EMT Practice Test
1. Question Content...
Question2: Which of the following can be used to assign a monetary value to risk?
Question8: The GREATEST concern when maintaining a risk register is that:
Question10: Which of the following is MOST useful when communicating risk to management?
Question39: The FIRST task when developing a business continuity plan should be to:
Question43: Which of the following is the PRIMARY reason to perform ongoing risk assessments?
Question47: Risk management strategies are PRIMARILY adopted to:
Question52: Which of the following is MOST critical to the design of relevant risk scenarios?
Question57: Controls should be defined during the design phase of system development because:
Question62: Risk aggregation in a complex organization will be MOST successful when:
Question70: The BEST way to improve a risk register is to ensure the register:
Question71: Which of the following is the MAIN reason for analyzing risk scenarios?
Question73: Which of the following would be considered a vulnerability?
Question76: Which of the following is the BEST way to determine software license compliance?
Question78: The PRIMARY purpose of a maturity model is to compare the:
Question80: IT risk assessments can BEST be used by management:
Question81: What is the PRIMARY reason to periodically review key performance indicators (KPIs)?
Question86: The acceptance of control costs that exceed risk exposure is MOST likely an example of:
Question88: The PRIMARY basis for selecting a security control is:
Question98: The risk associated with an asset before controls are applied can be expressed as:
Question101: Which of the following is a KEY responsibility of the second line of defense?
Question102: Which of the following BEST facilitates the development of effective IT risk scenarios?
Question103: Which of the following is the BEST way to identify changes to the risk landscape?
Question105: Prudent business practice requires that risk appetite not exceed:
Question111: To help identify high-risk situations, an organization should:
Question114: Risk mitigation procedures should include:
Question115: What can be determined from the risk scenario chart?
Question120: The PRIMARY purpose of using control metrics is to evaluate the:
Question127: The BEST criteria when selecting a risk response is the:
Question128: Which of the following is the BEST course of action to reduce risk impact?
Question139: A contract associated with a cloud service provider MUST include:
Question152: The MAIN purpose of conducting a control self-assessment (CSA) is to:
Question153: Which of the following BEST measures the efficiency of an incident response process?
Question155: Which of the following is MOST essential for an effective change control environment?
Question158: When testing the security of an IT system, il is MOST important to ensure that;
Question160: Calculation of the recovery time objective (RTO) is necessary to determine the:
Question177: IT disaster recovery point objectives (RPOs) should be based on the:
Question183: It is MOST appropriate for changes to be promoted to production after they are;
Question184: Which of the following is the BEST way to support communication of emerging risk?
Question197: Which of the following is the BEST indication of an effective risk management program?
Question199: The MOST essential content to include in an IT risk awareness program is how to:
Question209: Which of the following is the MAIN reason for documenting the performance of controls?
Question210: Which of the following should be an element of the risk appetite of an organization?
Question214: Which of the following is MOST important to the integrity of a security log?
Question220: The maturity of an IT risk management program is MOST influenced by: