EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the MOST important issue in a penetration test?

Question2: Which of the following would MOST effectively ensure that a new server is appropriately secured?

Question3: Which of the following BEST enables the integration of information security governance into corporate governance?

Question4: Which of the following should be done FIRST when implementing a security program?

Question5: Which of the following is MOST effective for communicating forward-looking trends within security reporting?

Question6: Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

Question7: Which of the following is the MOST important criterion when deciding whether to accept residual risk?

Question8: Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?

Question9: Labeling information according to its security classification:

Question10: Implementing the principle of least privilege PRIMARILY requires the identification of:

Question11: An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

Question12: Which of the following is the MOST important detail to capture in an organization's risk register?

Question13: The PRIMARY purpose for continuous monitoring of security controls is to ensure:

Question14: When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Question15: Which of the following has the MOST influence on the inherent risk of an information asset?

Question16: Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

Question17: Which of the following provides the BEST evidence that a recently established infofmation security program is effective?

Question18: An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?

Question19: Which of the following is MOST important for the effective implementation of an information security governance program?

Question20: Which of the following is the responsibility of a risk owner?

Question21: Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

Question22: A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?

Question23: Which of the following is MOST helpful in determining an organization's current capacity to mitigate risks?

Question24: Which of the following is MOST important to include in an information security status report management?

Question25: Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?

Question26: When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?

Question27: Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?

Question28: Regular vulnerability scanning on an organization's internal network has identified that many user workstations have unpatched versions of software. What is the BEST way for the information security manager to help senior management understand the related risk?

Question29: An organization has acquired a company in a foreign country to gain an advantage in a new market Which of the following is the FIRST step the information security manager should take?

Question30: Which of the following BEST ensures information security governance is aligned with corporate governance?

Question31: Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Question32: An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?

Question33: Senior management has just accepted the risk of noncompliance with a new regulation What should the information security manager do NEX*P

Question34: Which of the following is the MOST important requirement for a successful security program?

Question35: An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?

Question36: Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9

Question37: Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?

Question38: After a server has been attacked, which of the following is the BEST course of action?

Question39: Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:

Question40: Which of the following BEST supports information security management in the event of organizational changes in security personnel?

Question41: For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:

Question42: An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:

Question43: Information security controls should be designed PRIMARILY based on:

Question44: When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:

Question45: Which of the following is an example of risk mitigation?

Question46: Which of the following is the FIRST step to establishing an effective information security program?

Question47: A balanced scorecard MOST effectively enables information security:

Question48: Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?

Question49: The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:

Question50: Which of the following provides the MOST comprehensive insight into ongoing threats facing an organization?

Question51: While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?

Question52: Which of the following is MOST important to have in place for an organization's information security program to be effective?

Question53: The fundamental purpose of establishing security metrics is to:

Question54: Which risk is introduced when using only sanitized data for the testing of applications?

Question55: The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?

Question56: A common drawback of email software packages that provide native encryption of messages is that the encryption:

Question57: Which of the following would be MOST helpful to identify worst-case disruption scenarios?

Question58: An organization has purchased an Internet sales company to extend the sales department. The information security manager's FIRST step to ensure the security policy framework encompasses the new business model is to:

Question59: Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?

Question60: What type of control is being implemented when a security information and event management (SIEM) system is installed?

Question61: Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Question62: An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?

Question63: An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

Question64: An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk''

Question65: To support effective risk decision making, which of the following is MOST important to have in place?

Question66: Which of the following would provide the MOST effective security outcome in an organizations contract management process?

Question67: Threat and vulnerability assessments are important PRIMARILY because they are:

Question68: Which of the following is the MOST important factor of a successful information security program?

Question69: A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

Question70: An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager's FIRST course of action?

Question71: An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?

Question72: An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

Question73: A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

Question74: The MOST appropriate time to conduct a disaster recovery test would be after:

Question75: An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Question76: Which of the following would provide the BEST evidence to senior management that security control performance has improved?

Question77: Which of the following should be triggered FIRST when unknown malware has infected an organization's critical system?

Question78: What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?

Question79: Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?

Question80: Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

Question81: Which of the following would BEST justify continued investment in an information security program?

Question82: Which of the following is the PRIMARY benefit of an information security awareness training program?

Question83: Which of the following should be the FIRST step in developing an information security strategy?

Question84: To ensure that a new application complies with information security policy, the BEST approach is to:

Question85: An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

Question86: Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

Question87: Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

Question88: Penetration testing is MOST appropriate when a:

Question89: An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

Question90: What is the BEST way to reduce the impact of a successful ransomware attack?

Question91: Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?

Question92: An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?

Question93: Which of the following BEST enables the integration of information security governance into corporate governance?

Question94: Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Question95: An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?

Question96: Which of the following would be MOST useful to help senior management understand the status of information security compliance?

Question97: What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Question98: Which of the following has the GREATEST influence on the successful integration of information security within the business?

Question99: Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Question100: Which of the following is the MOST critical factor for information security program success?

Question101: Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Question102: Which of the following BEST enables an organization to maintain legally admissible evidence7

Question103: An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

Question104: An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

Question105: Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?

