EMT Practice Test

1. Question Content...


Question List

Question1: An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download nonsensitive production data for software testing purposes. The information security manager should recommend which of the following?

Question2: Which of the following will BEST protect confidential data when connecting large wireless networks to an existing wired-network infrastructure?

Question3: Which of the following will BEST protect against malicious activity by a former employee?

Question4: Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

Question5: When security policies are strictly enforced, the initial impact is that:

Question6: The MOST important reason for conducting periodic risk assessments is because:

Question7: What is the BEST way for a customer to authenticate an e-commerce vendor?

Question8: Which of the following is the BEST way to reduce the risk of a ransomware attack?

Question9: What is the BEST method to confirm that all firewall rules and router configuration settings are adequate?

Question10: Which of the following stakeholders would provide the BEST guidance in aligning the information security strategy with organizational goals?

Question11: Which of the following would be MOST helpful when justifying the funding required for a compensating control?

Question12: A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies is the BEST approach for developing a physical access control policy for the organization?

Question13: The main mail server of a financial institution has been compromised at the superuser level; the only way to ensure the system is secure would be to:

Question14: Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of integrity?

Question15: An information security manager is advised by contacts in law enforcement that there is evidence that his/ her company is being targeted by a skilled gang of hackers known to use a variety of techniques, including social engineering and network penetration. The FIRST step that the security manager should take is to:

Question16: An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:

Question17: Which of the following is the MOST important reason to consider the role of the IT service desk when developing incident handling procedures?

Question18: An information security manager has recently been notified of potential security risks associated with a thirdparty service provider. What should be done NEXT to address this concern?

Question19: Of the following, which is the MOST important aspect of forensic investigations?

Question20: The organization has decided to outsource the majority of the IT department with a vendor that is hosting servers in a foreign country. Of the following, which is the MOST critical security consideration?

Question21: Which of the following is the BEST source of information to help determine whether a third party's connections to the organization's internal network are aligned with internal control requirements?

Question22: The risk of mishandling alerts identified by an intrusion detection system (IDS) would be the GREATEST when:

Question23: Which of the following is an information security manager's FIRST priority after a high-profile system has been compromised?

Question24: An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

Question25: An organization with multiple data centers has designated one of its own facilities as the recovery site. The MOST important concern is the:

Question26: A risk management program will be MOST effective when:

Question27: Which of the following should be determined FIRST when preparing a risk communication plan?

Question28: A risk assessment study carried out by an organization noted that there is no segmentation of the local area network (LAN). Network segmentation would reduce the potential impact of which of the following?

Question29: Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?

Question30: Which of the following is the MOST essential element of an information security program?

Question31: When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?

Question32: A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?

Question33: An outcome of effective security governance is:

Question34: Which of the following change management activities would be a clear indicator that normal operational procedures require examination? A high percentage of:

Question35: An organization is already certified to an international security standard. Which mechanism would BEST help to further align the organization with other data security regulatory requirements as per new business needs?

Question36: Which of the following metrics would provide management with the MOST useful information about the progress of a security awareness program?

Question37: Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Question38: Security awareness training is MOST likely to lead to which of the following?

Question39: What is the BEST way to ensure users comply with organizational security requirements for password complexity?

Question40: Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

Question41: Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?

Question42: The PRIMARY reason for establishing a data classification scheme is to identify:

Question43: Which of the following is the MOST important information to include in a strategic plan for information security?

Question44: Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

Question45: Which of the following is the MOST important to keep in mind when assessing the value of information?

Question46: Which of the following BEST supports the incident management process for attacks on an organization's supply chain?

Question47: The PRIMARY objective of performing a post-incident review is to:

Question48: The PRIMARY objective of a risk management program is to:

Question49: Which of the following is the MOST effective method to help ensure information security incidents are reported?

Question50: To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST:

Question51: Which of the following features is normally missing when using Secure Sockets Layer (SSL) in a web browser?

Question52: The effectiveness of virus detection software is MOST dependent on which of the following?

Question53: When evaluating cloud storage solutions the FIRST consideration should be:

Question54: An information security manager is recommending an investment in a new security initiative to address recently published threats. Which of the following would be MOST important to include in the business case?

Question55: To minimize security exposure introduced by changes to the IT environment, which of the following is MOST important to implement as part of change management?

Question56: The PRIMARY goal of a corporate risk management program is to ensure that an organization's:

Question57: Which of the following is the BEST way to measure the effectiveness of a newly implemented social engineering training program?

Question58: Which of the following reduces the potential impact of social engineering attacks?

Question59: An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation?

Question60: Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack?

Question61: To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?

Question62: When developing a disaster recovery plan, which of the following would be MOST helpful in prioritizing the order in which systems should be recovered?

