EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following would be the MOST effective countermeasure against malicious programming that rounds down transaction amounts and transfers them to the perpetrator's account?

Question2: An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager's FIRST course of action?

Question3: Which of the following is the MOST relevant factor when determining the appropriate escalation process in the incident response plan?

Question4: Which of the following is the BEST way for an information security
manager to justify ongoing annual maintenance fees associated with an
intrusion prevention system (IPS)?

Question5: Which of the following will MOST effectively minimize the chance of inadvertent disclosure of confidential information?

Question6: Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?

Question7: An Information security risk analysis BEST assists an organization in ensuring that;

Question8: Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

Question9: Which of the following is an information security manager's FIRST priority after a high-profile system has been compromised?

Question10: An, organization's senior management is encouraging employees to use social media for promotional purposes. Which of the following should be the information security manager's FIRST step to support this strategy?

Question11: What is the PRIMARY objective of implementing standard security configurations?

Question12: Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?

Question13: An organization has recently acquired a smaller company located in a different geographic region. Which of the following is the BEST approach for addressing conflicts between the parent organization's security standards and local regulations affecting the acquired company?

Question14: Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services. Which of the following should be the PRIMARY focus of Company A's information security manager?

Question15: A large organization is in the process of developing its information security program that involves working with several complex o organizational functions. Which of the following will BEST enable the successful implementation of this program?

Question16: Rn information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?

Question17: Which of the following should be of MOST concern to an information security manager reviewing an organization's data classification program?

Question18: The BEST indication of a change in risk that may negatively impact an organization is an increase

Question19: Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

Question20: When determining an acceptable risk level, which of the following is the MOST important consideration?

Question21: What is the PRIMARY benefit of effective configuration management?

Question22: Which of the following should be the PRIMARY consideration when implementing a data loss prevention (DLP) solution?

Question23: An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager's MOST important action in support of this initiative?

Question24: When supporting an organization's privacy officer, which of the following is the information security managers PRIMARY role regarding privacy requirements?

Question25: Which of the following is the BEST way to determine if a recent investment in access control software was successful?

Question26: Which of the following should be the PRIMARY driver for selecting and implementing appropriate controls to address the risk associated with weal user passwords?

Question27: Which of the following is an information security manager's BEST course of action upon discovering an organization with budget constraints lacks several important security capabilities?

Question28: Which of the following information BEST supports risk management decision making?

Question29: The BEST way to report to the board on the effectiveness of the information security program is to present:

Question30: A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked and there is no assurance that compliance requirements are being met What should be done FIRST to reverse this bottom-up approach to security?

Question31: Which of the following provides the MOST essential input for the development of an information security strategy?

Question32: Application data integrity risk is MOST directly addressed by a design that includes:

Question33: The most important information for influencing management's support of inrormaao security control performance has improved?

Question34: Which of the following is MOST likely to be a component of a security incident escalation policy?

Question35: Which of the following BEST describes a buffer overflow?

Question36: Which of the following is the MOST important element in the evaluation of inherent security risks?

Question37: An information security manager has identified that security risks are not being treated in a timely manner. Which of the following is the BEST way to address this situation?

Question38: Who should an information security manager contact FIRST upon discovering that a cloud-based payment system used by the organization may be infected with malware?

Question39: An information security manager wants to document requirements detailing the minimum security controls required for user workstations.
Which of the following resources would be MOST appropriate for this purpose'?

Question40: Executive leadership has decided to engage a consulting firm to develop and implement a comprehensive security framework for the organization to allow senior management to remain focused on business priorities. Which of the following poses the GREATEST challenge to the successful implementation of the new security governance framework?

Question41: Which of the following is MOST important to include in an information security status report to senior management?

Question42: Which of the following is the PRIMARY reason that an information security manager would contract with an external provider to perform penetration testing?

Question43: Executive leadership becomes involved in decisions about information security governance.
Executive leadership views information security governance primarily as a concern of the information security management team. What should be an information security manager's MOST important consideration when reviewing a proposed upgrade to a business unit's production database?

Question44: The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its:

Question45: In an organization that has several independent security tools including intrusion detection systems (IDSs) and firewalls, which of the following is the BEST way to ensure timely detection of incidents?

Question46: An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers, and maintaining all core business functions in-house. The
information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?

Question47: Which of the following BEST validates that security controls are implemented in a new business process?

Question48: Which of the following should an information security manager do FIRST when a legacy application is not compliant with a regulatory requirement, but the business unit does not have the budget for remediation?

Question49: The BEST way to avoid session hijacking is to use:

Question50: Which of the following is the MOST important step when establishing guidelines for the use of social networking sites in an organization?

Question51: What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

Question52: An organization is developing a disaster recovery strategy and needs to identify each application's criticality so that the recovery sequence can be established. Which of the following is the BEST course of action?

Question53: What would be an information security manager's BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization's critical data?

Question54: Threat and vulnerability assessments are important PRIMARILY because they are:

Question55: When drafting the corporate privacy statement for a public web site, which of the following MUST be included?

Question56: An organization's ClO has tasked the information security manager with drafting the charter for an information security steering committee. The committee will be comprised of the C/O, the IT shared services manager, the vice president of marketing, and the information security manager. Which of the following is the MOST significant issue with the development of this committee?

Question57: Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

Question58: The MOST important reason to use a centralized mechanism to identify information security incidents is to:

Question59: Which of the following is the MOST important function of an information security steering committee?

Question60: Which of the following is the MOST effective approach for determining whether an organization's information security program supports the information security strategy?

Question61: Which of the following should be an information security manager's MOST important criterion for determining when to review the incident response plan?

Question62: An organization has established a bring your own device (BYOD) program. Which of the following is the MOST important security consideration when allowing employees to use personal devices for corporate applications remotely?

Question63: When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

Question64: Senior management wants to provide mobile devices to its sales force.
Which of the following should the information security manager do FIRST to support this objective?

Question65: Which of the following is MOST likely to be included in an enterprise security policy?

Question66: During which of the following development phases is it MOST challenging to implement security controls?

Question67: Which of the following would be an information security manager's PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Question68: What is the BEST way for an information security manager to ensure critical assets are prioritized in a new information security program?

Question69: Which of the following would provide the HIGHEST level of confidence in the integrity of data when sent from one party to another?

Question70: Which of the following has the MOST direct impact on the usability of an organization's asset classification policy?

Question71: Which of the following is the MOST reliable way to ensure network security incidents are identified as soon as possible?

Question72: The authorization to transfer the handling of an internal security incident
to a third-party support provider is PRIMARILY defined by the:

Question73: Prior to implementing a bring your own device (BYOD) program, it is MOST important to:

Question74: An information security manager is asked to provide a short presentation on the organization's current IT risk posture to the board of directors. Which of the following would be MOST effective to include in this presentation?

Question75: When developing an escalation process for an incident response plan, the information security manager should PRIMARILY consider the:

Question76: To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST:

Question77: Risk scenarios simplify the risk assessment process by:

Question78: During a post-incident review, the sequence and correlation of actions must be analyzed PRIMARILY based on:

Question79: When scoping a risk assessment, assets need to be classified by:

Question80: Which of the following is the PRIMARY purpose of establishing an information security governance framework?

Question81: Which of the following is the PRIMARY responsibility of an information security steering committee?

Question82: For an organization that provides web-based services, which of the following security events would MOST likely initiate an incident response plan and be escalated to management?

Question83: A security policy exception is leading to an unexpected increase in the number of alerts about suspicious Internet traffic on an organization's network. Which of the following is the BEST course of action?

Question84: For an organization that is experiencing outages due to malicious code, which of the following is the BEST index of the effectiveness of countermeasures?

Question85: The PRIMARY goal of the eradication phase in an incident response process is to:

Question86: Which of the following BEST enables the detection of advanced persistent threats (APTs)?

Question87: A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?

Question88: An information security manager discovers that the organization's new information security policy is not being followed across all departments. Which of the following should be of GREATEST concern to the information security manager?

Question89: Which of the following would MOST effectively communicate the benefits of an information security program to executive management?

Question90: The business advantage of implementing authentication tokens is that they:

Question91: Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?

Question92: Who should determine data access requirements for an application hosted at an organization's data center?

Question93: A corporate information security program is BEST positioned for success when:

Question94: Which of the following provides the MOST useful information for identifying security control gaps on an application server?

Question95: An employee clicked on a link in a phishing email, triggering a ransomware attack. Which of the following should be the information security manager's FIRST step?

Question96: Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:

Question97: An organization is leveraging tablets to replace desktop computers shared by shift-based staff. These tablets contain critical business data and are inherently at increased risk of theft. Which of the following will BEST help to mitigate this risk?

Question98: Which of the following is the MOST effective method of preventing deliberate internal security breaches?

Question99: Which of the following is the BEST way to ensure that organizational security policies comply with data security regulatory requirements?

Question100: Which of the following is the MOST important objective of testing a security incident response plan?

Question101: When monitoring the security of a web-based application, which of the following is MOST frequently reviewed?

Question102: Which type of control is an incident response team?

Question103: The PRIMARY benefit of a centralized time server is that it

Question104: What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Question105: Which of the following BEST indicates the effectiveness of the vendor risk management process?

Question106: An attacker was able to gain access to an organization's perimeter firewall and made changes to allow wider external access and to steal data, Which of the following would have BEST provided timely
identification of this incident?

Question107: Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

Question108: Which of the following is the MOST effective way to protect the authenticity of data in transit?

Question109: Which of the following external entities would provide the BEST guidance to an organization facing advanced attacks?