EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS) vendor?

Question2: Which of the following is the MOST effective way to detect security incidents?

Question3: Which of the following is MOST important to include in an information security strategy?

Question4: Which of the following BEST indicates that information assets are classified accurately?

Question5: Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?

Question6: Which of the following is BEST used to determine the maturity of an information security program?

Question7: A security incident has been reported within an organization When should an information security manager contact the information owner?

Question8: Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?

Question9: A Seat a-hosting organization's data center houses servers, appli
BEST approach for developing a physical access control policy for the organization?

Question10: Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?

Question11: Which of the following would be MOST useful to help senior management understand the status of information security compliance?

Question12: Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Question13: A common drawback of email software packages that provide native encryption of messages is that the encryption:

Question14: Which of the following is the MOST important function of an information security steering committee?

Question15: Which of the following is the BEST way to determine the effectiveness of an incident response plan?

Question16: Which of the following provides the MOST useful information for identifying security control gaps on an application server?

Question17: An information security team is planning a security assessment of an existing vendor. Which of the following approaches is MOST helpful for properly scoping the assessment?

Question18: A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:

Question19: Which of the following defines the triggers within a business continuity plan (BCP)? @

Question20: Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Question21: A penetration test was conducted by an accredited third party Which of the following should be the information security manager's FIRST course of action?

Question22: Which of the following BEST describes a buffer overflow?

Question23: A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

Question24: Who is BEST suited to determine how the information in a database should be classified?

Question25: Recovery time objectives (RTOs) are BEST determined by:

Question26: An organization needs to comply with new security incident response requirements. Which of the following should the information security manager do FIRST?

Question27: Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?

Question28: A balanced scorecard MOST effectively enables information security:

Question29: Which of the following is the PRIMARY benefit of an information security awareness training program?

Question30: A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

Question31: Which of the following metrics provides the BEST evidence of alignment of information security governance with corporate governance?

Question32: Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Question33: Which of the following is the PRIMARY role of an information security manager in a software development project?

Question34: An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

Question35: An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

Question36: Which of the following is MOST critical when creating an incident response plan?

Question37: When developing an asset classification program, which of the following steps should be completed FIRST?

Question38: How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

Question39: Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

Question40: What should be an information security manager's MOST important consideration when developing a multi-year plan?

Question41: Which of the following should be the FIRST step in developing an information security strategy?

Question42: An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Question43: When preventive controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager?

Question44: Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Question45: An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?

Question46: Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?

Question47: An organization is considering the feasibility of implementing a big data solution to analyze customer data. In order to support this initiative, the information security manager should FIRST:

Question48: An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?

Question49: Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?

Question50: Information security controls should be designed PRIMARILY based on:

Question51: When an organization experiences a disruptive event, the business continuity plan (BCP) should be triggered PRIMARILY based on:

Question52: Which of the following is the BEST way to contain an SQL injection attack that has been detected by a web application firewall?

Question53: Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?

Question54: An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?

Question55: The effectiveness of an information security governance framework will BEST be enhanced if:

Question56: Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?

Question57: Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Question58: The PRIMARY objective of a post-incident review of an information security incident is to:

Question59: The MOST appropriate time to conduct a disaster recovery test would be after:

Question60: Which of the following should an information security manager do FIRST after a new cybersecunty regulation has been introduced?

Question61: An organization recently updated and published its information security policy and standards. What should the information security manager do NEXT?

Question62: An organization plans to leverage popular social network platforms to promote its products and services.
Which of the following is the BEST course of action for the information security manager to support this initiative?

Question63: Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

Question64: Implementing the principle of least privilege PRIMARILY requires the identification of:

Question65: The GREATEST challenge when attempting data recovery of a specific file during forensic analysis is when:

Question66: IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant controls are applied to a project?

Question67: Due to specific application requirements, a project team has been granted administrative ponieon GR: is the PRIMARY reason for ensuring clearly defined roles and responsibilities are communicated to these users?

Question68: When deciding to move to a cloud-based model, the FIRST consideration should be:

Question69: To effectively manage an organization's information security risk, it is MOST important to:

Question70: A risk assessment exercise has identified the threat of a denial of service (DoS) attack Executive management has decided to take no further action related to this risk. The MO ST likely reason for this decision is

Question71: Which of the following provides the MOST comprehensive insight into ongoing threats facing an organization?

Question72: Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?

Question73: Which of the following roles is BEST able to influence the security culture within an organization?

Question74: Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?

Question75: Which of the following would BEST ensure that security is integrated during application development?

Question76: Which of the following is the GREATEST benefit of information asset classification?

Question77: The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

Question78: While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?

Question79: Which of the following is the PRIMARY role of the information security manager in application development?

Question80: Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?

Question81: An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.
Which of the following would provide the MOST useful information for planning purposes?

Question82: Which of the following should be the GREATEST concern for an information security manager when an annual audit reveals the organization's business continuity plan (BCP) has not been reviewed or updated in more than a year?

Question83: Which of the following is the PRIMARY objective of incident triage?

Question84: The effectiveness of an incident response team will be GREATEST when:

Question85: Which of the following is the BEST tool to monitor the effectiveness of information security governance?

