EMT Practice Test

1. Question Content...


Question List

Question1: A control owner identifies that the organization's shared drive contains personally identifiable information (Pll) that can be accessed by all personnel. Which of the following is the MOST effective risk response?

Question2: Which of the following can be used to assign a monetary value to risk?

Question3: Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

Question4: Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question5: Which of the following is the PRIMARY factor in determining a recovery time objective (RTO)?

Question6: After undertaking a risk assessment of a production system, the MOST appropriate action is for the risk manager to:

Question7: Which of the following is the PRIMARY benefit of using an entry in the risk register to track the aggregate risk associated with server failure?

Question8: The GREATEST concern when maintaining a risk register is that:

Question9: From a risk management perspective, which of the following is the PRIMARY benefit of using automated system configuration validation tools?

Question10: Which of the following is MOST useful when communicating risk to management?

Question11: The PRIMARY reason for establishing various Threshold levels for a set of key risk indicators (KRIs) is to:

Question12: Which of the following is the MOST important data source for monitoring key risk indicators (KRIs)?

Question13: Which of the following changes would be reflected in an organization's risk profile after the failure of a critical patch implementation?

Question14: Which of the following would MOST likely drive the need to review and update key performance indicators (KPIs) for critical IT assets?

Question15: Which of the following is the MOST important requirement for monitoring key risk indicators (KRls) using log analysis?

Question16: Which of the following is MOST helpful in developing key risk indicator (KRl) thresholds?

Question17: Which of the following will BEST help to ensure that information system controls are effective?

Question18: A risk practitioner observes that the fraud detection controls in an online payment system do not perform as expected. Which of the following will MOST likely change as a result?

Question19: Which of the following is the GREATEST advantage of implementing a risk management program?

Question20: Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery plan (DRP)?

Question21: Participants in a risk workshop have become focused on the financial cost to mitigate risk rather than choosing the most appropriate response. Which of the following is the BEST way to address this type of issue in the long term?

Question22: During the initial risk identification process for a business application, it is MOST important to include which of the following stakeholders?

Question23: An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program. The PRIMARY goal of this program should be to:

Question24: Which of the following should be a risk practitioner s MOST important consideration when developing IT risk scenarios?

Question25: Which of the following would be MOST important for a risk practitioner to provide to the internal audit department during the audit planning process?

Question26: Which of the following would provide the BEST guidance when selecting an appropriate risk treatment plan?

Question27: To help ensure all applicable risk scenarios are incorporated into the risk register, it is MOST important to review the:

Question28: Which of the following will BEST help an organization evaluate the control environment of several third-party vendors?

Question29: A risk practitioner has determined that a key control does not meet design expectations. Which of the following should be done NEXT?

Question30: An organization has raised the risk appetite for technology risk. The MOST likely result would be:

Question31: What is the BEST information to present to business control owners when justifying costs related to controls?

Question32: Which of the following should be management's PRIMARY consideration when approving risk response action plans?

Question33: Which of the following is MOST important for an organization that wants to reduce IT operational risk?

Question34: After a risk has been identified, who is in the BEST position to select the appropriate risk treatment option?

Question35: Which of the following is the MOST important consideration when selecting key risk indicators (KRIs) to monitor risk trends over time?

Question36: Which of the following will BEST help an organization select a recovery strategy for critical systems?

Question37: When reviewing a report on the performance of control processes, it is MOST important to verify whether the:

Question38: Who is MOST likely to be responsible for the coordination between the IT risk strategy and the business risk strategy?

Question39: The FIRST task when developing a business continuity plan should be to:

Question40: Which of the following elements of a risk register is MOST likely to change as a result of change in management's risk appetite?

Question41: Which of the following would BEST enable mitigation of newly identified risk factors related to internet of Things (loT)?

Question42: Read" rights to application files in a controlled server environment should be approved by the:

Question43: Which of the following is the PRIMARY reason to perform ongoing risk assessments?

Question44: Before implementing instant messaging within an organization using a public solution, which of the following should be in place to mitigate data leakage risk?

Question45: Which of the following is MOST important for a risk practitioner to update when a software upgrade renders an existing key control ineffective?

Question46: A risk practitioner is summarizing the results of a high-profile risk assessment sponsored by senior management. The BEST way to support risk-based decisions by senior management would be to:

Question47: Risk management strategies are PRIMARILY adopted to:

Question48: Which of the following risk register updates is MOST important for senior management to review?

