EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the BEST way to ensure the effectiveness of a role-based access scheme?

Question2: Which of the following is MOST critical for prioritizing actions in a business continuity plan (BCP)?

Question3: A system administrator failed to report a security incident where the critical application server was not available to the business users. Which of the following is the BEST way to prevent a reoccurrence?

Question4: The MOST important reason that security risk assessments should be conducted frequently throughout an organization is because:

Question5: Which of the following is the PRIMARY purpose of conducting a business impact analysis (BIA)?

Question6: Which of the following is MOST important for the effectiveness of an incident response function?

Question7: When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?

Question8: Which of the following provides the MOST relevant evidence of incident response maturity?

Question9: A company has purchased a rival organization and is looking to integrate security strategies. Which of the following is the GREATEST issue to consider?

Question10: An organization is concerned with the risk of information leakage caused by incorrect use of personally owned smart devices by employees. What is the BEST way for the information security manager to mitigate the associated risk?

Question11: Which of the following would BEST help to ensure an organization's information security strategy is aligned with business objectives?

Question12: Which of the following is the MOST effective data loss control when connecting a personally owned mobile device to the corporate email system?

Question13: The GREATEST benefit of using a maturity model when providing security reports to management is that it presents the:

Question14: When developing an information security governance framework, which of the following should be the FIRST activity?

Question15: An organization is planning to open a new office in another country. Sensitive data will be routinely sent between the two offices. What should be the information security manager s FIRST course of action?

Question16: Which of the following is the GREATEST risk to consider when a rival organization purchases a business unit within an organization?

Question17: Which of the following is the MOST relevant source of information for determining the available internal human resources for executing the information security program?

Question18: What is the BEST way for an information security manager to maintain continuous insight into the effectiveness of the organization's information security program?

Question19: An information security manager is reviewing the impact of a regulation on the organization's human resources system. The NEXT course of action should be to:

Question20: Which of the following is MOST critical for the successful implementation of an information security strategy?

Question21: Which of the following provides the BEST indication that the information security program is in alignment with enterprise requirements?

Question22: After a risk has been mitigated, which of the following is the BEST way to help ensure residual risk remains within an organization's established risk tolerance?

Question23: A risk profile supports effective security decisions PRIMARILY because it:

Question24: Which of the following will BEST enable an effective information asset classification process?

Question25: An organization's information security manager will find it MOST difficult to perform a post-incident review of a data leakage event when it is related to:

Question26: Which of the following is the MOST important reason for performing a risk analysis?

Question27: Calculation of the recovery time objective (RTO) is necessary to determine the:

Question28: Which of the following is the MOST effective approach for integrating security into application development?

Question29: A contract bid is digitally signed and electronically mailed The PRIMARY advantage to using a digital signature is that

Question30: To gain a clear+ understanding of the impact that a new regulatory requirement will have on an organization s information security controls, an information security manager should FIRST:

Question31: Which of the following will BEST ensure that risk is evaluated on system level changes?

Question32: A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?

Question33: A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of aP incidents and wants to be able to present a unified response to widely dispersed events. Which of the following IRT models BEST supports these objectives?

Question34: When designing an incident response plan to be agreed upon with a cloud computing vendor, including which of the following will BEST help to ensure the effectiveness of the plan?

Question35: An information security manager learns of a new international standard related to information security. Which of the following would be the BEST course of action?

Question36: Which of the following BEST demonstrates alignment between information security governance and corporate governance?

Question37: The PRIMARY disadvantage of using a cold-site recovery facility is that it is:

Question38: Which of the following is an example of a vulnerability?

Question39: A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that:

Question40: Which of the following BIST validates that security controls are implemented in a new business process?

Question41: When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:

Question42: Which of the following would BEST help to ensure compliance with an organizations information security requirements by an IT service provider?

Question43: An information security manager has identified multiple areas of compliance risk that could subject the organization to significant penalties regarding the handling of personal data. Which of the following is the manager s BEST course of action?

Question44: Which of the following should an information security manager establish FIRST to ensure security-related activities are adequately monitored?

Question45: Which of the following BEST demonstrates effective information security management within an organization?

Question46: Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?

Question47: Implementing a strong password policy is part of an organization s information security strategy for the year. A business unit believes the strategy may adversely affect a client's adoption of a recently developed mobile application and has decided not to implement the policy. Which of the following is the information security manager s BEST course of action?

Question48: Which of the following is the BEST way to increase the visibility of information security within an organization's culture?

Question49: An organization's operations have been significantly impacted by a cyber attack resulting in data loss. Once the attack has been contained, what should the security team.

