determining an acceptable risk level, which of the following is the MOST important consideration?

Question101: After assessing risk, the decision to treat the risk should be based PRIMARILY on:

Question102: An organization s senior management is encouraging employees to use social media for promotional purposes. Which of t following should be the information security manager's FIRST step to support this strategy?

Question103: Which of the following tools BEST demonstrates the effectiveness of the information security program?

Question104: Which of the following metrics would BEST determine the effectiveness of an application security testing program?

Question105: Recovery time objectives (RTOs) are an output of which of the following?

Question106: The MOST effective control to detect fraud inside an organization's network is to:

Question107: A third-party contract signed by a business unit manager failed to specify information security requirements Which of the following is the BEST way for an information security manager to prevent this situation from reoccurring?

Question108: An organization's marketing department has requested access to cloud-based collaboration sites for exchanging media files with external marketing companies. As a result, the information security manager has been asked to perform a risk assessment. Which of the following should be the MOST important consideration?

Question109: Which of the following is the MOST important reason for performing vulnerability assessments periodically?

Question110: A new regulation has been announced that requires mandatory reporting of security incidents that affect personal client information. Which of the following should be the information security manager's FIRST course of action?

Question111: Which of the following circumstances would MOST likely require a review and update to an organization's information security incident response plan?

Question112: A hacking group has posted an organization's employee data on social media. What should the information security manager do FIRST?

Question113: It is MOST important tot an information security manager to ensure that security risk assessments are performed:

Question114: Which of the7ager to regularly report to senior management?

Question115: Information classification is a fundamental step in determining:

Question116: Which of the following should be an information security manager s MOST important consideration when conducting a physical security review of a potential outsourced data center?

Question117: Which of the following threats is prevented by using token-based authentication?

Question118: The PRIMARY purpose of aligning information security with corporate governance objectives is to:

Question119: Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:

Question120: Which of the following is MOST important for an information security manager to highlight when presenting the organization s security posture to an executive audience?

Question121: Which of the following is the BEST way to provide management with meaningful information regarding the performance of the information security program against strategic objectives?

Question122: Which of the following would present the GREATEST challenge to integrating information security governance into corporate governance?

Question123: Which of the following is MOST critical to review when preparing to outsource a data repository to a cloud-based solution?

Question124: Which of the following would BEST help an information security manager prioritize remediation activities to meet regulatory requirements?

Question125: An organization establishes an internal document collaboration site. To ensure data confidentiality of each project group, it is MOST important to:

Question126: A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is MOST important to ensure:

Question127: An information security manager has identified numerous violations of security policy which prohibits text messaging from personal devices to conduct official business following is the MOST effective way to reduce the number of violations?

Question128: An organization has experienced a ransomware attack. Which of the following is the BEST course of action to prevent further attacks?

Question129: Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

Question130: Which is MOST important when contracting an external party to perform a penetration test?

Question131: As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain an effective information security program?

Question132: Which of the following is an example of a deterrent control?

Question133: Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?

Question134: Conducting a cost-benefit analysis for a security investment is important because it

Question135: An organization implemented a mandatory information security awareness training program a year ago. What is the BEST way to determine its effectiveness?

Question136: A third-party service provider is developing a mobile app for an organization's customers. Which of the following issues should be of GREATEST concern to the information security management.

Question137: The PRIMARY focus of a training curriculum for members of an incident response team should be:

Question138: Which of the following external entities would provide the BEST guideance to an organization facing advanced attacks?

Question139: Which of the following is the PRIMARY benefit of using a tabletop method to conduct an incident response exercise?

Question140: A business unit uses e-commerce with a strong password policy. Many customers complain that they cannot remember their password because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST.

Question141: Several significant risks have been identified after a centralized risk register was compiled and prioritized. The information security manager s MOST important action is to:

Question142: Which of the following is MOST likely to result from a properly conducted post-incident review?

Question143: Which of the following should be the information security manager's NEXT step following senior management approval of the information security strategy?

Question144: Which of the following is the BEST way to determine if an information security program aligns with corporate governance?

Question145: For a user of commercial software downloaded from the Internet, which of the following is the MOST effective means of ensuring authenticity?

Question146: Which of the following provides the BEST justification for an information security investment when creating a business case

Question147: Which of the following elements of risk is MOST difficult to quantify?

Question148: Which of the following is the MOST important prerequisite to performing an information security risk assessment?

Question149: Who is MOST important to include when establishing the response process for a significant security breach that would impact the IT infrastructure and cause customer data toss?

Question150: An organization has detected potential risk emerging from noncompliance with new regulations in its industry. Which of the following is the MOST important reason to report this situation to senior management?

Question151: Which of the following is the BEST way for an information security manager to promote the integration of information security considerations into key business processes?

Question152: The PRIMARY goal of a security infrastructure design is the:

Question153: Which of the following is MOST critical for the successful implementation of an information security strategy?

Question154: An organization s HR department would like to outsource its employee management system to a cloud-hosted solution due to features and cost savings offered. Management has identified this solution as a business need and wants to move forward. What should be the PRIMARY role of information security in this effort?

Question155: Which of the following is two MOST important step when establishing guidelines for the use of social networking sites in an organization?

Question156: Which of the following is the MOST relevant source of information for determining the available internal human resources for executing the information security program?

Question157: Reviewing security objectives and ensuring the integration of security across business units is PRIMARILY the focus of the:

Question158: Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?

