EMT Practice Test
1. Question Content...
Question1: Which of the following should be the PRIMARY input when designing IT controls?
Question2: Which of the following BEST facilitates the development of effective IT risk scenarios?
Question5: Prior to selecting key performance indicators (KPIs), itis MOST important to ensure:
Question11: Which of the following is the MOST important input when developing risk scenarios?
Question24: Which of the following is a KEY outcome of risk ownership?
Question33: The PRIMARY purpose of IT control status reporting is to:
Question34: Which of the following approaches would BEST help to identify relevant risk scenarios?
Question36: Which of the following would be MOST beneficial as a key risk indicator (KRI)?
Question37: The PRIMARY purpose of vulnerability assessments is to:
Question51: Which of the following BEST indicates the effectiveness of anti-malware software?
Question55: Who is accountable for risk treatment?
Question65: Which of the following is the GREATEST risk associated with the use of data analytics?
Question75: Which of the following would prompt changes in key risk indicator {KRI) thresholds?
Question76: Which of the following should be the HIGHEST priority when developing a risk response?
Question80: Which of the following would qualify as a key performance indicator (KPI)?
Question93: Calculation of the recovery time objective (RTO) is necessary to determine the:
Question94: The MAIN purpose of a risk register is to:
Question96: An effective control environment is BEST indicated by controls that:
Question99: The BEST way to improve a risk register is to ensure the register:
Question101: Which of the following would require updates to an organization's IT risk register?
Question111: Risk aggregation in a complex organization will be MOST successful when:
Question112: Who should be responsible for strategic decisions on risk management?
Question114: Which of the following will BEST help in communicating strategic risk priorities?
Question116: The BEST way to test the operational effectiveness of a data backup procedure is to:
Question126: Whose risk tolerance matters MOST when making a risk decision?
Question134: Which of the following is MOST critical when designing controls?
Question141: The BEST criteria when selecting a risk response is the:
Question144: Which of the following is the MOST important enabler of effective risk management?
Question145: Which of the following would BEST provide early warning of a high-risk condition?
Question146: The maturity of an IT risk management program is MOST influenced by:
Question147: Which of the following is the MAIN reason for documenting the performance of controls?
Question149: Which of the following is a KEY responsibility of the second line of defense?
Question152: Which of the following BEST enables the identification of trends in risk levels?
Question153: Which of the following is MOST commonly compared against the risk appetite?
Question162: Which of the following is MOST important when developing risk scenarios?
Question165: Which of the following is the BEST method to identify unnecessary controls?
Question167: The PRIMARY benefit associated with key risk indicators (KRls) is that they:
Question169: Which of the following is the MOST important responsibility of a risk owner?
Question171: The PRIMARY reason for periodically monitoring key risk indicators (KRIs) is to:
Question172: Which of the following conditions presents the GREATEST risk to an application?
Question180: Which of the following is the BEST way to identify changes to the risk landscape?
Question182: Who is the MOST appropriate owner for newly identified IT risk?
Question189: The PRIMARY purpose of using control metrics is to evaluate the:
Question191: The MOST essential content to include in an IT risk awareness program is how to:
Question192: The PRIMARY advantage of implementing an IT risk management framework is the:
Question193: Quantifying the value of a single asset helps the organization to understand the:
Question209: Mapping open risk issues to an enterprise risk heat map BEST facilitates:
Question222: It is MOST appropriate for changes to be promoted to production after they are;
Question223: The PRIMARY purpose of a maturity model is to compare the:
Question230: Which of the following is the MAIN reason to continuously monitor IT-related risk?
Question232: Which of the following is the BEST method for identifying vulnerabilities?
Question234: A risk practitioner has just learned about new done FIRST?
