EMT Practice Test

1. Question Content...


Question List

Question1: An effective control environment is BEST indicated by controls that:

Question2: Which of the following MUST be assessed before considering risk treatment options for a scenario with significant impact?

Question3: The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:

Question4: Who should be responsible for implementing and maintaining security controls?

Question5: An organization is considering allowing users to access company data from their personal devices. Which of the following is the MOST important factor when assessing the risk?

Question6: Which of the following can be interpreted from a single data point on a risk heat map?

Question7: Risk management strategies are PRIMARILY adopted to:

Question8: An IT control gap has been identified in a key process. Who would be the MOST appropriate owner of the risk associated with this gap?

Question9: In addition to the risk register, what should a risk practitioner review to develop an understanding of the organization's risk profile?

Question10: Several network user accounts were recently created without the required management approvals. Which of the following would be the risk practitioner's BEST recommendation to address this situation?

Question11: From a risk management perspective, the PRIMARY objective of using maturity models is to enable:

Question12: Which of the following should be the PRIMARY focus of a risk owner once a decision is made to mitigate a risk?

Question13: To help identify high-risk situations, an organization should:

Question14: Which of the following would be MOST relevant to stakeholders regarding ineffective control implementation?

Question15: Which of the following is MOST useful when communicating risk to management?

Question16: Which of the following should be the PRIMARY objective of a risk awareness training program?

Question17: Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?

Question18: Which of the following is the GREATEST advantage of implementing a risk management program?

Question19: Which of the following is the GREATEST concern associated with the transmission of healthcare data across the internet?

Question20: Which of The following is the MOST relevant information to include in a risk management strategy?

Question21: Which of the following risk scenarios would be the GREATEST concern as a result of a single sign-on implementation?

Question22: Improvements in the design and implementation of a control will MOST likely result in an update to:

Question23: Employees are repeatedly seen holding the door open for others, so that trailing employees do not have to stop and swipe their own ID badges. This behavior BEST represents:

Question24: Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?

Question25: An organization has decided to implement an emerging technology and incorporate the new capabilities into its strategic business plan. Business operations for the technology will be outsourced. What will be the risk practitioner's PRIMARY role during the change?

Question26: Which of the following is the PRIMARY role of the board of directors in corporate risk governance?

Question27: Which of the following data would be used when performing a business impact analysis (BIA)?

Question28: A risk practitioner learns that the organization s industry is experiencing a trend of rising security incidents.
Which of the following is the BEST course of action?

Question29: Implementing which of the following will BEST help ensure that systems comply with an established baseline before deployment?

Question30: A risk owner has identified a risk with high impact and very low likelihood. The potential loss is covered by insurance. Which of the following should the risk practitioner do NEXT?

Question31: Which of the following BEST indicates that an organizations risk management program is effective?

Question32: An organization is preparing to transfer a large number of customer service representatives to the sales department. Of the following, who is responsible for mitigating the risk associated with residual system access?

Question33: An organization has just implemented changes to close an identified vulnerability that impacted a critical business process. What should be the NEXT course of action?

Question34: Which of the following is the BEST way to identify changes to the risk landscape?

Question35: Which of the following is a KEY outcome of risk ownership?

Question36: During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?

Question37: When communicating changes in the IT risk profile, which of the following should be included to BEST enable stakeholder decision making?

Question38: An identified high probability risk scenario involving a critical, proprietary business function has an annualized cost of control higher than the annual loss expectancy. Which of the following is the BEST risk response?

Question39: To reduce the risk introduced when conducting penetration tests, the BEST mitigating control would be to:

Question40: IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation. The BEST way to address this request would be to use:

Question41: Which of the following BEST describes the role of the IT risk profile in strategic IT-related decisions?

Question42: A review of an organization s controls has determined its data loss prevention {DLP) system is currently failing to detect outgoing emails containing credit card data. Which of the following would be MOST impacted?

Question43: The implementation of a risk treatment plan will exceed the resources originally allocated for the risk response. Which of the following should be the risk owner's NEXT action?

Question44: A risk practitioner has learned that an effort to implement a risk mitigation action plan has stalled due to lack of funding. The risk practitioner should report that the associated risk has been:

Question45: An organization has completed a project to implement encryption on all databases that host customer data.
Which of the following elements of the risk register should be updated the reflect this change?

Question46: Which of the following is the MOST important factor when deciding on a control to mitigate risk exposure?

Question47: Which of the following is the PRIMARY factor in determining a recovery time objective (RTO)?

Question48: An IT organization is replacing the customer relationship management (CRM) system. Who should own the risk associated with customer data leakage caused by insufficient IT security controls for the new system?

Question49: Which of the following would provide the MOST objective assessment of the effectiveness of an organization's security controls?

Question50: Which of the following is the BEST key performance indicator (KPI) for determining how well an IT policy is aligned to business requirements?

Question51: When evaluating enterprise IT risk management it is MOST important to:

Question52: An organization is considering adopting artificial intelligence (Al). Which of the following is the risk practitioner's MOST important course of action?

Question53: Which of the following should be the PRIMARY objective of a risk awareness training program?

Question54: Which of the following would present the GREATEST challenge when assigning accountability for control ownership?

Question55: Which of the following is the BEST evidence that a user account has been properly authorized?

Question56: A global organization is planning to collect customer behavior data through social media advertising. Which of the following is the MOST important business risk to be considered?

Question57: Within the three lines of defense model, the accountability for the system of internal control resides with:

Question58: Which of the following statements BEST describes risk appetite?

Question59: Which of the following is the BEST indication of a mature organizational risk culture?

Question60: Which of the following is MOST important to ensure when continuously monitoring the performance of a client-facing application?

Question61: Which of the following BEST reduces the probability of laptop theft?

Question62: Which of the following would be a risk practitioners BEST recommendation for preventing cyber intrusion?

Question63: An upward trend in which of the following metrics should be of MOST concern?

Question64: An organization has initiated a project to implement an IT risk management program for the first time. The BEST time for the risk practitioner to start populating the risk register is when:

Question65: The BEST way to obtain senior management support for investment in a control implementation would be to articulate the reduction in:

Question66: Which of the following provides the BEST evidence that risk responses have been executed according to their risk action plans?

Question67: An organization has opened a subsidiary in a foreign country. Which of the following would be the BEST way to measure the effectiveness of the subsidiary's IT systems controls?

Question68: Which of the following should be the PRIMARY objective of promoting a risk-aware culture within an organization?

Question69: The BEST criteria when selecting a risk response is the:

Question70: Which of the following is the BEST way to detect zero-day malware on an end user's workstation?

Question71: A risk practitioner observes that the fraud detection controls in an online payment system do not perform as expected. Which of the following will MOST likely change as a result?

Question72: Which of the following is the MOST important foundational element of an effective three lines of defense model for an organization?

Question73: Which of the following is the MAIN reason for analyzing risk scenarios?

Question74: An organization learns of a new ransomware attack affecting organizations worldwide. Which of the following should be done FIRST to reduce the likelihood of infection from the attack?

Question75: Which of the following changes would be reflected in an organization's risk profile after the failure of a critical patch implementation?

Question76: The BEST reason to classify IT assets during a risk assessment is to determine the:

Question77: A bank wants to send a critical payment order via email to one of its offshore branches. Which of the following is the BEST way to ensure the message reaches the intended recipient without alteration?

Question78: A risk owner has accepted a high-impact risk because the control was adversely affecting process efficiency.
Before updating the risk register, it is MOST important for the risk practitioner to:

Question79: Which of the following is MOST important when developing key performance indicators (KPIs)?

Question80: Which of the following is the MOST important component of effective security incident response?

Question81: Which of the following is the MOST important consideration when performing a risk assessment of a fire suppression system within a data center?

Question82: Which of the following would MOST effectively enable a business operations manager to identify events exceeding risk thresholds?

Question83: The PRIMARY reason to have risk owners assigned to entries in the risk register is to ensure:

Question84: A risk practitioner has determined that a key control does not meet design expectations. Which of the following should be done NEXT?

Question85: The MAIN reason for creating and maintaining a risk register is to:

Question86: It is MOST appropriate for changes to be promoted to production after they are;

Question87: Which type of cloud computing deployment provides the consumer the GREATEST degree of control over the environment?

Question88: The PRIMARY purpose of a maturity model is to compare the:

Question89: Which of the following should be a risk practitioner s MOST important consideration when developing IT risk scenarios?

Question90: Which of the following BEST contributes to the implementation of an effective risk response action plan?

Question91: Which of the following is the BEST course of action to reduce risk impact?

Question92: An organization is measuring the effectiveness of its change management program to reduce the number of unplanned production changes. Which of the following would be the BEST metric to determine if the program is performing as expected?

Question93: After a high-profile systems breach at an organization s key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:
After a high-profile systems breach at an organization s key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:
Which of the assessments provides the MOST reliable input to evaluate residual risk in the vendor's control environment?

Question94: Which of the following will be MOST effective to mitigate the risk associated with the loss of company data stored on personal devices?