Question159: Which of the following provides the BEST evidence that a recently established information security program is effective?

Question160: During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST helped to prevent this occurrence?

Question161: Which of the following statements indicates that a previously failing security program is becoming successful?

Question162: Following a successful and well-publicized hacking incident, an organization alias plans to improve application security. Which of the following is a security project risk?

Question163: The PRIMARY purpose of a risk assessment is to enable business leaders to:

Question164: Risk identification, analysis, and mitigation activities can BCST be integrated into business life cycle processes by linking them to:

Question165: After an information security business case has been approved by senior management, it should be:

Question166: Which of the following practices BEST supports the achievement of information security program objectives in the IT function?

Question167: Which of the following is the GREATEST security threat when an organization allows remote access through a virtual private network (VPN)?

Question168: Which of the following is MOST important for an information security manager to include in a report to senior management following a post-incident review?

Question169: When preparing a business case for the implementation of a security information and event management (SIEM) system, which of the following should be a PRIMARY driver in the feasibility study?

Question170: An information security program should be established PRIMARILY on the basis of:

Question171: When designing an incident response plan to be agreed upon with a cloud computing vendor, including which of the following will BEST help to ensure the effectiveness of the plan?

Question172: When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:

Question173: Which of the following control type is the FIRST consideration for aligning employee behavior with an organization's information security objectives?

Question174: Which of the following is MOST important to have in place to help secure ongoing funding for the information security program?

Question175: Which of the following is the BEST way to sustain employee interest in information security awareness in an organization?

Question176: What should an information security manager do NEXT when management does not accept control recommendations resulting from a risk assessment?

Question177: Which of the following is the MOST important consideration of the information security manager to ensure effective security monitoring of outsourced operations?

Question178: Which of the following BEST indicates that an information security strategy is aligned to the business strategy?

Question179: Which of the following would be MOST helpful to reduce the amount of time needed by an incident response team to determine appropriate actions?

Question180: In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?

Question181: An information security manager is evaluating the key risk indicators (KRls) for an organization s information security program. Which of the following would be the information security manager s GREATEST concern?

Question182: Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?

Question183: Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

Question184: Which of the following would BEST detect malicious damage arising from an internal threat?

Question185: A potential security breach has been reported to an organization s help desk. Which of the following would be the PRIMARY role of the help desk in the incident response process?

Question186: Which of the following provides the BEST means of ensuring business units outside of IT have their information security concerns addressed?

Question187: An organization is concerned with the risk of information leakage caused by incorrect use of personally owned smart devices by employees. What is the BEST way for the information security manager to mitigate the associated risk?

Question188: Which of the following metrics is the BEST indicator of an abuse of the change management process that could compromise information security?

Question189: A financial institution's privacy department has requested the implementation of multi-factor authentication to comply with regulations for providing services over the Internet. Which of the following authentication schemes would BEST meet this compliance requirement?

Question190: A risk analysis for a new system is being performed. For which of the following is business knowledge MORE important than IT knowledge?

Question191: Which of the following is the GREATEST risk to consider when a rival organization purchases a business unit within an organization?

Question192: When facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organizations security steering committee?

Question193: Labeling information according to its security classification:

Question194: In which of the following situations is it MOST important to escalate an incident response to senior management?

Question195: Which of the following should an incident response team do NEXT after validating an event is an incident?

Question196: Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

Question197: A contract bid is digitally signed and electronically mailed The PRIMARY advantage to using a digital signature is that

Question198: Which of the following is the MOST effective approach of delivering security incident response training?

Question199: An information security manager is concerned that executive management does not su the following is the BEST way to address this situation?

Question200: What would be an information security manager's BEST course of action when notified that the implementation of some security controls is being delayed due to budget constraints?

Question201: An organization is considering a self-service solution for the deployment of virtualized development servers. Which of the following should be information security manager's PRIMARY concern?

Question202: Which of the following will BEST ensure that risk is evaluated on system level changes?

Question203: The PRIMARY advantage of a network intrusion detection system (IDS) is that it can:

Question204: When developing a classification method for incidents, the categories MUST be:

Question205: Authorization can BEST be accomplished by establishing:

Question206: After a risk has been mitigated, which of the following is the BEST way to help ensure residual risk remains within an organization's established risk tolerance?

Question207: Meeting which of the following security objectives BEST ensures that information is protected against unauthorized modification?

Question208: An internal control audit has revealed a control deficiency related to a legacy system where the compensating controls no longer appear to be effective. Which of the following would BEST help the information security manager determine the security requirements to resolve the control deficiency?

Question209: Calculation of the recovery time objective (RTO) is necessary to determine the:

Question210: Which of the following is the BEST reason to reassess risk following an incident?

Question211: In a large organization requesting outsourced services, which of the following contract clauses is MOST important to the information security manager?

Question212: An organization has a policy in which all criminal activity is prosecuted. What is MOST important for the information security manager to ensure when an employee is suspected of using a company computer to commit fraud?

Question213: Which of the following is the PRIMARY reason to invoke continuity and recovery plans?

Question214: The GREATEST benefit of using a maturity model when providing security reports to management is that it presents the:

Question215: Which of the following is the MOST effective method to prevent a SQL injection in an employee portal?

Question216: Which of the following is the BEST reason for delaying the application of a critical security patch?

Question217: With limited resources in the information security department which of the following is the BEST approach for managing security risk?

Question218: Which of the following provides the MOST comprehensive understanding of an organization's information security posture?