Question63: Which of the following represents the MAJOR focus of privacy regulations?

Question64: When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?

Question65: Which program element should be implemented FIRST in asset classification and control?

Question66: Which of the following would be the BEST way for a company to reduce the risk of data loss resulting from employee-owned devices accessing the corporate email system?

Question67: Isolation and containment measures lor a compromised computer have been taken and information security management is now investigating. What is the MOST appropriate next step?

Question68: Which of the following MOST efficiently ensures the proper installation of a firewall policy that restricts a small group of internal IP addresses from accessing the Internet?

Question69: Which of the following is the MOST important delivery outcome of information security governance?

Question70: What is the BEST defense against a Structured Query Language (SQL) injection attack?

Question71: Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

Question72: Which of the following would be MOST effective in ensuring that information security is appropriately addressed in new systems?

Question73: Adding security requirements late in the software development life cycle (SDLC) would MOST likely result in:

Question74: An extranet server should be placed:

Question75: The information classification scheme should:

Question76: Which of the following BEST promotes stakeholder accountability in the management of information security risks?

Question77: The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:

Question78: Why is "slack space" of value to an information security manager as pan of an incident investigation?

Question79: What is the MOST cost-effective method of identifying new vendor vulnerabilities?

Question80: Which of the following is the BEST evidence of the maturity of an organization's information security program?

Question81: Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?

Question82: In organizations where availability is a primary concern, the MOST critical success factor of the patch management procedure would be the:

Question83: Which of the following provides the GREATEST assurance that existing controls meet compliance requirements?

Question84: A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

Question85: Which of the following should be included in an annual information security budget that is submitted for management approval?

Question86: An organization's IT department is undertaking a large virtualization project to reduce its physical server footprint. Which of the following should be the HIGHEST priority of the information security manager?

Question87: A risk analysis for a new system is being performed.
For which of the following is business knowledge MORE important than IT knowledge?

Question88: Investments in information security technologies should be based on:

Question89: Which of the following is MOST important for an information security manager to ensure when evaluating change requests?

Question90: Which of the following devices should be placed within a demilitarized zone (DMZ )?

Question91: Which of the following is MOST important to consider when determining asset valuation?

Question92: Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?

Question93: Which of the following is a risk of cross-training?

Question94: Executive leadership becomes involved in decisions about information security governance.
Executive leadership views information security governance primarily as a concern of the information security management team. What should be an information security manager's MOST important consideration when reviewing a proposed upgrade to a business unit's production database?

Question95: When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:

Question96: Of the following, which is the MOST important aspect of forensic investigations?

Question97: A risk profile supports effective security decisions PRIMARILY because it:

Question98: As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain any effective information security program?

Question99: A new organization has been hit with a ransomware attack that is critically impacting its business operations. The organization does not yet have a proper incident response plan, but it does have a backup procedure for restoration of dat a. Which of the following should be the FIRST course of action?

Question100: Which of the following is the MOST important item to include when developing web hosting agreements with third-party providers?

Question101: When a large organization discovers that it is the subject of a network probe, which of the following actions should be taken?

Question102: A web server in a financial institution that has been compromised using a super-user account has been isolated, and proper forensic processes have been followed. The next step should be to:

Question103: Which of the following will BEST protect an organization from internal security attacks?

Question104: Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?

Question105: An information security manager is preparing a presentation to obtain support for a security initative. Which of the following is the BEST way to obtain management's commitment for the initiative?

Question106: Who should drive the risk analysis for an organization?

Question107: How would an organization know if its new information security program is accomplishing its goals?

Question108: Which of the following provides the MOST useful information for identifying security control gaps on an application server?

Question109: For computer forensics evidence to be admissible in a court of law, the evidence MUST:

Question110: Which of the following are the MOST important individuals to include as members of an information security steering committee?

Question111: Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?

Question112: Which of the following is MOST critical when creating an incident response plan?

Question113: Which of the following is the PRIMARY purpose for establishing a bring your own device (BYOD) policy that only permits application downloads from designated online markets.

Question114: An organization has verified that its customer information was recently exposed. Which of the following is the FIRST step a security manager should take in this situation?

Question115: Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?

Question116: Which of the following risks is represented in the risk appetite of an organization?

Question117: Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise's security management framework?

Question118: Attackers who exploit cross-site scripting vulnerabilities take advantage of:

Question119: An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?

Question120: Which of the following is the MOST effective type of access control?

Question121: Information security should be:

Question122: Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?

Question123: Recovery time objectives (RTOs) are an output of which of the following?

Question124: Which of the following is the FIRST step required to achieve effective performance measurement?

Question125: Which of the following is a step in establishing a security policy?

Question126: Senior management has allocated funding to each of the organization's divisions to address information security vulnerabilities. The funding is based on each division's technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?