Question95: Which of the following is the MOST important consideration for a risk practitioner when making a system implementation go-live recommendation?

Question96: Which of the following is the MOST important data source for monitoring key risk indicators (KRIs)?

Question97: A risk practitioner is summarizing the results of a high-profile risk assessment sponsored by senior management. The BEST way to support risk-based decisions by senior management would be to:

Question98: Which of the following is the PRIMARY reason for monitoring activities performed in a production database environment?

Question99: Which of the following should be management's PRIMARY consideration when approving risk response action plans?

Question100: Which of the following is the MOST important benefit of key risk indicators (KRIs)'

Question101: Which of the following would provide the MOST comprehensive information for updating an organization's risk register?

Question102: Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?

Question103: Which of the following is performed after a risk assessment is completed?

Question104: While evaluating control costs, management discovers that the annual cost exceeds the annual loss expectancy (ALE) of the risk. This indicates the:

Question105: Which of the following BEST helps to identify significant events that could impact an organization?
Vulnerability analysis

Question106: Which of the following would be a weakness in procedures for controlling the migration of changes to production libraries?

Question107: Which of the following would BEST help to ensure that identified risk is efficiently managed?

Question108: Periodically reviewing and updating a risk register with details on identified risk factors PRIMARILY helps to:

Question109: Which of the following should be the PRIMARY input when designing IT controls?

Question110: During an IT department reorganization, the manager of a risk mitigation action plan was replaced. The new manager has begun implementing a new control after identifying a more effective option. Which of the following is the risk practitioner's BEST course of action?

Question111: Which of the following is the MOST effective way to integrate risk and compliance management?

Question112: An organizations chief technology officer (CTO) has decided to accept the risk associated with the potential loss from a denial-of-service (DoS) attack. In this situation, the risk practitioner's BEST course of action is to:

Question113: The PRIMARY benefit of conducting continuous monitoring of access controls is the ability to identify:

Question114: Which of the following should be considered FIRST when assessing risk associated with the adoption of emerging technologies?

Question115: Which of the following BEST enables a risk practitioner to enhance understanding of risk among stakeholders?

Question116: An IT risk practitioner has determined that mitigation activities differ from an approved risk action plan.
Which of the following is the risk practitioner's BEST course of action?

Question117: An application owner has specified the acceptable downtime in the event of an incident to be much lower than the actual time required for the response team to recover the application. Which of the following should be the NEXT course of action?

Question118: Accountability for a particular risk is BEST represented in a:

Question119: A risk practitioner is assisting with the preparation of a report on the organization s disaster recovery (DR) capabilities. Which information would have the MOST impact on the overall recovery profile?

Question120: The BEST way to demonstrate alignment of the risk profile with business objectives is through:

Question121: When reviewing a report on the performance of control processes, it is MOST important to verify whether the:

Question122: A risk practitioner notices a trend of noncompliance with an IT-related control. Which of the following would BEST assist in making a recommendation to management?

Question123: Which of the following would be a risk practitioner'$ BEST recommendation to help ensure cyber risk is assessed and reflected in the enterprise-level risk profile?

Question124: Which of the following is the BEST indication of an improved risk-aware culture following the implementation of a security awareness training program for all employees?

Question125: Which of the following is the PRIMARY reason for an organization to ensure the risk register is updated regularly?

Question126: A risk assessment has identified that departments have installed their own WiFi access points on the enterprise network. Which of the following would be MOST important to include in a report to senior management?

Question127: Which of the following observations would be GREATEST concern to a risk practitioner reviewing the implementation status of management action plans?

Question128: Which of the following would be MOST helpful to a risk owner when making risk-aware decisions?

Question129: The MAIN purpose of conducting a control self-assessment (CSA) is to:

Question130: Which of The following is the BEST way to confirm whether appropriate automated controls are in place within a recently implemented system?

Question131: A risk practitioner is organizing a training session lo communicate risk assessment methodologies to ensure a consistent risk view within the organization Which of the following i< the MOST important topic to cover in this training?

Question132: Which of the following is the BEST way to validate the results of a vulnerability assessment?

Question133: Which of the following is the PRIMARY reason for conducting peer reviews of risk analysis?

Question134: The PRIMARY objective of The board of directors periodically reviewing the risk profile is to help ensure:

Question135: Which of the following should be included in a risk scenario to be used for risk analysis?

Question136: The PRIMARY objective for selecting risk response options is to:

Question137: Which of the following is the MOST important outcome of reviewing the risk management process?