Question50: The MAIN reason for an information security manager to monitor industry level changes in the business and FT is to:

Question51: Which of the following would be MOST helpful to reduce the amount of time needed by an incident response team to determine appropriate actions?

Question52: Which of the following is MOST effective in the strategic alignment of security initiatives?

Question53: For a user of commercial software downloaded from the Internet, which of the following is the MOST effective means of ensuring authenticity?

Question54: The PRIMARY advantage of a network intrusion detection system (IDS) is that it can:

Question55: An organization plans to implement a document collaboration solution to allow employees to share company information. Which of the following is the MOST important control to mitigate the risk associated with the new solution?

Question56: Which of the following BEST demonstrates that an organization supports information security governance?

Question57: A business unit uses e-commerce with a strong password policy. Many customers complain that they cannot remember their password because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST.

Question58: Executive management is considering outsourcing all IT operations. Which of the following functions should remain internal?

Question59: Which of the following is the PRIMARY purpose of data classification?

Question60: What would be an information security manager's BEST course of action when notified that the implementation of some security controls is being delayed due to budget constraints?

Question61: The integration of information security risk management processes within corporate risk management processes will MOST likely result in:

Question62: When reporting to senior management on an information security vulnerability that could lead to a potential breach, what information is MOST likely to facilitate the decision-making process?

Question63: What is a potential issue when emails are encrypted and digitally signed?

Question64: Which of the following is the PRIMARY role of a data custodian?

Question65: Who is MOST important to include when establishing the response process for a significant security breach that would impact the IT infrastructure and cause customer data toss?

Question66: In the absence of technical controls, what would be the BEST way to reduce unauthorized text messaging on company-supplied mobile devices?

Question67: What is the MOST effective way to ensure information security incidents will be managed effectively and in a timely manner?

Question68: In information security governance, the PRIMARY role of the board of directors is to ensure:

Question69: Which of the following would provide the MOST helpful information when developing a prioritized list of IT assets to protect in the event of an incident?

Question70: Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

Question71: Which of the following is an information security manager's BEST course of action upon identification of a shadow IT application being used by a business unit?

Question72: Which of the following is an information security manager's MOST important consideration during the investigative process of analyzing the hard drive of 3 compromises..

Question73: Which of the following is the MOST effective way to identify changes in an information security environment?

Question74: Which of the following is the PRIMARY objective of implementing an information security strategy?

Question75: Which of the following is the MOST important element of a response plan for IT security incidents?

Question76: An organization's IT department is undertaking a large virtualization project to reduce its physical server footprint. Which of the following should be the HIGHEST priority of the information

Question77: Which of the following is the BIST course of action for the information security manager when residual risk is above the acceptable level of risk?

Question78: Reviewing which of the following would provide the GREATEST Input to the asset classification process?

Question79: Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?

Question80: An information security manager is developing a new information security strategy. Which of the following functions would serve as the BEST resource to review the strategy and provide guidance for business alignment?

Question81: Conducting a cost-benefit analysis for a security investment is important because it

Question82: Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Question83: Which of the following methods BEST ensures that a comprehensive approach is used to direct information security activities?

Question84: To prevent computers on the corporate network from being used as part of a distributed denial of service (DDoS) attack, the information security manager should use:

Question85: An organization has detected sensitive data leakage caused by an employee of a third-party contractor. What is the BEST course of action to address this issue?

Question86: Which of the following should an incident response team do NEXT after validating an event is an incident?

Question87: An information security manager is concerned that executive management does not su the following is the BEST way to address this situation?

Question88: Risk management is MOST cost-effective;

Question89: Which of the following is a PRIMARY objective of incident classification?

Question90: The PRIMARY role of an information security steering group is to ensure that:

Question91: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?

Question92: The MOST important reason to use a centralized mechanism to identify information security incidents is to:

Question93: The PRIMARY purpose of asset valuation for the management of information security is to:

Question94: An organization is MOST at risk from a new worm being introduced through the intranet when:

Question95: When training an incident response team, the advantage of using tabletop exercises is that they:

Question96: The GREATEST benefit of choosing a private cloud over a public cloud would be:

Question97: A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management?

Question98: Which of the following should be the PRIMARY expectation of management when an organization introduces an information security governance framework?

Question99: Which of the following BEST enables an effective escalation process within an incident response program?

Question100: Senior management commitment and support will MOST likely be offered when the value of information security governance is presented from a:

Question101: Relying on which of the following methods when detecting new threats using IDS should be of MOST concern?

Question102: A large organization is considering a policy that would allow employees to briog their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

Question103: Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Question104: When determining an acceptable risk level, which of the following is the MOST important consideration?

Question105: Which of the following is MOST helpful when justifying the funding required for a compensating control?