Question127: Which of the following is the MOST effective way to communicate information security risk to senior management?

Question128: A validated patch to address a new vulnerability that may affect a mission-critical server has been released.
What should be done immediately?

Question129: Which of the following is an advantage of a centralized information security organizational structure?

Question130: Which of the following is the MOST critical activity to ensure the ongoing security of outsourced IT services?

Question131: Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

Question132: Which of the following is MOST important to the successful promotion of good security management practices?

Question133: Which of the following would be an information security manager's PRIMARY challenge when deploying a Bring Your Own Device (BYOD) mobile program in an enterprise?

Question134: From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities?

Question135: Risk acceptance is a component of which of the following?

Question136: Which of the following will BEST enable the identification of appropriate controls to prevent repeated occurrences of similar types of information...........

Question137: The MOST effective use of a risk register is to:

Question138: Which of the following metrics BEST evaluates the completeness of disaster-recovery preparations?

Question139: When reporting to senior management on an information security vulnerability that could lead to a potential breach, what information is MOST likely to facilitate the decision-making process?

Question140: A risk profile supports effective security decisions PRIMARILY because it:

Question141: Which of the following is MOST important to consider when determining the effectiveness of the Information security governance program?

Question142: A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:

Question143: The PRIMARY goal of the eradication phase in an incident response process is to:

Question144: What would a security manager PRIMARILY utilize when proposing the implementation of a security solution?

Question145: An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RIP) is the:

Question146: Developing a successful business case for the acquisition of information security software products can BEST be assisted by:

Question147: Which of the following would be a MAJOR consideration for an organization defining its business continuity plan (BCP) or disaster recovery program (DRP)?

Question148: A critical component of a continuous improvement program for information security is:

Question149: In order to highlight to management the importance of network security, the security manager should FIRST:

Question150: Which of the following is the MOST important consideration of the information security manager to ensure effective security monitoring of outsourced operations?

Question151: If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:

Question152: An organization's operations staff places payment files in a shared network folder and then the disbursement staff picks up the files for payment processing. This manual intervention will be automated some months later, thus cost-efficient controls are sought to protect against file alterations. Which of the following would be the BEST solution?

Question153: Phishing is BEST mitigated by which of the following?

Question154: The head of a department affected by a recent security incident expressed concern about not being aware of the actions taken to resolve the incident. Which of the following is the BEST way to address this issue?

Question155: A core business unit relies on an effective legacy system that does not meet the current security standards and threatens that enterprise network. Which of the following is the BEST course of action to address the situation?

Question156: An intrusion detection system (IDS) should:

Question157: Which of the following would be helpful in determining an organization's current capacity to mitigate risk?

Question158: The valuation of IT assets should be performed by:

Question159: Which of the following would provide the MOST effective security outcome in an organization?

Question160: When a newly installed system for synchronizing passwords across multiple systems and platforms abnormally terminates without warning, which of the following should automatically occur FIRST?

Question161: A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of all incidents and wants to be able to present a unified response to widely dispersed events.
Which of the following IRT models BEST supports these objectives?

Question162: Which of the following is the PRIMARY goal of business continuity management?

Question163: The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its

Question164: Which of the following should be the information security manager's NEXT step following senior management approval of the information security strategy?

Question165: Which of the following would be the MOST important factor to be considered in the loss of mobile equipment with unencrypted data?

Question166: Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

Question167: Which of the following disaster recovery testing techniques is the MOST cost-effective way to determine the effectiveness of the plan?

Question168: Which of the following is an example of a change to the external threat landscape?

Question169: An organization is leveraging tablets to replace desktop computers shared by shift-based staff. These tables contain critical business data and are inherently at increased risk of theft. Which of the following will BEST help to mitigate this risk?

Question170: Which of the following is MOST important for measuring the effectiveness of a security awareness program?

Question171: Risk assessment is MOST effective when performed:

Question172: Data owners are normally responsible for which of the following?

Question173: Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?

Question174: Which of the following would be MOST effective in ensuring that information security is appropriately addressed in new systems?

Question175: Which of the following provides the MOST comprehensive understanding of an organization's information security posture?

Question176: A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GREATEST weakness in recovery capability?

Question177: Which of the following should be the focus of a post-incident review following a successful response to a cybersecurity incident?

Question178: A core business function has created a significant risk. Budget constraints do not allow for effective remediation. Who should be accountable for selecting the appropriate risk treatment?

Question179: Which of the following MOST efficiently ensures the proper installation of a firewall policy that restricts a small group of internal IP addresses from accessing the Internet?

Question180: Which of the following is the MOST important factor to ensure information security is meeting the organization's objectives?

Question181: A risk has been formally accepted and documented.
Which of the following is the MOST important action for an information security manager?

