EMT Practice Test
1. Question Content...
Question1: An effective control environment is BEST indicated by controls that:
Question4: Who should be responsible for implementing and maintaining security controls?
Question6: Which of the following can be interpreted from a single data point on a risk heat map?
Question7: Risk management strategies are PRIMARILY adopted to:
Question13: To help identify high-risk situations, an organization should:
Question15: Which of the following is MOST useful when communicating risk to management?
Question34: Which of the following is the BEST way to identify changes to the risk landscape?
Question35: Which of the following is a KEY outcome of risk ownership?
Question51: When evaluating enterprise IT risk management it is MOST important to:
Question58: Which of the following statements BEST describes risk appetite?
Question59: Which of the following is the BEST indication of a mature organizational risk culture?
Question61: Which of the following BEST reduces the probability of laptop theft?
Question63: An upward trend in which of the following metrics should be of MOST concern?
Question69: The BEST criteria when selecting a risk response is the:
Question73: Which of the following is the MAIN reason for analyzing risk scenarios?
Question76: The BEST reason to classify IT assets during a risk assessment is to determine the:
Question85: The MAIN reason for creating and maintaining a risk register is to:
Question86: It is MOST appropriate for changes to be promoted to production after they are;
Question88: The PRIMARY purpose of a maturity model is to compare the:
Question91: Which of the following is the BEST course of action to reduce risk impact?
Question100: Which of the following is the MOST important benefit of key risk indicators (KRIs)'
Question103: Which of the following is performed after a risk assessment is completed?
Question109: Which of the following should be the PRIMARY input when designing IT controls?
Question118: Accountability for a particular risk is BEST represented in a:
Question129: The MAIN purpose of conducting a control self-assessment (CSA) is to:
Question136: The PRIMARY objective for selecting risk response options is to:
Question138: Which of the following should be considered when selecting a risk response?
Question143: Which of the following conditions presents the GREATEST risk to an application?
Question148: Which of the following should be the HIGHEST priority when developing a risk response?
Question176: The MAIN goal of the risk analysis process is to determine the:
Question184: The BEST way to test the operational effectiveness of a data backup procedure is to:
Question189: Which of the following is MOST important when developing risk scenarios?
Question200: The risk associated with a high-risk vulnerability in an application is owned by the:
Question206: Which of the following will BEST support management repotting on risk?
Question209: Who is the MOST appropriate owner for newly identified IT risk?
Question210: The PRIMARY advantage of implementing an IT risk management framework is the:
Question211: The MOST essential content to include in an IT risk awareness program is how to:
Question214: The PRIMARY reason for periodically monitoring key risk indicators (KRIs) is to:
Question219: UESTION NO:
The PRIMARY benefit associated with key risk indicators (KRls) is that they