Question138: Which of the following should be considered when selecting a risk response?

Question139: Who is BEST suited to determine whether a new control properly mitigates data loss risk within a system?

Question140: When reviewing a risk response strategy, senior management's PRIMARY focus should be placed on the:

Question141: Which of the following is a PRIMARY benefit of engaging the risk owner during the risk assessment process?

Question142: An organization with a large number of applications wants to establish a security risk assessment program.
Which of the following would provide the MOST useful information when determining the frequency of risk assessments?

Question143: Which of the following conditions presents the GREATEST risk to an application?

Question144: An organization has outsourced a critical process involving highly regulated data to a third party with servers located in a foreign country. Who is accountable for the confidentiality of this data?

Question145: Which of the following is the PRIMARY benefit of identifying and communicating with stakeholders at the onset of an IT risk assessment?

Question146: Which of the following BEST confirms the existence and operating effectiveness of information systems controls?

Question147: Which of the following is MOST important for a risk practitioner to update when a software upgrade renders an existing key control ineffective?

Question148: Which of the following should be the HIGHEST priority when developing a risk response?

Question149: Which of the following resources is MOST helpful when creating a manageable set of IT risk scenarios?

Question150: Which of the following is the GREATEST concern when using a generic set of IT risk scenarios for risk analysis?

Question151: Which of the following is of GREATEST concern when uncontrolled changes are made to the control environment?

Question152: When using a third party to perform penetration testing, which of the following is the MOST important control to minimize operational impact?

Question153: During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?

Question154: Which of the following would be of GREATEST assistance when justifying investment in risk response strategies?

Question155: An organization is planning to acquire a new financial system. Which of the following stakeholders would provide the MOST relevant information for analyzing the risk associated with the new IT solution?

Question156: Which of these documents is MOST important to request from a cloud service provider during a vendor risk assessment?

Question157: An organization has outsourced its backup and recovery procedures to a third-party cloud provider. Which of the following is the risk practitioner s BEST course of action?

Question158: Which of the following should be initiated when a high number of noncompliant conditions are observed during review of a control procedure?

Question159: An organization has engaged a third party to provide an Internet gateway encryption service that protects sensitive data uploaded to a cloud service. This is an example of risk:

Question160: An organization has raised the risk appetite for technology risk. The MOST likely result would be:

Question161: Which of the following is MOST important to sustainable development of secure IT services?

Question162: Which of the following provides The MOST useful information when determining a risk management program's maturity level?

Question163: A newly enacted information privacy law significantly increases financial penalties for breaches of personally identifiable information (Pll). Which of the following will MOST likely outcome for an organization affected by the new law?

Question164: Which of the following statements in an organization's current risk profile report is cause for further action by senior management?

Question165: A large organization is replacing its enterprise resource planning (ERP) system and has decided not to deploy the payroll module of the new system. Instead, the current payroll system will continue to be used. Of the following, who should own the risk if the ERP and payroll system fail to operate as expected?

Question166: Which of the following would be MOST helpful when estimating the likelihood of negative events?

Question167: Which of the following is the BEST evidence that risk management is driving business decisions in an organization?

Question168: Which of the following methods is the BEST way to measure the effectiveness of automated information security controls prior to going live?

Question169: An organization has determined a risk scenario is outside the defined risk tolerance level. What should be the NEXT course of action?

Question170: Which of the following BEST helps to balance the costs and benefits of managing IT risk?

Question171: To help ensure all applicable risk scenarios are incorporated into the risk register, it is MOST important to review the:

Question172: Which of the following should be the PRIMARY consideration when implementing controls for monitoring user activity logs?

Question173: The BEST key performance indicator (KPI) to measure the effectiveness of a vulnerability remediation program is the number of:

Question174: An internal audit report reveals that not all IT application databases have encryption in place. Which of the following information would be MOST important for assessing the risk impact?

Question175: Which of the following would provide the BEST guidance when selecting an appropriate risk treatment plan?

Question176: The MAIN goal of the risk analysis process is to determine the:

Question177: What is the MOST important consideration when aligning IT risk management with the enterprise risk management (ERM) framework?

Question178: Which of the following is MOST important to enable well-informed cybersecurity risk decisions?

Question179: Which of the following indicates an organization follows IT risk management best practice?

Question180: Which of the following BEST indicates the efficiency of a process for granting access privileges?

Question181: A monthly payment report is generated from the enterprise resource planning (ERP) software to validate data against the old and new payroll systems. What is the BEST way to mitigate the risk associated with data integrity loss in the new payroll system after data migration?

