EMT Practice Test
1. Question Content...
Question7: Which of the following is MOST essential for an effective change control environment?
Question9: Risk aggregation in a complex organization will be MOST successful when:
Question10: Which of the following is the MOST important benefit of key risk indicators (KRIs)'
Question20: Which of the following would be considered a vulnerability?
Question21: The PRIMARY benefit of classifying information assets is that it helps to:
Question32: The PRIMARY reason for periodically monitoring key risk indicators (KRIs) is to:
Question34: Which of the following BEST indicates the condition of a risk management program?
Question38: Which of the following is MOST important to the integrity of a security log?
Question44: Which of the following will BEST help in communicating strategic risk priorities?
Question45: The MOST effective approach to prioritize risk scenarios is by:
Question46: The maturity of an IT risk management program is MOST influenced by:
Question52: Which of the following is the MAIN reason to continuously monitor IT-related risk?
Question68: Quantifying the value of a single asset helps the organization to understand the:
Question70: Which of the following should be an element of the risk appetite of an organization?
Question92: Which of the following is the BEST indication of a mature organizational risk culture?
Question102: Which of the following is the BEST method for identifying vulnerabilities?
Question121: Which of the following is MOST helpful in aligning IT risk with business objectives?
Question123: The purpose of requiring source code escrow in a contractual agreement is to:
Question124: Establishing and organizational code of conduct is an example of which type of control?
Question127: When testing the security of an IT system, il is MOST important to ensure that;
Question130: Which of the following is the MOST important enabler of effective risk management?
Question136: Which of the following is MOST critical to the design of relevant risk scenarios?
Question138: Prior to selecting key performance indicators (KPIs), itis MOST important to ensure:
Question139: Which of the following is the BEST method to identify unnecessary controls?
Question141: The risk associated with an asset before controls are applied can be expressed as:
Question148: Which of the following is the MOST important responsibility of a risk owner?
Question150: The risk appetite for an organization could be derived from which of the following?
Question156: Which of the following is MOST important when defining controls?
Question160: Which of the following MOST effectively limits the impact of a ransomware attack?
Question170: Which of the following BEST indicates whether security awareness training is effective?
Question180: Which of the following MUST be updated to maintain an IT risk register?
Question181: It is MOST appropriate for changes to be promoted to production after they are;
Question185: Which of the following is the BEST way to identify changes to the risk landscape?
Question191: Which of the following is a KEY outcome of risk ownership?
Question199: Which of the following would BEST ensure that identified risk scenarios are addressed?
Question202: Who is the MOST appropriate owner for newly identified IT risk?
Question206: The MAIN goal of the risk analysis process is to determine the:
Question215: Which of the following is MOST important when developing key risk indicators (KRIs)?
Question223: Which of the following is the BEST method for assessing control effectiveness?
Question224: The BEST criteria when selecting a risk response is the:
Question229: Which of the following is a detective control?
Question233: Which of the following is the MOST important reason to create risk scenarios?