EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following would be MOST effective when justifying the cost of adding security controls to an existing web application?

Question2: Which of the following is the PRIMARY goal of a risk management program?

Question3: Which of the following should be used to attain sustainable and continuous information security process improvement?

Question4: The MOST effective control to detect fraud inside an organization's network is to:

Question5: The value of information assets relative to the organization is BEST determined by:

Question6: Which of the following is the PRIMARY benefit of using agentless endpoint security solutions?

Question7: Which of the following BEST indicates that information security will be considered when new IT technologies are implemented across an organization?

Question8: For a user of commercial software downloaded from the Internet, which of the following is the MOST effective means of ensuring authenticity?

Question9: Ensuring that an organization can conduct security reviews within third-party facilities is PRIMARILY enabled by:

Question10: The PRIMARY reason an organization would require that users sign an acknowledgment of their system access responsibilities is to:

Question11: Which of the following is MOST important when selecting a third-party security operations center?

Question12: Which of the following is the BEST approach for determining the maturity level of an information security program?

Question13: An organization is the victim of a targeted attack, and is unaware of the compromise until a security analyst notices an additional user account on the firewall. The implementation of which of the following would have detected the incident?

Question14: In a resource-restricted security program, which of the following approaches will provide the BEST use of the limited resources?

Question15: When developing security standards, which of the following would be MOST appropriate to include?

Question16: The GREATEST benefit of using a maturity model when providing security reports to management is that it presents the:

Question17: The BEST way to identify the criticality of systems to the business is through:

Question18: Which of the following is MOST important to include in an information security strategy?

Question19: Which of the following control type is the FIRST consideration for aligning employee behavior with an organization's information security objectives?

Question20: Which of the following is the MOST important element of an effective external information security communication plan?

Question21: Which of the following is the MOST effective approach of delivering security incident response training?

Question22: Which of the following is the MOST significant benefit of effective change management?

Question23: Which of the following would BEST enhance firewall security?

Question24: An organization has experienced a ransomware attack. Which of the following is the BEST course of action to prevent further attacks?

Question25: Which of the following would BEST detect malicious damage arising from an internal threat?

Question26: An information security manager is reviewing the organization's incident response policy affected by a proposed public cloud integration. Which of the following will be the MOST difficult to resolve with the cloud service provider?

Question27: Which of the following is the MOST useful input for an information security manager when refreshing the organizations security strategy?

Question28: The MOST important factors in determining the scope and timing for testing a business continuity plan are:

Question29: An organization is considering a self-service solution for the deployment of virtualized development servers. Which of the following should be information security manager's PRIMARY concern?

Question30: Which of the following is the MOST important function of information security?

Question31: Which of the following would provide the MOST useful input when creating an information security program?

Question32: A security incident has resulted in a failure of the enterprise resource planning (ERP) system. While the incident is handled by the incident response team, the help desk is overrun by queries from department managers on the state of the ERP system. What is the MOST likely reason for this situation?

Question33: Which of the following is the MOST important element of a response plan for IT security incidents?

Question34: Information security governance is PRIMARILY driven by which of the following?

Question35: Which of the following is MOST important to the successful implementation of an information security governance framework across the organization?

Question36: An organization's information security manager will find it MOST difficult to perform a post-incident review of a data leakage event when it is related to:

Question37: Which of the following is MOST effective against system intrusions?

Question38: Which of the following would BEST help to ensure an organization's information security strategy is aligned with business objectives?

Question39: Which of the following is the BEST way to ensure the effectiveness of a role-based access scheme?

Question40: The BEST way to improve the effectiveness of responding to and communicating security incidents is to ensure:

Question41: Which of the following is the MOST important outcome of testing incident response plans?

Question42: An organization has implemented an enhanced password policy for business applications which requires significantly more business resource to support clients. The BEST approach to obtain the support of business management would be to:

Question43: An organization has detected sensitive data leakage caused by an employee of a third-party contractor. What is the BEST course of action to address this issue?