Question182: When collecting information to identify IT-related risk, a risk practitioner should FIRST focus on IT:

Question183: A PRIMARY advantage of involving business management in evaluating and managing risk is that management:

Question184: The BEST way to test the operational effectiveness of a data backup procedure is to:

Question185: Which of the following is MOST important for an organization that wants to reduce IT operational risk?

Question186: What is the GREATEST concern with maintaining decentralized risk registers instead of a consolidated risk register?

Question187: Which of the following approaches will BEST help to ensure the effectiveness of risk awareness training?

Question188: Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

Question189: Which of the following is MOST important when developing risk scenarios?

Question190: Which of the following will BEST help an organization evaluate the control environment of several third-party vendors?

Question191: An organization has introduced risk ownership to establish clear accountability for each process. To ensure effective risk ownership, it is MOST important that:

Question192: Which of the following is the MOST important element of a successful risk awareness training program?

Question193: Which of the following helps ensure compliance with a nonrepudiation policy requirement for electronic transactions?

Question194: An organization's internal audit department is considering the implementation of robotics process automation (RPA) to automate certain continuous auditing tasks. Who would own the risk associated with ineffective design of the software bots?

Question195: An organization has four different projects competing for funding to reduce overall IT risk. Which project should management defer?

Question196: A management team is on an aggressive mission to launch a new product to penetrate new markets and overlooks IT risk factors, threats, and vulnerabilities. This scenario BEST demonstrates an organization's risk:

Question197: Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?

Question198: An organization has implemented a preventive control to lock user accounts after three unsuccessful login attempts. This practice has been proven to be unproductive, and a change in the control threshold value has been recommended. Who should authorize changing this threshold?

Question199: A risk practitioner observes that hardware failure incidents have been increasing over the last few months.
However, due to built-in redundancy and fault-tolerant architecture, there have been no interruptions to business operations. The risk practitioner should conclude that:

Question200: The risk associated with a high-risk vulnerability in an application is owned by the:

Question201: An organization delegates its data processing to the internal IT team to manage information through its applications. Which of the following is the role of the internal IT team in this situation?

Question202: Which of the following should be a risk practitioner's NEXT action after identifying a high probability of data loss in a system?

Question203: For no apparent reason, the time required to complete daily processing for a legacy application is approaching a risk threshold. Which of the following activities should be performed FIRST?

Question204: A new regulator/ requirement imposes severe fines for data leakage involving customers' personally identifiable information (Pll). The risk practitioner has recommended avoiding the risk. Which of the following actions would BEST align with this recommendation?

Question205: Which of the following would be MOST helpful to an information security management team when allocating resources to mitigate exposures?

Question206: Which of the following will BEST support management repotting on risk?

Question207: Which of the following is the PRIMARY reason to have the risk management process reviewed by a third party?

Question208: Which of the following risk management practices BEST facilitates the incorporation of IT risk scenarios into the enterprise-wide risk register?

Question209: Who is the MOST appropriate owner for newly identified IT risk?

Question210: The PRIMARY advantage of implementing an IT risk management framework is the:

Question211: The MOST essential content to include in an IT risk awareness program is how to:

Question212: The PRIMARY objective for requiring an independent review of an organization's IT risk management process should be to:

Question213: Which of the following is the BEST way for a risk practitioner to help management prioritize risk response?

Question214: The PRIMARY reason for periodically monitoring key risk indicators (KRIs) is to:

Question215: The MOST effective way to increase the likelihood that risk responses will be implemented is to:

Question216: When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question217: Which of the following is the BEST course of action when risk is found to be above the acceptable risk appetite?

Question218: A recent internal risk review reveals the majority of core IT application recovery time objectives (RTOs) have exceeded the maximum time defined by the business application owners. Which of the following is MOST likely to change as a result?

Question219: UESTION NO:
The PRIMARY benefit associated with key risk indicators (KRls) is that they

Question220: Which of the following is the GREATEST benefit of analyzing logs collected from different systems?

Question221: A control owner identifies that the organization's shared drive contains personally identifiable information (Pll) that can be accessed by all personnel. Which of the following is the MOST effective risk response?

Question222: A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. Of the following, who should be accountable?

Question223: Which of the following BEST enables a proactive approach to minimizing the potential impact of unauthorized data disclosure?

Question224: An application runs a scheduled job that compiles financial data from multiple business systems and updates the financial reporting system. If this job runs too long, it can delay financial reporting. Which of the following is the risk practitioner's BEST recommendation?

Question225: Which of the following will BEST mitigate the risk associated with IT and business misalignment?