Question106: An information security manager is planning to purchase a mobile device management (MDM) system to manage personal devices used by employees to access corpor Which of the following is MOST important to include in the business case?

Question107: A newly hired information security manager discovers that the cleanup of accounts for terminated employees happens only once a year. Which of the following should be the information security manager's FIRST course of action?

Question108: When determining an acceptable risk level, which of the following is the MOST important consideration?

Question109: Which of the following BEST reduces the likelihood of leakage of private information via email?

Question110: Which of the following is the GREATEST security threat when an organization allows remote access through a virtual private network (VPN)?

Question111: Which of the following is an information security manager's BEST course of action to address a significant materialized risk that was not prevented by organizational controls?

Question112: Internal audit has reported a number of information security issues which are not in compliance with regulatory requirements. What should the information security manager do FIRST?

Question113: Which of the following is the GREATEST benefit of information asset classification to an organization?

Question114: Which of the following enables compliance with a nonrepudiation policy requirement for electronic transactions?

Question115: In a resource-restricted security program, which of the following approaches will provide the BEST use of the limited resources?

Question116: Which of the following is MOST important to the successful implementation of an information security governance framework across the organization?

Question117: Senior management has allocated funding to each of the organization s divisions to address information security vulnerabilities The funding is based on each division's technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?

Question118: Which of the following should be the FIRST step of incident response procedures?

Question119: Which of the following is the KST way to align security and business strategies?

Question120: Which of the following should be the PRIMARY input when defining the desired state of security within an organization?

Question121: Which of the following is the BEST way to rigorously test a disaster recovery plan for a mission-critical system without disrupting business operations?

Question122: An organization is considering moving one its critical business application to a cloud hosting service. The cloud provider may not provider the same level of security for its application as the organization. Which of the following will provide the BEST information to help maintain the security posture?

Question123: Which of the following would provide senior management with the BEST overview of the performance of information security risk treatment options?

Question124: Failure to include information security requirements within the build/buy decision would MOST likely result in the need for:

Question125: Which of the following is the PRIMARY driver of information security compliance?

Question126: Which of the following would BEST enhance firewall security?

Question127: Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?

Question128: Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?

Question129: Which of the following presents the GREATEST concern to the information security manager when using account locking features on an online application? It can increase vulnerability..

Question130: The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its

Question131: When supporting a large corporation's board of directors in the development of governance, which of the following is the PRIMARY function of the information security manager?

Question132: Which of the following is the MOST important characteristic of an effective security policy?

Question133: Which of the following will BEST provide an organization with ongoing assurance of the information security services provided by a cloud provider?

Question134: Which of the following would BEST enable an organization to effectively monitor the implementation of standardized configurations?

Question135: Which of the following is MOST helpful in integrating information security governance with corporate governance?

Question136: The frequency of conducting business impact analysis (BIA) should PRIMARILY be based on:

Question137: In a risk assessment after the identification of threats to organizational assets, the information security manager would:

Question138: Which of the following would be MOST helpful in gaining support for a business case for an information security initiative?

Question139: The BEST way to improve the effectiveness of responding to and communicating security incidents is to ensure:

Question140: During which phase of an incident response process should corrective actions to the response procedure be considered and implemented?

Question141: Which of the following is the BEST way to prevent employees from making unauthorized comments to the media about security incidents in progress?

Question142: When developing security standards, which of the following would be MOST appropriate to include?

Question143: Risk identification, analysis, and mitigation activities can BCST be integrated into business life cycle processes by linking them to:

Question144: Which of the following would provide the BEST justification for a new information security investment?

Question145: Which of the following would present the GREATEST need to revise information security poll'

Question146: A third-party service provider is developing a mobile app for an organization's customers. Which of the following issues should be of GREATEST concern to the information security management.

Question147: Which of the following is the MOST effective way to mitigate the risk of confidential data leakage to unauthorized stakeholders?

Question148: Which of the following threats is prevented by using token-based authentication?

Question149: Which of the following would provide the MOST useful input when creating an information security program?

Question150: What information is MOST helpful in demonstrating to senior management how information security governance aligns with business objectives?

Question151: Which of the following is an information security manager's BEST course of action when informed of decision to reduce funding for the information security program?

Question152: An organization s senior management wants to allow employees to access an internal application using their personal mobile devices. Which of the following should be the information security managers FIRST course of action?

Question153: Which of the following is the BEST approach for determining the maturity level of an information security program?

Question154: Which of the following is MOST likely to reduce the effectiveness of a signature-based intrusion detection system (IDS)?

Question155: An information security manager has identified numerous violations of security policy which prohibits text messaging from personal devices to conduct official business following is the MOST effective way to reduce the number of violations?