Question44: An organization wants to integrate information security into its human resource management processes. Which of the following should be the FWST step?

Question45: Which of the following is MOST likely to result from a properly conducted post-incident review?

Question46: Which of the following is the PRIMARY reason to invoke continuity and recovery plans?

Question47: A data leakage prevention (DLP) solution has identified that several employees are sending confidential company data to their personal email addresses in violation of company policy. The information security manager should FIRST.

Question48: The PRIMARY goal of a security infrastructure design is the:

Question49: Which of the following is MOST important for an information security manager to highlight when presenting the organization s security posture to an executive audience?

Question50: For proper escalation of events, it is MOST important for the information security manager to ensure:

Question51: Which of the following is the MOST appropriate board-level activity for information security governance?

Question52: During an annual security review of an organizations servers, it was found that the customer service team's file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?

Question53: Which of the following approaches is BEST for selecting controls to minimize information security risks?

Question54: A hacking group has posted an organization's employee data on social media. What should the information security manager do FIRST?

Question55: Which of the following is the PRIMARY advantage of having an established information security governance framework in place when an organization is adopting emerging technologies?

Question56: Planning for the implementation of an information security program is MOST effective when it:

Question57: An organization recently rolled out a new procurement program that does not include any security requirements. Which of the following should the information security manager do FIRST?

Question58: Which of the following is a PRIMARY security responsibility of an information owner?

Question59: Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?

Question60: Which of the following is the MOST important requirement for the successful implementation of security governance?

Question61: Which of the following would be the BEST way for a company 10 reduce the risk of data loss resulting from employee-owned devices accessing the corporate email system?

Question62: Which of the following is the MOST effective way to achieve the integration of information security governance into corporate governance?

Question63: Which of the following metrics would be considered an accurate measure of an information security program's performance?

Question64: Which of the following is the MOST important consideration when determining the approach for gaining organization-wide acceptance of an information security plan?

Question65: The PRIMARY benefit of integrating information security activities into change management processes is to:

Question66: An organization is considering a self-service solution for the deployment of virtualized development servers.

Question67: The PRIMARY focus of a training curriculum for members of an incident response team should be:

Question68: When facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organizations security steering committee?

Question69: Reviewing security objectives and ensuring the integration of security across business units is PRIMARILY the focus of the:

Question70: A third-party service provider has proposed a data loss prevention (DLP) solution. Which of the following MUST be in place for this solution to be relevant to the organization?

Question71: The PRIMARY purpose of a risk assessment is to enable business leaders to:

Question72: To ensure IT equipment meets organizational security standards, the MOST efficient approach is to:

Question73: Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:

Question74: An information security manager is planning to purchase a mobile device management (MDM) system to manage personal devices used by employees to access corpor Which of the following is MOST important to include in the business case?

Question75: Which of the following is the BEST strategy to implement an effective operational security posture?

Question76: Which of the following should be the PRIMARY expectation of management when an organization introduces an information security governance framework?

Question77: Which of the following is the BEST approach to identify noncompliance issues with legal, regulatory, and contractual requirements?

Question78: An organization us& a particular encryption protocol for externally facing web pages and key financial services. A security firm publicizes a critical security flaw in the encryp manager do FIRST?

Question79: An information security manager s PRIMARY objective for presenting key risks to the board of directors is to:

Question80: Which of the following enables compliance with a nonrepudiation policy requirement for electronic transactions?

Question81: In a large organization, which of the following is the BEST source for identifying ownership of a PC?

Question82: After a risk has been mitigated, which of the following is the BEST way to help ensure residual risk remains within an organization's established risk tolerance?

Question83: Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

Question84: Which of the following is MOST important to the successful development of an information security strategy?

Question85: Due lo budget constraints, an internal IT application does not include the necessary controls to meet a client service level agreement (SLA). Which of the following is the information security manager's BEST course of action?

Question86: An information security manager learns of a new international standard related to information security. Which of the following would be the BEST course of action?

Question87: Which of the following is the BEST evidence that proper security monitoring controls are in place?

Question88: An information security manager is developing a new information security strategy. Which of the following functions would serve as the BEST resource to review the strategy and provide guidance for business alignment?

Question89: Which of the following is the GREATEST risk of single sign-on?

Question90: Which of the following is the BEST evidence that information security governance works as a business enabler?

Question91: When developing a protection strategy for outsourcing applications, the information se<urity manager MUST ensure that:

Question92: Which of the following is the MOST important prerequisite to performing an information security risk assessment?

Question93: An access rights review revealed that some former employees' access is still active. Once the access is revoked, which of the following is the BEST course of action to help prevent recurrence?

Question94: The head of a department affected by a recent security incident expressed concern about not being aware of the actions taken to resolve the incident. Which of the following is the BEST way to address this issue?

Question95: Which of the following is the MOST beneficial outcome of testing an incident response plan?

Question96: An information security manager is evaluating the key risk indicators (KRls) for an organization s information security program. Which of the following would be the information security manager s GREATEST concern?

Question97: Which of the following metrics BEST evaluates the completeness of disaster-recovery preparations?

Question98: Which is MOST important when contracting an external party to perform a penetration test?

Question99: When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:

Question100: Which of the following would be an information security manager's PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Question101: The GREATEST benefit of choosing a private cloud over a public cloud would be:

Question102: Which of the following is the PRIMARY goal of an incident response team during a security incident?

Question103: A multinational organization has developed a bring your own device (BYOD) policy that requires the installation of mobile device management (MDM) software on personally owned devices. Which of the following poses the GREATEST challenge for implementing the policy?

Question104: A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?

Question105: Which of the following practices BEST supports the achievement of information security program objectives in the IT function?

Question106: Which of the following is the PRIMARY reason to conduct periodic business impact assessments?

Question107: The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

Question108: Adding security requirements late in the software development life cycle (SDLC) would MOST likely result in:

Question109: Which type of test is MOST effective in communicating the roles of end users to support timely identification and response to information security incidents?

Question110: Which of the following is the BEST way for an information security manager to identify compliance with information security policies within an organization?

Question111: Which of the following is the MOST important outcome of senior management's analysis of information security metrics?

Question112: Relying on which of the following methods when detecting new threats using IDS should be of MOST concern?

Question113: Which of the following is the GREATEST risk to consider when a rival organization purchases a business unit within an organization?

Question114: Which of the following is the PRIMARY reason for performing an analysis of the threat landscape on a regular basis?

Question115: Which of the following is MOST important for an information security manager to ensure is included in a business case for a new security system?

Question116: Inadvertent disclosure of internal business information on social media is BEST minimized by which of the following?

Question117: When preparing a business case for the implementation of a security information and event management (SIEM) system, which of the following should be a PRIMARY driver in the feasibility study?

Question118: Which of the following is the BEST way for an information security manager to promote the integration of information security considerations into key business processes?

Question119: What should be an organization's. MAIN concern when evaluating an Infrastructure as a Service (laaS) cloud computing model for an e-commerce application?

Question120: After implementing an information security governance framework, which of the following would provide the BEST information to develop an information security project plan?

Question121: A business unit has requested IT to implement simple authentication using IDs and passwords. The information security policy requires using multi-factor authentication. The information security manager should FIRST:

Question122: In an organization implementing a data classification program, ultimate responsibility for the data on the database server lies with the:

Question123: Web application firewalls are needed in addition to other intrusion prevention and detection technology PRIMARILY because:

Question124: Which of the following is the MOST effective way to ensure the information security risk associated with third-party services is addressed?