Question86: Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

Question87: In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability.
Before relying on this certification, it is MOST important that the information security manager confirms that the:

Question88: An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

Question89: Which of the following should be the PRIMARY basis for an information security strategy?

Question90: Which of the following is the MOST important constraint to be considered when developing an information security strategy?

Question91: Which of the following is the MOST important criterion when deciding whether to accept residual risk?

Question92: An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?

Question93: Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?

Question94: Which of the following is the BEST indication of an effective information security awareness training program?

Question95: Which of the following should be given the HIGHEST priority during an information security post-incident review?

Question96: An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Question97: Which of the following is the BEST way to obtain support for a new organization-wide information security program?

Question98: Management decisions concerning information security investments will be MOST effective when they are based on:

Question99: An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

Question100: Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

Question101: Which of the following presents the GREATEST challenge to a security operations center's wna GY of potential security breaches?

Question102: Network isolation techniques are immediately implemented after a security breach to:

Question103: The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:

Question104: For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:

Question105: After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?

Question106: An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?

Question107: Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?

Question108: An organization's quality process can BEST support security management by providing:

Question109: A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager's FIRST course of action?

Question110: Which of the following is the BEST justification for making a revision to a password policy?

Question111: Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

Question112: To improve the efficiency of the development of a new software application, security requirements should be defined:

Question113: Which of the following would BEST help to ensure appropriate security controls are built into software?

Question114: An information security manager learns through a threat intelligence service that the organization may be targeted for a major emerging threat. Which of the following is the information security manager's FIRST course of action?

Question115: Which of the following BEST enables an organization to operate smoothly with reduced capacities when service has been disrupted?

Question116: An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be MOST appropriate for this purposed?

Question117: An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?

Question118: Which of the following would be MOST helpful when creating information security policies?

Question119: For which of the following is it MOST important that system administrators be restricted to read-only access?

Question120: Which of the following is the FIRST step to establishing an effective information security program?

Question121: Which of the following BEST determines the allocation of resources during a security incident response?

Question122: An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk''

Question123: Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

Question124: Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

Question125: The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

Question126: Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?

Question127: Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?

Question128: Which of the following should be triggered FIRST when unknown malware has infected an organization's critical system?

Question129: When developing a categorization method for security incidents, the categories MUST:

Question130: Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Question131: When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Question132: An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?

Question133: Which of the following is MOST important for building 4 robust information security culture within an organization?

Question134: Which of the following is MOST important to convey to employees in building a security risk-aware culture?

Question135: Which of the following is MOST effective in monitoring an organization's existing risk?

Question136: When determining an acceptable risk level, which of the following is the MOST important consideration?

Question137: An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the information security?

Question138: Which of the following elements of a service contract would BEST enable an organization to monitor the information security risk associated with a cloud service provider?

Question139: A PRIMARY benefit of adopting an information security framework is that it provides:

Question140: The MOST important information for influencing management's support of information security is:

Question141: Which of the following BEST enables an organization to effectively manage emerging cyber risk?

Question142: An organization is about to purchase a rival organization. The PRIMARY reason for performing information security due diligence prior to making the purchase is to:

Question143: Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

Question144: Which of the following is a PRIMARY benefit of managed security solutions?

Question145: Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of confidentiality?

Question146: An organization has identified a large volume of old data that appears to be unused. Which of the following should the information security manager do NEXT?

Question147: Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

Question148: Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?

Question149: Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization's information security program?

Question150: Which of the following has the MOST influence on the inherent risk of an information asset?

Question151: Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?

Question152: Which of the following is the PRIMARY reason to assign a risk owner in an organization?

Question153: In order to understand an organization's security posture, it is MOST important for an organization's senior leadership to:

Question154: An organization's HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges Which of the following would BEST enable regulatory compliance?

Question155: When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:

Question156: Reevaluation of risk is MOST critical when there is:

Question157: Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Question158: Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Question159: What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes?

Question160: Which of the following is MOST important when conducting a forensic investigation?

Question161: When drafting the corporate privacy statement for a public website, which of the following MUST be included?

Question162: Which of the following has the GREATEST influence on the successful integration of information security within the business?

Question163: An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

Question164: Which is following should be an information security manager's PRIMARY focus during the development of a critical system storing highly confidential data?

Question165: An online bank identifies a successful network attack in progress. The bank should FIRST:

Question166: Penetration testing is MOST appropriate when a:

Question167: Which of the following is the BEST way to enhance training for incident response teams?

Question168: Which of the following should be done FIRST once a cybersecurity attack has been confirmed?

Question169: Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?

Question170: Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Question171: In the context of developing an information security strategy, which of the following provides the MOST useful input to determine the or

Question172: The information security manager of a multinational organization has been asked to consolidate the information security policies of its regional locations. Which of the following would be of GREATEST concern?

Question173: From an information security perspective, legal issues associated with a transborder flow of technology-related items are MOST often

Question174: Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?

Question175: Which of the following BEST demonstrates that an anti-phishing campaign is effective?

Question176: In a call center, the BEST reason to conduct a social engineering is to:

Question177: Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Question178: Which of the following should include contact information for representatives of equipment and software vendors?