Question156: Application data integrity risk would be MOST directly addressed by a design that includes:

Question157: An organization establishes an internal document collaboration site. To ensure data confidently of each project group, it is MOST important to:

Question158: Which of the following would be MOST important to consider when implementing security settings for a new system'

Question159: Senior management learns of several web application security incidents and wants to know the exposure risk to the organization. What is the information security manager's BEST course of action?

Question160: A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of action?

Question161: Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?

Question162: A business unit has updated its long-term business plan to include a strategy of upgrading information management systems to increase productivity. To support this initiative, what should be the PRIMARY basis for updating the corresponding. information security strategy?

Question163: What is the GREATEST benefit of classifying assets based on sensitivity?

Question164: A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value c*n be mitigated by:

Question165: Which of the following is the PRIMARY benefit to an organization using an automated event monitoring solution?

Question166: The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

Question167: When facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organizations security steering committee?

Question168: In an organization implementing a data classification program, ultimate responsibility for the data on the database server lies with the:

Question169: When developing a classification method for incidents, the categories MUST be:

Question170: Which of the following circumstances would MOST likely require a review and update to an organization's information security incident response plan?

Question171: Which of the following is the MOST important step in risk ranking?

Question172: It is MOST important tot an information security manager to ensure that security risk assessments are performed:

Question173: An information security program should be established PRIMARILY on the basis of:

Question174: A core business unit relies on an effective legacy system that does not meet the current security standards and threatens that enterprise network. Which of the following is the BEST course of action to address the situation?

Question175: BEST way to isolate corporate data stored on employee-owned mobile devices would be to implement:

Question176: Which of the following would BEST assist an information security manager in gaining strategic support from executive management?

Question177: Which of the following is the MOST effective way to detect social engineering attacks?

Question178: Which of the following would BEST fulfill a board of directors' request for a concise

Question179: Web application firewalls are needed in addition to other intrusion prevention and detection technology PRIMARILY because:

Question180: Which of the following would BEST help an information security manager prioritize remediation activities to meet regulatory requirements?

Question181: An information security manager is concerned that executive management does not support information security initiatives. Which of the following is the BEST way to address this situation?

Question182: Which of the following is the BEST criterion to use when classifying assets?

Question183: When preparing a disaster recovery plan, which of the following would BEST help in prioritizing the restoration of business systems?

Question184: An organization has determined that one of its web servers has been compromised. Which of the following actions should be taken to preserve the evidence of the intrusion for forensic analysis and potential litigation?

Question185: Which of the following is the MOST important consideration when designing information security architecture?

Question186: Which of the following MOST effectively prevents internal users from modifying sensitive data?

Question187: In which of the following situations is it MOST important to escalate an incident response to senior management?

Question188: Which of the following is MOST important when selecting an information security metric?

Question189: Which of the following is the MOST effective way to detect security incidents?

Question190: A validated patch to address a new vulnerability that may affect a mission-critical server has been released. What should be done immediately?

Question191: Which of the following would provide nonrepudiation of electronic transactions?

Question192: Which of the following is the MOST important part of an incident response plan?

Question193: Which of the following will BEST help to ensure security is addressed when developing a custom application?

Question194: An organization involved in e-commerce activities operating from its home country opened a new office in another country wit! stringent security laws. In this scenario, the overall security strategy should be based on:

Question195: Which of the following is MOST important for an information security manager to communicate to senior management regarding the security program?

Question196: When making an outsourcing decision, which of the following functions is MOST important to retain within the organization?

Question197: The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is that the system:

Question198: Which of the following is MOST useful to include in a report to senior management on a regular basis to demonstrate the effectiveness of the information security program?

Question199: Which of the following is a PRIMARY responsibility of an information security governance committee'

Question200: Which of the following is the PRIMARY product of a business impact analysis (BIA)?

Question201: An organization will be outsourcing mission-critical processes. Which of the following is MOST important to verify before signing the service level agreement (SLA)?

Question202: An information security manager reads a media report of a new type of malware attack. Who should be notified FIRST"

Question203: To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:

Question204: Which of the following is the BEST way for an information security manager to promote the integration of information security considerations into key business processes?

Question205: Which of the following is the BEST way for an information security manager to justify continued investment in the information security program when the organization is facing significant budget cuts?

Question206: Which of the following would be of GREATEST concern to an information security manager when evaluating a cloud service provider (CSP)?

Question207: Which of the following provides the BEST justification for an information security investment when creating a business case

Question208: A new privacy regulation is due to take effect in a region where an organization does business. Which of the following would be MOST helpful in understanding what .. needs to do to maintain compliance?