Question125: The BEST way to ensure information security efforts and initiatives continue to support corporate strategy is by:

Question126: An organization plans to implement a document collaboration solution to allow employees to share company information. Which of the following is the MOST important control to mitigate the risk associated with the new solution?

Question127: Which of the following BEST supports the risk assessment process to determine criticality of an asset?

Question128: Which of the following has the GREATEST impact on efforts to improve an organization's security posture?

Question129: Which of the following is the MOST effective way for senior management to support the integration of information security governance into corporate governance?

Question130: The PRIMARY advantage of a network intrusion detection system (IDS) is that it can:

Question131: Which of the following would present the GREATEST challenge to integrating information security governance into corporate governance?

Question132: Following a highly sensitive data breach at a large company, all servers and workstations were patched. The information security manager s NEXT step should be to:

Question133: After undertaking a security assessment of a production system, the information security manager is MOST likely to:

Question134: During the restoration of several servers, a critical process that services external customers was restored late due to a failure, resulting in lost revenue. Which of the following would have BEST helped to prevent this occurrence?

Question135: An information security manager has been asked to identify potential threats to the organization's information. Which of the following should be done FIRST'

Question136: Exceptions to a security policy should be approved based PRIMARILY on:

Question137: Which of the following is an indicator of improvement in the ability to identify security risks?

Question138: What should an information security manager do NEXT when management does not accept control recommendations resulting from a risk assessment?

Question139: Which of the following is the MOST effective way to ensure security policies are relevant to organizational business practices?

Question140: Which of the following is MOST important to building an effective information security program?

Question141: An information security manager is concerned that executive management does not su the following is the BEST way to address this situation?

Question142: Which of the following is MOST critical for prioritizing actions in a business continuity plan (BCP)?

Question143: The PRIMARY reason for classifying assets is to:

Question144: What should be the PRIMARY objective of conducting interviews with business unit managers when developing an information security strategy?

Question145: When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?

Question146: An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager s FIRST course of action?

Question147: When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?

Question148: Which of the following is the PRIMARY purpose for establishing a bring your own device (BYOD) policy that only permits application downloads from designated online markets.

Question149: A company has purchased a rival organization and is looking to integrate security strategies. Which of the following is the GREATEST issue to consider?

Question150: Which of the following would present the GREATEST need to revise information security poll'

Question151: When trying to integrate information security across an organization, the MOST important goal for a governing body should be to ensure:

Question152: Which of the following is the MOST important reason for performing a risk analysis?

Question153: Knowing which of the following is MOST important when the information security manager is seeking senior management commitment?

Question154: To integrate security into system development life cycle (SDLC) processes, an organization MUST ensure that security:

Question155: Which of the following needs to be established between an IT service provider and its clients to BEST enable adequate continuity of service in preparation for an outage?

Question156: When preparing a disaster recovery plan, which of the following would BEST help in prioritizing the restoration of business systems?

Question157: The integration of information security risk management processes within corporate risk management processes will MOST likely result in:

Question158: BEST way to isolate corporate data stored on employee-owned mobile devices would be to implement:

Question159: When making an outsourcing decision, which of the following functions is MOST important to retain within the organization?

Question160: A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management?

Question161: A policy has been established requiting users to install mobile device management (MDM) software on their personal devices Which of the following would BEST mitigate the risk created by noncompliance with this policy?

Question162: Which of the following is MOST relevant for an information security manager to communicate to IT operations?

Question163: Which of the following should be define* I FIRST when creating an organization's information security strategy?

Question164: In an organization with effective IT risk management, the PRIMARY reason to establish key risk indicators (KRIs) is to:

Question165: Which of the following is the MOST important consideration when establishing an information security governance framework?

Question166: Which of the following provides the MOST relevant evidence of incident response maturity?

Question167: To integrate security into system development fie cycle (SDLC) processes, an organization MUST ensure that security.

Question168: Which of the following is the BEST way to prevent employees from making unauthorized comments to the media about security incidents in progress?