Question179: What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?

Question180: When assigning a risk owner, the MOST important consideration is to ensure the owner has:

Question181: Which of the following documents should contain the INITIAL prioritization of recovery of services?

Question182: Which of the following is the PRIMARY reason for granting a security exception?

Question183: Which of the following provides the BEST assurance that security policies are applied across business operations?

Question184: Which of the following is MOST important in order to obtain senior leadership support when presenting an information security strategy?

Question185: Which of the following would MOST effectively ensure that a new server is appropriately secured?

Question186: An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

Question187: Which of the following metrics is MOST appropriate for evaluating the incident notification process?

Question188: Which of the following BEST supports effective communication during information security incidents7

Question189: The PRIMARY advantage of involving end users in continuity planning is that they:

Question190: Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Question191: The PRIMARY purpose for continuous monitoring of security controls is to ensure:

Question192: An organization has remediated a security flaw in a system. Which of the following should be done NEXT?

Question193: Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9

Question194: Which of the following is MOST useful to an information security manager when determining the need to escalate an incident to senior?

Question195: Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?

Question196: Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?

Question197: Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?

Question198: Which of the following would provide the BEST evidence to senior management that security control performance has improved?

Question199: Which of the following is the FIRST step when conducting a post-incident review?

Question200: During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?

Question201: Which of the following is MOST important to include in monthly information security reports to the board?

Question202: The PRIMARY advantage of single sign-on (SSO) is that it will:

Question203: Which of the following BEST enables an organization to maintain legally admissible evidence7

Question204: Which of the following should be the PRIMARY objective of an information security governance framework?

Question205: Which of the following is the BEST justification for making a revision to a password policy?

Question206: An incident management team is alerted ta a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Question207: To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:

Question208: Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?

Question209: Which of the following would be an information security managers PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Question210: An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
* A bad actor broke into a business-critical FTP server by brute forcing an administrative password
* The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
* The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
* After three hours, the bad actor deleted the FTP directory, causing incoming FTP attempts by legitimate customers to fail Which of the following could have been prevented by conducting regular incident response testing?

Question211: Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

Question212: A risk owner has accepted a large amount of risk due to the high cost of controls. Which of the following should be the information security manager's PRIMARY focus in this situation?

Question213: Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

Question214: Which of the following is the BEST indication of information security strategy alignment with the "&

Question215: Which of the following is the PRIMARY objective of a cyber resilience strategy?

Question216: Which of the following is the BEST evidence of alignment between corporate and information security governance?

Question217: The contribution of recovery point objective (RPO) to disaster recovery is to:

Question218: An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:

Question219: Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?

Question220: A business requires a legacy version of an application to operate but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?

Question221: Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?

Question222: When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?

Question223: Which of the following should be the PRIMARY basis for determining the value of assets?

Question224: Which of the following is the BEST way to determine if an information security profile is aligned with business requirements?

Question225: A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

Question226: When establishing metrics for an information security program, the BEST approach is to identify indicators that:

Question227: The MOST important reason for having an information security manager serve on the change management committee is to:

Question228: Which of the following BEST facilitates effective strategic alignment of security initiatives?

Question229: The MOST important element in achieving executive commitment to an information security governance program is:

Question230: A PRIMARY purpose of creating security policies is to:

Question231: What type of control is being implemented when a security information and event management (SIEM) system is installed?

Question232: An information security manager has identified that security risks are not being treated in a timely manner.
Which of the following

Question233: Which of the following will BEST enable an effective information asset classification process?

Question234: Which of the following sources is MOST useful when planning a business-aligned information security program?

Question235: Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRI)?

Question236: Which of the following is the PRIMARY benefit of implementing an information security governance framework?

Question237: Which of the following analyses will BEST identify the external influences to an organization's information security?

Question238: Which of the following BEST supports information security management in the event of organizational changes in security personnel?

Question239: Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?

Question240: Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

Question241: Which of the following is MOST important to the effectiveness of an information security program?

Question242: Following an employee security awareness training program, what should be the expected outcome?

Question243: Which is MOST important to identify when developing an effective information security strategy?

Question244: Which of the following would BEST enable the timely execution of an incident response plan?

Question245: Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Question246: Which of the following is the MOST important outcome of effective risk treatment?

Question247: An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:

Question248: Which of the following BEST facilitates the effectiveness of cybersecurity incident response?

Question249: Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?

Question250: In addition to executive sponsorship and business alignment, which of the following is MOST critical for information security governance?

Question251: An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

Question252: An organization has introduced a new bring your own device (BYOD) program. The security manager has determined that a small number of employees are utilizing free cloud storage services to store company data through their mobile devices. Which of the following is the MOST effective course of action?

Question253: In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?

Question254: Which of the following metrics BEST measures the effectiveness of an organization's information security program?

Question255: An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security.
Which of the following should be given immediate focus?

Question256: An organization has acquired a company in a foreign country to gain an advantage in a new market Which of the following is the FIRST step the information security manager should take?

Question257: Which of the following should be the MOST important consideration when establishing information security policies for an organization?