Question106: An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step to address this situation is to:

Question107: Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?

Question108: Which of the following activities MUST be performed by an information security manager for change requests?

Question109: Which of the following is MOST useful to an information security manager when determining the need to escalate an incident to senior?

Question110: An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Question111: When properly implemented, secure transmission protocols protect transactions:

Question112: Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

Question113: Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?

Question114: Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?

Question115: Which of the following sources is MOST useful when planning a business-aligned information security program?

Question116: Which of the following is PRIMARILY determined by asset classification?

Question117: Which of the following is the BEST indication of an effective information security awareness training program?

Question118: Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?

Question119: Which of the following BEST supports effective communication during information security incidents7

Question120: Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

Question121: An anomaly-based intrusion detection system (IDS) operates by gathering data on:

Question122: In which cloud model does the cloud service buyer assume the MOST security responsibility?

Question123: What should be an information security manager's MOST important consideration when developing a multi-year plan?

Question124: A daily monitoring report reveals that an IT employee made a change to a firewall rule outside of the change control process. The information security manager's FIRST step in addressing the issue should be to:

Question125: Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Question126: Which of the following BEST facilitates effective incident response testing?

Question127: Which of the following will result in the MOST accurate controls assessment?

Question128: A penetration test was conducted by an accredited third party Which of the following should be the information security manager's FIRST course of action?

Question129: Which of the following is the BEST option to lower the cost to implement application security controls?

Question130: The PRIMARY advantage of involving end users in continuity planning is that they:

Question131: An organization has introduced a new bring your own device (BYOD) program. The security manager has determined that a small number of employees are utilizing free cloud storage services to store company data through their mobile devices. Which of the following is the MOST effective course of action?

Question132: An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
* A bad actor broke into a business-critical FTP server by brute forcing an administrative password
* The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
* The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
* After three hours, the bad actor deleted the FTP directory, causing incoming FTP attempts by legitimate customers to fail Which of the following could have been prevented by conducting regular incident response testing?

Question133: Which of the following MUST happen immediately following the identification of a malware incident?

Question134: Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

Question135: Which of the following is MOST important to have in place to help ensure an organization's cybersecurity program meets the needs of the business?

Question136: A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

Question137: Which of the following defines the triggers within a business continuity plan (BCP)? @

Question138: Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?

Question139: Management decisions concerning information security investments will be MOST effective when they are based on:

Question140: An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?

Question141: Which of the following activities is designed to handle a control failure that leads to a breach?

Question142: Following a risk assessment, an organization has made the decision to adopt a bring your own device (BYOD) strategy. What should the information security manager do NEXT?

Question143: During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?

Question144: An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:

Question145: An information security manager is reporting on open items from the risk register to senior management. Which of the following is MOST important to communicate with regard to these risks?

Question146: Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?

Question147: Which of the following MUST be established to maintain an effective information security governance framework?

Question148: Which of the following is the MOST important consideration when determining which type of failover site to employ?

Question149: An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?

Question150: Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Question151: The effectiveness of an information security governance framework will BEST be enhanced if:

Question152: Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?

Question153: Which of the following should an information security manager do FIRST when creating an organization's disaster recovery plan (DRP)?

Question154: Which of the following would BEST enable a new information security manager to obtain senior management support for an information security governance program?

Question155: Which of the following metrics is MOST appropriate for evaluating the incident notification process?

Question156: Which of the following is MOST important when defining how an information security budget should be allocated?

Question157: An investigation of a recent security incident determined that the root cause was negligent handing of incident alerts by system admit manager to address this issue?

Question158: Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Question159: Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?

Question160: An information security manager has identified that security risks are not being treated in a timely manner. Which of the following

Question161: An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?

Question162: Which of the following would BEST help to ensure appropriate security controls are built into software?

Question163: In a call center, the BEST reason to conduct a social engineering is to:

Question164: Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Question165: Which of the following is the PRIMARY objective of incident triage?

Question166: Which of the following is the BEST indication of effective information security governance?

Question167: Which of the following is the BEST justification for making a revision to a password policy?

Question168: Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

Question169: Which of the following is the PRIMARY role of an information security manager in a software development project?

Question170: Which of the following should be the MOST important consideration when establishing information security policies for an organization?

Question171: An email digital signature will:

Question172: Which of the following is the BEST indication that an organization has a mature information security culture?

Question173: When collecting admissible evidence, which of the following is the MOST important requirement?

Question174: Which of the following metrics BEST measures the effectiveness of an organization's information security program?

Question175: In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability.
Before relying on this certification, it is MOST important that the information security manager confirms that the:

Question176: Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Question177: Of the following, who is in the BEST position to evaluate business impacts?

Question178: Which of the following is a PRIMARY benefit of managed security solutions?

Question179: Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?

Question180: Which of the following BEST indicates that information assets are classified accurately?

Question181: The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:

Question182: Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

Question183: The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition from a hard disk is to:

Question184: Which of the following BEST indicates that information security governance and corporate governance are integrated?

Question185: Which of the following is MOST important in order to obtain senior leadership support when presenting an information security strategy?