Question49: Which of the following helps ensure compliance with a nonrepudiation policy requirement for electronic transactions?

Question50: Which of the following is the BEST way to detect zero-day malware on an end user's workstation?

Question51: Which of the following will MOST improve stakeholders' understanding of the effect of a potential threat?

Question52: Which of the following is MOST critical to the design of relevant risk scenarios?

Question53: Which of the following BEST indicates that an organization has implemented IT performance requirements?

Question54: Which of the following will BEST ensure that information security risk factors are mitigated when developing in-house applications?

Question55: Which of the following is the BEST metric to demonstrate the effectiveness of an organization's change management process?

Question56: Which of the following is the GREATEST concern associated with redundant data in an organization's inventory system?

Question57: Controls should be defined during the design phase of system development because:

Question58: Which of the following observations would be GREATEST concern to a risk practitioner reviewing the implementation status of management action plans?

Question59: An organization's financial analysis department uses an in-house forecasting application for business projections. Who is responsible for defining access roles to protect the sensitive data within this application?

Question60: Which of the following provides The MOST useful information when determining a risk management program's maturity level?

Question61: Which of the following provides the MOST up-to-date information about the effectiveness of an organization's overall IT control environment?

Question62: Risk aggregation in a complex organization will be MOST successful when:

Question63: Which of the following is MOST important for developing effective key risk indicators (KRIs)?

Question64: Which of the following is the PRIMARY purpose of periodically reviewing an organization's risk profile?

Question65: Which of the following is the BEST measure of the effectiveness of an employee deprovisioning process?

Question66: Which of the following is MOST important to review when determining whether a potential IT service provider s control environment is effective?

Question67: A risk practitioner is assisting with the preparation of a report on the organization s disaster recovery (DR) capabilities. Which information would have the MOST impact on the overall recovery profile?

Question68: Which of the following is the BEST course of action when risk is found to be above the acceptable risk appetite?

Question69: A risk practitioner notices that a particular key risk indicator (KRI) has remained below its established trigger point for an extended period of time. Which of the following should be done FIRST?

Question70: The BEST way to improve a risk register is to ensure the register:

Question71: Which of the following is the MAIN reason for analyzing risk scenarios?

Question72: Which of the following is the PRIMARY role of a data custodian in the risk management process?

Question73: Which of the following would be considered a vulnerability?

Question74: A new regulator/ requirement imposes severe fines for data leakage involving customers' personally identifiable information (Pll). The risk practitioner has recommended avoiding the risk. Which of the following actions would BEST align with this recommendation?

Question75: An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question76: Which of the following is the BEST way to determine software license compliance?

Question77: When updating a risk register with the results of an IT risk assessment, the risk practitioner should log:

Question78: The PRIMARY purpose of a maturity model is to compare the:

Question79: A control for mitigating risk in a key business area cannot be implemented immediately. Which of the following is the risk practitioner's BEST course of action when a compensating control needs to be applied?

Question80: IT risk assessments can BEST be used by management:

Question81: What is the PRIMARY reason to periodically review key performance indicators (KPIs)?

Question82: When reviewing a business continuity plan (BCP). which of the following would be the MOST significant deficiency?

Question83: Which of the following is the MOST effective key performance indicator (KPI) for change management?

Question84: Which of the following is the BEST approach for determining whether a risk action plan is effective?

Question85: Which of the following is a crucial component of a key risk indicator (KRI) to ensure appropriate action is taken to mitigate risk?

Question86: The acceptance of control costs that exceed risk exposure is MOST likely an example of:

Question87: Which of the following is MOST helpful to review when identifying risk scenarios associated with the adoption of Internet of Things (loT) technology in an organization?

Question88: The PRIMARY basis for selecting a security control is:

Question89: Which of the following is the PRIMARY reason to have the risk management process reviewed by a third party?

Question90: Which of the following provides The BEST information when determining whether to accept residual risk of a critical system to be implemented?

Question91: Periodically reviewing and updating a risk register with details on identified risk factors PRIMARILY helps to:

Question92: Which of The following would offer the MOST insight with regard to an organization's risk culture?

Question93: A company has located its computer center on a moderate earthquake fault. Which of the following is the MOST important consideration when establishing a contingency plan and an alternate processing site?

Question94: Which of the following is MOST important when developing key performance indicators (KPIs)?

Question95: Which of the following is MOST influential when management makes risk response decisions?

Question96: An organization operates in an environment where reduced time-to-market for new software products is a top business priority. Which of the following should be the risk practitioner's GREATEST concern?

Question97: Which of the following would provide the MOST comprehensive information for updating an organization's risk register?

Question98: The risk associated with an asset before controls are applied can be expressed as:

Question99: During an IT department reorganization, the manager of a risk mitigation action plan was replaced. The new manager has begun implementing a new control after identifying a more effective option. Which of the following is the risk practitioner's BEST course of action?

Question100: A risk practitioner learns that the organization s industry is experiencing a trend of rising security incidents.
Which of the following is the BEST course of action?

Question101: Which of the following is a KEY responsibility of the second line of defense?

Question102: Which of the following BEST facilitates the development of effective IT risk scenarios?

Question103: Which of the following is the BEST way to identify changes to the risk landscape?

Question104: Which of the following BEST enables a proactive approach to minimizing the potential impact of unauthorized data disclosure?

Question105: Prudent business practice requires that risk appetite not exceed:

Question106: IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation. The BEST way to address this request would be to use:

Question107: A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet. What should be the risk practitioner's FIRST course of action?

Question108: The design of procedures to prevent fraudulent transactions within an enterprise resource planning (ERP) system should be based on:

Question109: Which of the following BEST describes the role of the IT risk profile in strategic IT-related decisions?

Question110: Which of the following BEST enables the risk profile to serve as an effective resource to support business objectives?

Question111: To help identify high-risk situations, an organization should:

Question112: Which of the following is the MOST effective way to help ensure an organization's current risk scenarios are relevant?

Question113: Which of the following is the GREATEST benefit to an organization when updates to the risk register are made promptly after the completion of a risk assessment?

Question114: Risk mitigation procedures should include:

Question115: What can be determined from the risk scenario chart?

Question116: What is MOST important for the risk practitioner to understand when creating an initial IT risk register?

Question117: Which of the following would be MOST helpful to an information security management team when allocating resources to mitigate exposures?

Question118: Which of the following should be the PRIMARY consideration when implementing controls for monitoring user activity logs?

Question119: A management team is on an aggressive mission to launch a new product to penetrate new markets and overlooks IT risk factors, threats, and vulnerabilities. This scenario BEST demonstrates an organization's risk:

Question120: The PRIMARY purpose of using control metrics is to evaluate the:

Question121: Which of the following is of GREATEST concern when uncontrolled changes are made to the control environment?

Question122: An organization is planning to engage a cloud-based service provider for some of its data-intensive business processes. Which of the following is MOST important to help define the IT risk associated with this outsourcing activity?

Question123: A recent internal risk review reveals the majority of core IT application recovery time objectives (RTOs) have exceeded the maximum time defined by the business application owners. Which of the following is MOST likely to change as a result?

Question124: An unauthorized individual has socially engineered entry into an organization's secured physical premises.
Which of the following is the BEST way to prevent future occurrences?

Question125: Which of the following is an IT business owner's BEST course of action following an unexpected increase in emergency changes?

Question126: An organization has granted a vendor access to its data in order to analyze customer behavior. Which of the following would be the MOST effective control to mitigate the risk of customer data leakage?

Question127: The BEST criteria when selecting a risk response is the:

Question128: Which of the following is the BEST course of action to reduce risk impact?

Question129: Which of the following IT controls is MOST useful in mitigating the risk associated with inaccurate data?

Question130: Which of the following will BEST help ensure that risk factors identified during an information systems review are addressed?

Question131: Which of the following would be a risk practitioner'$ BEST recommendation to help ensure cyber risk is assessed and reflected in the enterprise-level risk profile?

Question132: An application owner has specified the acceptable downtime in the event of an incident to be much lower than the actual time required for the response team to recover the application. Which of the following should be the NEXT course of action?

Question133: Which of the following would BEST help to ensure that suspicious network activity is identified?

Question134: An organization has decided to implement an emerging technology and incorporate the new capabilities into its strategic business plan. Business operations for the technology will be outsourced. What will be the risk practitioner's PRIMARY role during the change?

Question135: Which of the following is the MOST critical element to maximize the potential for a successful security implementation?

Question136: A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:

Question137: Which of the following is the PRIMARY reason for monitoring activities performed in a production database environment?

Question138: Which of the following is MOST important for a risk practitioner to ensure once a risk action plan has been completed?

Question139: A contract associated with a cloud service provider MUST include:

Question140: Which of the following is the BEST indication of the effectiveness of a business continuity program?

Question141: Which of the following would be MOST helpful when estimating the likelihood of negative events?

Question142: Which of the following is the BEST measure of the effectiveness of an employee deprovisioning process?

Question143: Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of an anti-virus program?

Question144: Which of the following is the PRIMARY reason to establish the root cause of an IT security incident?

Question145: Which of the following would be the BEST key performance indicator (KPI) for monitoring the effectiveness of the IT asset management process?

Question146: Of the following, who should be responsible for determining the inherent risk rating of an application?

Question147: Implementing which of the following controls would BEST reduce the impact of a vulnerability that has been exploited?

Question148: When collecting information to identify IT-related risk, a risk practitioner should FIRST focus on IT:

Question149: Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?

Question150: A business manager wants to leverage an existing approved vendor solution from another area within the organization. Which of the following is the risk practitioner's BEST course of action?

Question151: Deviation from a mitigation action plan's completion date should be determined by which of the following?

Question152: The MAIN purpose of conducting a control self-assessment (CSA) is to:

Question153: Which of the following BEST measures the efficiency of an incident response process?

Question154: Which of the following would be MOST helpful to a risk practitioner when ensuring that mitigated risk remains within acceptable limits?

Question155: Which of the following is MOST essential for an effective change control environment?

Question156: Which of the following is the MOST important characteristic of an effective risk management program?

Question157: The BEST way to obtain senior management support for investment in a control implementation would be to articulate the reduction in:

Question158: When testing the security of an IT system, il is MOST important to ensure that;

Question159: Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?

Question160: Calculation of the recovery time objective (RTO) is necessary to determine the:

Question161: Who is BEST suited to determine whether a new control properly mitigates data loss risk within a system?

Question162: Which of the following risk management practices BEST facilitates the incorporation of IT risk scenarios into the enterprise-wide risk register?

Question163: From a business perspective, which of the following is the MOST important objective of a disaster recovery test?

Question164: Which of the following is the MOST important factor when deciding on a control to mitigate risk exposure?

Question165: Which of the following would be MOST useful to senior management when determining an appropriate risk response?

Question166: Sensitive data has been lost after an employee inadvertently removed a file from the premises, in violation of organizational policy. Which of the following controls MOST likely failed?

Question167: When assessing the maturity level of an organization's risk management framework, which of the following deficiencies should be of GREATEST concern to a risk practitioner?

Question168: Which of the following is the BEST measure of the effectiveness of an employee deprovisioning process?

Question169: Which of the following would MOST likely cause a risk practitioner to reassess risk scenarios?

Question170: An organization uses a vendor to destroy hard drives. Which of the following would BEST reduce the risk of data leakage?

Question171: An organizations chief technology officer (CTO) has decided to accept the risk associated with the potential loss from a denial-of-service (DoS) attack. In this situation, the risk practitioner's BEST course of action is to:

Question172: A risk practitioner is reporting on an increasing trend of ransomware attacks in the industry. Which of the following information is MOST important to include to enable an informed response decision by key stakeholders?

Question173: For no apparent reason, the time required to complete daily processing for a legacy application is approaching a risk threshold. Which of the following activities should be performed FIRST?

Question174: Which of the following should a risk practitioner do FIRST when an organization decides to use a cloud service?

Question175: A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?

Question176: Which of The following is the MOST relevant information to include in a risk management strategy?

Question177: IT disaster recovery point objectives (RPOs) should be based on the:

Question178: When reviewing a risk response strategy, senior management's PRIMARY focus should be placed on the:

Question179: The head of a business operations department asks to review the entire IT risk register. Which of the following would be the risk manager s BEST approach to this request before sharing the register?

Question180: A control owner has completed a year-long project To strengthen existing controls. It is MOST important for the risk practitioner to:

Question181: The MOST important reason to aggregate results from multiple risk assessments on interdependent information systems is to:

Question182: An organization has received notification that it is a potential victim of a cybercrime that may have compromised sensitive customer data. What should be The FIRST course of action?

Question183: It is MOST appropriate for changes to be promoted to production after they are;

Question184: Which of the following is the BEST way to support communication of emerging risk?