Question182: The business continuity policy should contain which of the following?

Question183: Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Question184: An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

Question185: The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

Question186: Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?

Question187: A global organization has developed a strategy to share a customer information database between offices in two countries. In this situation, it is

Question188: Which of the following would help to change an organization's security culture?

Question189: Which of the following outsourced services has the GREATEST need for security monitoring?

Question190: What is the PRIMARY purpose of an unannounced disaster recovery exercise?

Question191: From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities?

Question192: What is the MOST appropriate change management procedure for the handling of emergency program changes?

Question193: Which of the following would MOST likely require a business continuity plan to be invoked?

Question194: Which of the following is the PRIMARY goal of an incident response team during a security incident?

Question195: Management is questioning the need for several items in the information security budget proposal. Which of the following would have been MOST helpful prior to budget submission?

Question196: Noncompliance issues were identified through audit. Which of the following is the BEST approach for the information security manager to ensure that issues are resolved in a timely manner?

Question197: The PRIMARY reason for using information security metrics is to:

Question198: Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?

Question199: An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?

Question200: When speaking to an organization's human resources department about information security, an information security manager should focus on the need for:

Question201: Reviewing which of the following would BEST ensure that security controls are effective?

Question202: Which of the following roles is PRIMARILY responsible for determining the information classification levels for a given information asset?

Question203: Which of the following is the MOST important information to include in an information security standard?

Question204: The MOST useful way to describe the objectives in the information security strategy is through:

Question205: What is the PRIMARY objective of a post-event review in incident response?

Question206: A customer credit card database has been breached by hackers. The FIRST step in dealing with this attack should be to:

Question207: Following a risk assessment, new countermeasures have been approved by management. Which of the following should be performed NEXT

Question208: A risk management program would be expected to:

Question209: Which of the following devices should be placed within a DMZ?

Question210: The BEST reason for an organization to have two discrete firewalls connected directly to the Internet and to the same DMZ would be to:

Question211: When a security standard conflicts with a business objective, the situation should be resolved by:

Question212: An organization has implemented an enhanced password policy for business applications which requires significantly more business unit resource to support clients. The BEST approach to obtain the support of business unit management would be to:

Question213: Which of the following is the PRIMARY advantage of using an incident severity rating system'?

Question214: A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

Question215: The MOST important reason to use a centralized mechanism to identify information security incidents is to:

Question216: Which of the following is the PRIMARY prerequisite to implementing data classification within an organization?

Question217: Risk assessment is MOST effective when performed:

Question218: Which of the following is the PRIMARY responsibility of an information security steering committee composed of management representation from business units?

Question219: Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a publicly facing .....

Question220: When performing a risk assessment, the MOST important consideration is that:

Question221: At what stage of the applications development process should the security department initially become involved?

Question222: Which of the following would be MOST useful in developing a series of recovery time objectives (RTOs)?

Question223: Which of the following will BEST protect an organization from internal security attacks?

Question224: The MOST important factor in ensuring the success of an information security program is effective:

Question225: Which of the following environments represents the GREATEST risk to organizational security?

Question226: The GREATEST benefit resulting from well-documented information security procedures is that they:

Question227: An organization implemented a mandatory information security awareness training program a year ago. What is the BEST way to determine its effectiveness?

Question228: The return on investment of information security can BEST be evaluated through which of the following?

Question229: Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization?

Question230: Which of the following should an information security manager do FIRST upon learning that a data loss prevention (DLP) scanner has identified payment card information (PCI) stored in cleartext within accounting file shares?

Question231: In an organization with effective IT risk management, the PRIMARY reason to establish key risk indicators (KRIs) is to:

Question232: Attackers who exploit cross-site scripting vulnerabilities take advantage of:

Question233: The MOST appropriate owner of customer data stored in a central database, used only by an organization's sales department, would be the:

Question234: The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?

Question235: Which of the following is the MOST appropriate method to protect a password that opens a confidential file?

Question236: A large organization is considering a policy that would allow employees to briog their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

Question237: Which of the following situations would be the MOST concern to a security manager?

Question238: Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?

Question239: In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability.
Before relying on this certification, it is MOST important that the information security manager confirms that the:

Question240: The MOST important reason for conducting periodic risk assessments is because:

Question241: In which cloud model does the cloud service buyer assume the MOST security responsibility?

Question242: In a business impact analysis, the value of an information system should be based on the overall cost:

Question243: Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?

Question244: An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to:

Question245: When collecting evidence for forensic analysis, it is important to:

Question246: Which of the following is the GREATEST potential exposure created by outsourcing to an application service provider?

Question247: Which of the following would BEST ensure thai security risk assessment is integrated into the life cycle of major IT projects