Question169: Which of the following MOST effectively prevents internal users from modifying sensitive data?

Question170: An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification foi granting an exception to the policy?

Question171: Which of the following is the BEST way to improve the timely reporting of information security incidents?

Question172: Which of the following presents the GREATEST concern to the information security manager when using account locking features on an online application? It can increase vulnerability to.

Question173: Which of the following is the STRONGEST indication that senior management commitment to information security is lacking within an organization?

Question174: Which of the following would BEST enable management to be aware of an electronic breach to an externally hosted database?

Question175: Which of the following provides the BEST preparation for handling the breach of a corporate web site?

Question176: An inexperienced information security manager is relying on its internal audit department to design and implement key security controls. Which of the following is the GREATEST risk?

Question177: Which of the following devices, when placed in a demilitarized zone (DMZ). would be considered a significant exposure?

Question178: What should the information security manager do FIRST when end users express that new security controls are too restrictive?

Question179: An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?

Question180: Which of the following should be PRIMARILY included in a security training program for business process owners?

Question181: Several significant risks have been identified after a centralized risk register was compiled and prioritized. The information security manager s MOST important action is to:

Question182: Which of the following is a PRIMARY objective of incident classification?

Question183: An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:

Question184: Which of the following should be reviewed to obtain a structured overview of relevant information about an information security investment?

Question185: In a risk assessment after the identification of threats to organizational assets, the information security manager would:

Question186: Which of the following is the BEST reason for delaying the application of a critical security patch?

Question187: Which of the following provides the MOST comprehensive understanding of an organization's information security posture?

Question188: Business units within an organization are resistant to proposed changes to the information security program. Which of the following is the BEST way to address this issue?

Question189: The PRIMARY objective of periodically testing an incident response plan should be to:

Question190: Which of the following is the MOST important reason for logging firewall activity?

Question191: The BEST way to determine the current state of information security with regard to defined security objectives is by performing a:

Question192: For an organization with a large and complex IT infrastructure, which of the following elements of a disaster recovery hot site service will require the closest monitoring?

Question193: An organization involved in e-commerce activities operating from its home country opened a new office in another country wit! stringent security laws. In this scenario, the overall security strategy should be based on:

Question194: In an organization where IT is critical to its business strategy and where there is a high level of operational dependence on IT, senior management commitment to security is BEST demonstrated by the:

Question195: Which of the following will BEST provide an organization with ongoing assurance of the information security services provided by a cloud provider?

Question196: Which of the following BEST enables an effective escalation process within an incident response program?

Question197: Which of the following is the MOST important consideration of the information security manager to ensure effective security monitoring of outsourced operations?

Question198: Which of the following is MOST important for an information security manager to include in a report to senior management following a post-incident review?

Question199: An organization has recently experienced unauthorized device access to its network. To proactively manage the problem and mitigate this risk, the BEST preventive control would be to:

Question200: A new organization has been hit with a ransomware attack that is critically impacting its business operations. The organization does not yet have a proper incident response plan, but it does have a backup procedure for restoration of dat a. Which of the following should be the FIRST course of action?

Question201: Which of the following methods BEST ensures that a comprehensive approach is used to direct information security activities?

Question202: During the establishment of a service level agreement (SLA) with a cloud service provider, it is MOST important for the information security manager to:

Question203: Which of the following should be done FIRST when implementing policies to address an upcoming new data privacy regulation?

Question204: Which of the following is the BEST method to ensure that data owners take responsibility for implementing information security processes?

Question205: Which of the following is BEST determined by using technical metrics?

Question206: Which of the following is MOST helpful when justifying the funding required for a compensating control?

Question207: Which of the following is the PRIMARY objective of the incident management process?

Question208: Which of the following is the FlRST step to promoting acceptable behavior with regard to information security throughout an organization?

Question209: An information security manager learns that a departmental system is out of compliance with the information security policy's authentication requirements. Which of the following should be the information security manager's FIRST course of action?

Question210: When integrating information security requirements into software development, which of the following practices should be FIRST in the development lifecycle?

Question211: To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:

Question212: Which is MOST important to enable a timely response to a security breach?

Question213: Which of the following is the MOST effective way to mitigate the risk of data loss in the event of a stolen laptop?

Question214: Which of the following provides the BEST justification for an information security investment when creating a business case

Question215: An information security manager has researched several options for handling ongoing security concerns and will be presenting these solutions to business managers. Which of the following with BEST enable business managers to make an informed decision?

Question216: What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?

Question217: An organization establishes an internal document collaboration site. To ensure data confidentiality of each project group, it is MOST important to:

Question218: When considering whether to adopt a new information security framework, an organization's information security manager should FIRST:

Question219: Which of the following would provide the BEST justification for a new information security investment?

Question220: Senior management has decided to accept a significant risk within a security remediation plan. Which of the following is the information security manager's BEST course of action?

Question221: Which of the following metrics is the BEST indicator of an abuse of the change management process that could compromise information security?

Question222: Which of the following is MOST useful to include in a report to senior management on a regular basis to demonstrate the effectiveness of the information security program?

Question223: Which of the following is the MOST important reason for performing vulnerability assessments periodically?

Question224: Establishing which of the following is the BEST way of ensuring that the emergence of new risk is promptly identified?

Question225: Which of the following should be the PRIMARY consideration when selecting a recovery site?

Question226: Which of the following should be the MOST important criteria when defining data retention policies?

Question227: Which of the following is the PRIMARY benefit to an organization using an automated event monitoring solution?

Question228: A potential security breach has been reported to an organization s help desk. Which of the following would be the PRIMARY role of the help desk in the incident response process?

Question229: An organization's marketing department has requested access to cloud-based collaboration sites for exchanging media files with external marketing companies. As a result, the information security manager has been asked to perform a risk assessment. Which of the following should be the MOST important consideration?

Question230: What should be information security manager's FIRST course of action when it is discovered a staff member has been posting corporate information on social media sites?

Question231: What is the PRIMARY purpose of communicating business impact to an incident response team?

Question232: When selecting risk response options to manage risk, an information security manager's MAIN focus should be on reducing:

Question233: Which of the following should an information security manager do FIRST when an organization plans to migrate all internally hosted applications to the cloud?

Question234: The MOST important reason for an information security manager to be involved in a new software purchase initiative is to:

Question235: Meeting which of the following security objectives BEST ensures that information is protected against unauthorized modification?

Question236: Which of the following BEST demonstrates that an organization supports information security governance?

Question237: Which of the following should be the PRIMARY input when defining the desired state of security within an organization?

Question238: Risk identification, analysis, and mitigation activities can BCST be integrated into business life cycle processes by linking them to:

Question239: An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

Question240: Which of the following is MOST important for an information security manager to consider when developing a new information security policy?

Question241: Which of the following is the KEY outcome of conducting a post-incident review?

Question242: Which of the following is a PRIMARY responsibility of an information security governance committee'

Question243: Which of the following should be the PRIMARY consideration for an information security manager when designing security center for a newly acquired business application?

Question244: Which of the following is the MOST important consideration for designing an effective information security governance framework?

Question245: Which of the following is the BEST reason to develop comprehensive information security policies?

Question246: The frequency of conducting business impact analysis (BIA) should PRIMARILY be based on:

Question247: Which of the following provides the BEST input to maintain an effective asset classification program?

Question248: Which of the following is the MOST effective way to mitigate the risk of confidential data leakage to unauthorized stakeholders?

Question249: Authorization can BEST be accomplished by establishing:

Question250: A newly hired information security manager discovers that the cleanup of accounts for terminated employees happens only once a year. Which of the following should be the information security manager's FIRST course of action?