Question185: Which of the following would be MOST useful when measuring the progress of a risk response action plan?

Question186: Which of the following is the MOST important consideration when determining whether to accept residual risk after security controls have been implemented on a critical system?

Question187: An organization has introduced risk ownership to establish clear accountability for each process. To ensure effective risk ownership, it is MOST important that:

Question188: The PRIMARY reason for periodic penetration testing of Internet-facing applications is to:

Question189: An audit reveals that there are changes in the environment that are not reflected in the risk profile. Which of the following is the BEST course of action?

Question190: The number of tickets to rework application code has significantly exceeded the established threshold. Which of the following would be the risk practitioner s BEST recommendation?

Question191: An organization is increasingly concerned about loss of sensitive data and asks the risk practitioner to assess the current risk level. Which of the following should the risk practitioner do FIRST?

Question192: What is the GREATEST concern with maintaining decentralized risk registers instead of a consolidated risk register?

Question193: A key risk indicator (KRI) threshold has reached the alert level, indicating data leakage incidents are highly probable. What should be the risk practitioner's FIRST course of action?

Question194: Which of the following is MOST important for an organization to have in place when developing a risk management framework?

Question195: A key risk indicator (KRI) indicates a reduction in the percentage of appropriately patched servers. Which of the following is the risk practitioner's BEST course of action?

Question196: Following a significant change to a business process, a risk practitioner believes the associated risk has been reduced. The risk practitioner should advise the risk owner to FIRST

Question197: Which of the following is the BEST indication of an effective risk management program?

Question198: Which of the following provides the MOST helpful reference point when communicating the results of a risk assessment to stakeholders?

Question199: The MOST essential content to include in an IT risk awareness program is how to:

Question200: An organization has identified that terminated employee accounts are not disabled or deleted within the time required by corporate policy. Unsure of the reason, the organization has decided to monitor the situation for three months to obtain more information. As a result of this decision, the risk has been:

Question201: Which of the following is the MOST important information to be communicated during security awareness training?

Question202: The BEST metric to monitor the risk associated with changes deployed to production is the percentage of:

Question203: Which of the following would be of GREATEST concern to a risk practitioner reviewing current key risk indicators (KRIs)?

Question204: From a risk management perspective, the PRIMARY objective of using maturity models is to enable:

Question205: Which of the following is MOST important for a risk practitioner to consider when evaluating plans for changes to IT services?

Question206: Which of the following would BEST help secure online financial transactions from improper users?

Question207: When updating the risk register after a risk assessment, which of the following is MOST important to include?

Question208: An organization is considering allowing users to access company data from their personal devices. Which of the following is the MOST important factor when assessing the risk?

Question209: Which of the following is the MAIN reason for documenting the performance of controls?

Question210: Which of the following should be an element of the risk appetite of an organization?

Question211: An IT organization is replacing the customer relationship management (CRM) system. Who should own the risk associated with customer data leakage caused by insufficient IT security controls for the new system?

Question212: An internal audit report reveals that not all IT application databases have encryption in place. Which of the following information would be MOST important for assessing the risk impact?

Question213: During a control review, the control owner states that an existing control has deteriorated over time. What is the BEST recommendation to the control owner?

Question214: Which of the following is MOST important to the integrity of a security log?

Question215: Who should be accountable for monitoring the control environment to ensure controls are effective?

Question216: Management has required information security awareness training to reduce the risk associated with credential compromise. What is the BEST way to assess the effectiveness of the training?

Question217: Implementing which of the following will BEST help ensure that systems comply with an established baseline before deployment?

Question218: Which of the following provides the BEST measurement of an organization's risk management maturity level?

Question219: Which of the following BEST contributes to the implementation of an effective risk response action plan?

Question220: The maturity of an IT risk management program is MOST influenced by:

Question221: Which of the following is the BEST evidence that risk management is driving business decisions in an organization?

Question222: An organization with a large number of applications wants to establish a security risk assessment program.
Which of the following would provide the MOST useful information when determining the frequency of risk assessments?

Question223: Reviewing which of the following provides the BEST indication of an organizations risk tolerance?

Question224: In addition to the risk register, what should a risk practitioner review to develop an understanding of the organization's risk profile?

Question225: Which of the following will BEST mitigate the risk associated with IT and business misalignment?