EMT Practice Test
1. Question Content...
Question10: The FIRST step in establishing an information security program is to:
Question11: An information security program should be established PRIMARILY on the basis of:
Question15: Threat and vulnerability assessments are important PRIMARILY because they are:
Question28: Information security governance is PRIMARILY a:
Question32: Which of the following is the MOST important step in risk ranking?
Question37: Which of the following will BEST ensure that risk is evaluated on system level changes?
Question46: Recovery time objectives (RTOs) are an output of which of the following?
Question56: Which of the following is BEST performed by the security department?
Question66: Information security governance is PRIMARILY driven by which of the following?
Question69: Which of the following is MOST important to include in an information security strategy?
Question78: The GREATEST benefit of choosing a private cloud over a public cloud would be:
Question81: Which of the following is an example of a vulnerability?
Question83: Which of the ager to regularly report to senior management?
Question86: After assessing risk, the decision to treat the risk should be based PRIMARILY on:
Question90: Which of the following is the PRIMARY objective of the incident management process?
Question92: Which of the following is the PRIMARY reason to invoke continuity and recovery plans?
Question94: Which of the following is the PRIMARY objective of a business impact analysis (BIA)?
Question104: Labeling information according to its security classification:
Question109: Risk reporting requirements should be PRIMARILY based on:
Question111: Which of the following would provide nonrepudiation of electronic transactions?
Question121: The PRIMARY disadvantage of using a cold-site recovery facility is that it is:
Question129: The PRIMARY purpose of a security information and event management (SIEM) system is to:
Question134: Which of the following is MOST important to consider when determining asset valuation?
Question136: The PRIMARY reason for classifying assets is to:
Question137: Which of the following is the MOST important reason for performing a risk analysis?
Question140: Which of the following is MOST important to enable after completing action plan?
Question142: The BEST defense against phishing attempts within an organization is:
Question153: Authorization can BEST be accomplished by establishing:
Question155: Which of the following defines the triggers within a business continuity plan (BCP)?
Question156: Conducting a cost-benefit analysis for a security investment is important because it
Question170: Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?
Question171: Which of the following is the PRIMARY driver of information security compliance?
Question175: The PRIMARY advantage of a network intrusion detection system (IDS) is that it can:
Question177: Which is MOST important to enable a timely response to a security breach?
Question184: Which of the following is BEST determined by using technical metrics?
Question193: Which of the following is MOST effective against system intrusions?
Question208: Which of the following would BEST enhance firewall security?
Question214: A risk management program will be MOST effective when:
Question217: Which of the following is the MOST important component of a risk profile?
Question225: The selection of security controls is PRIMARILY linked to:
Question227: Which of the following is the MOST important function of information security?
Question232: Which of the following BEST describes a buffer overflow?
Question239: Which of the following is the KEY outcome of conducting a post-incident review?
Question247: To implement a security framework, an information security manager must FIRST develop:
Question251: Which of the following would BEST justify spending for a compensating control?
Question259: Which of the following would provide nonrepudiation of electronic transactions?
Question275: The BEST way to minimize errors in the response to an incident is to:
Question277: The BEST way to identify the criticality of systems to the business is through:
Question282: Which of the following would BEST fulfill a board of directors' request for a concise