EMT Practice Test
1. Question Content...
Question2: Which of the following is MOST important when discussing risk within an organization?
Question5: Which of the following would BEST help an enterprise prioritize risk scenarios?
Question9: Which stakeholders are PRIMARILY responsible for determining enterprise IT risk appetite?
Question10: Which of the following is the PRIMARY reason to perform ongoing risk assessments?
Question17: Which of the following is the FIRST step in risk assessment?
Question19: Which of the following should be the PRIMARY input when designing IT controls?
Question20: Who should be responsible for implementing and maintaining security controls?
Question21: Which of the following conditions presents the GREATEST risk to an application?
Question26: Which of the following attributes of a key risk indicator (KRI) is MOST important?
Question29: Which of the following is MOST critical when designing controls?
Question30: Controls should be defined during the design phase of system development because:
Question32: When evaluating enterprise IT risk management it is MOST important to:
Question40: Which of the following can be used to assign a monetary value to risk?
Question43: Prudent business practice requires that risk appetite not exceed:
Question52: The PRIMARY goal of a risk management program is to:
Question57: The MAIN purpose of a risk register is to:
Question59: The MOST effective approach to prioritize risk scenarios is by:
Question71: Which of the following will BEST help in communicating strategic risk priorities?
Question74: Who is accountable for risk treatment?
Question75: Which of the following should be an element of the risk appetite of an organization?
Question82: Which of the following is MOST important when defining controls?
Question92: Which of the following is a detective control?
Question95: The BEST criteria when selecting a risk response is the:
Question99: Which of the following BEST measures the efficiency of an incident response process?
Question101: A risk practitioner has just learned about new done FIRST?
Question106: Which of the following should be considered when selecting a risk response?
Question107: Risk management strategies are PRIMARILY adopted to:
Question108: The PRIMARY purpose of IT control status reporting is to:
Question111: The BEST way to test the operational effectiveness of a data backup procedure is to:
Question115: Which of the following is the PRIMARY objective for automating controls?
Question117: The GREATEST concern when maintaining a risk register is that:
Question124: Which of the following is the MOST important reason to create risk scenarios?
Question127: The purpose of requiring source code escrow in a contractual agreement is to:
Question132: Which of the following is the MOST effective way to mitigate identified risk scenarios?
Question136: A maturity model will BEST indicate:
Question144: Which of the following activities is PRIMARILY the responsibility of senior management?
Question145: Which of the following BEST indicates the condition of a risk management program?
Question149: Accountability for a particular risk is BEST represented in a:
Question157: The BEST reason to classify IT assets during a risk assessment is to determine the:
Question163: Which of the following is performed after a risk assessment is completed?
Question165: Which of the following should be the HIGHEST priority when developing a risk response?
Question167: Which of the following would BEST provide early warning of a high-risk condition?
Question169: Risk mitigation procedures should include:
Question177: Which of the following is MOST important when developing risk scenarios?
Question180: The PRIMARY objective of a risk identification process is to:
Question186: Quantifying the value of a single asset helps the organization to understand the:
Question194: Which of the following BEST indicates whether security awareness training is effective?
Question196: The PRIMARY basis for selecting a security control is:
Question197: The PRIMARY advantage of implementing an IT risk management framework is the:
Question199: Which of the following is a KEY outcome of risk ownership?
Question210: Which of the following is the MAIN reason for documenting the performance of controls?
Question214: The acceptance of control costs that exceed risk exposure is MOST likely an example of:
Question216: Who should be responsible for strategic decisions on risk management?
Question217: Which of the following BEST enables the identification of trends in risk levels?
Question222: It is MOST appropriate for changes to be promoted to production after they are;