EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the GREATEST risk associated with the transition of a sensitive data backup solution from on-premise to a cloud service provider?

Question2: A key risk indicator (KRI) indicates a reduction in the percentage of appropriately patched servers. Which of the following is the risk practitioner's BEST course of action?

Question3: Which of the following is the MOST important information to be communicated during security awareness training?

Question4: An organization has initiated a project to implement an IT risk management program for the first time. The BEST time for the risk practitioner to start populating the risk register is when:

Question5: Which of the following risk scenarios would be the GREATEST concern as a result of a single sign-on implementation?

Question6: Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery plan (DRP)?

Question7: Which of the following is MOST essential for an effective change control environment?

Question8: During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?

Question9: Risk aggregation in a complex organization will be MOST successful when:

Question10: Which of the following is the MOST important benefit of key risk indicators (KRIs)'

Question11: Which of the following requirements is MOST important to include in an outsourcing contract to help ensure sensitive data stored with a service provider is secure?

Question12: After the review of a risk record, internal audit questioned why the risk was lowered from medium to low.
Which of the following is the BEST course of action in responding to this inquiry?

Question13: The PRIMARY reason a risk practitioner would be interested in an internal audit report is to:

Question14: Which of the following is the PRIMARY benefit of identifying and communicating with stakeholders at the onset of an IT risk assessment?

Question15: Which of the following is MOST important for a risk practitioner to verify when evaluating the effectiveness of an organization's existing controls?

Question16: Which of the following is the GREATEST concern when using a generic set of IT risk scenarios for risk analysis?

Question17: Which of the following is the BEST approach for performing a business impact analysis (BIA) of a supply-chain management application?

Question18: The PRIMARY benefit of conducting continuous monitoring of access controls is the ability to identify:

Question19: Which of the following is MOST helpful to management when determining the resources needed to mitigate a risk?

Question20: Which of the following would be considered a vulnerability?

Question21: The PRIMARY benefit of classifying information assets is that it helps to:

Question22: Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?

Question23: What is the BEST information to present to business control owners when justifying costs related to controls?

Question24: Which type of cloud computing deployment provides the consumer the GREATEST degree of control over the environment?

Question25: Which of the following is MOST helpful to review when identifying risk scenarios associated with the adoption of Internet of Things (loT) technology in an organization?

Question26: Which of the following BEST indicates the efficiency of a process for granting access privileges?

Question27: Which of the following is the PRIMARY reason for an organization to ensure the risk register is updated regularly?

Question28: A peer review of a risk assessment finds that a relevant threat community was not included. Mitigation of the risk will require substantial changes to a software application. Which of the following is the BEST course of action?

Question29: A new policy has been published to forbid copying of data onto removable medi a. Which type of control has been implemented?

Question30: Which of the following aspects of an IT risk and control self-assessment would be MOST important to include in a report to senior management?

Question31: A newly enacted information privacy law significantly increases financial penalties for breaches of personally identifiable information (Pll). Which of the following will MOST likely outcome for an organization affected by the new law?

Question32: The PRIMARY reason for periodically monitoring key risk indicators (KRIs) is to:

Question33: During the control evaluation phase of a risk assessment, it is noted that multiple controls are ineffective.
Which of the following should be the risk practitioner's FIRST course of action?

Question34: Which of the following BEST indicates the condition of a risk management program?

Question35: A risk assessment has identified increased losses associated with an IT risk scenario. It is MOST important for the risk practitioner to:

Question36: Which of the following would MOST likely result in updates to an IT risk appetite statement?

Question37: Which of the following is the BEST indicator of the effectiveness of a control monitoring program?

Question38: Which of the following is MOST important to the integrity of a security log?

Question39: Which of the following would be MOST helpful to a risk owner when making risk-aware decisions?

Question40: Which of the following is the PRIMARY purpose of periodically reviewing an organization's risk profile?

Question41: The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?

Question42: Which of the following will MOST improve stakeholders' understanding of the effect of a potential threat?

Question43: Which of the following is MOST important when developing key performance indicators (KPIs)?

Question44: Which of the following will BEST help in communicating strategic risk priorities?

Question45: The MOST effective approach to prioritize risk scenarios is by:

Question46: The maturity of an IT risk management program is MOST influenced by:

Question47: When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?

Question48: Which of the following is MOST important to understand when developing key risk indicators (KRIs)?

Question49: During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall. Which of the following controls has MOST likely been compromised?

Question50: Which of the following provides the MOST helpful information in identifying risk in an organization?

Question51: A risk practitioner observes that hardware failure incidents have been increasing over the last few months.
However, due to built-in redundancy and fault-tolerant architecture, there have been no interruptions to business operations. The risk practitioner should conclude that:

Question52: Which of the following is the MAIN reason to continuously monitor IT-related risk?

Question53: Which of the following is the MOST important consideration when selecting either a qualitative or quantitative risk analysis?

Question54: Which of the following is a crucial component of a key risk indicator (KRI) to ensure appropriate action is taken to mitigate risk?

Question55: An organization learns of a new ransomware attack affecting organizations worldwide. Which of the following should be done FIRST to reduce the likelihood of infection from the attack?

Question56: Which of the following indicates an organization follows IT risk management best practice?

Question57: Which of the following is the MOST effective key performance indicator (KPI) for change management?

Question58: A control owner has completed a year-long project To strengthen existing controls. It is MOST important for the risk practitioner to:

Question59: Which of the following is MOST important to include in a Software as a Service (SaaS) vendor agreement?

Question60: A payroll manager discovers that fields in certain payroll reports have been modified without authorization.
Which of the following control weaknesses could have contributed MOST to this problem?

Question61: Which of the following could BEST detect an in-house developer inserting malicious functions into a web-based application?

Question62: A recent internal risk review reveals the majority of core IT application recovery time objectives (RTOs) have exceeded the maximum time defined by the business application owners. Which of the following is MOST likely to change as a result?

Question63: It is MOST important to the effectiveness of an IT risk management function that the associated processes are:

Question64: Which of the following provides The BEST information when determining whether to accept residual risk of a critical system to be implemented?

Question65: An organization has opened a subsidiary in a foreign country. Which of the following would be the BEST way to measure the effectiveness of the subsidiary's IT systems controls?

Question66: Which of the following provides The MOST useful information when determining a risk management program's maturity level?

Question67: An organization is planning to outsource its payroll function to an external service provider Which of the following should be the MOST important consideration when selecting the provider?

Question68: Quantifying the value of a single asset helps the organization to understand the:

Question69: The PRIMARY reason for periodic penetration testing of Internet-facing applications is to:

Question70: Which of the following should be an element of the risk appetite of an organization?

Question71: An organization has recently updated its disaster recovery plan (DRP). Which of the following would be the GREATEST risk if the new plan is not tested?

Question72: Which of the following is the FIRST step in managing the security risk associated with wearable technology in the workplace?

Question73: An organization has granted a vendor access to its data in order to analyze customer behavior. Which of the following would be the MOST effective control to mitigate the risk of customer data leakage?

Question74: An organization's IT infrastructure is running end-of-life software that is not allowed without exception approval. Which of the following would provide the MOST helpful information to justify investing in updated software?

Question75: A risk practitioner has become aware of production data being used in a test environment. Which of the following should be the practitioner's PRIMARY concern?

Question76: Which of the following is the MOST important component of effective security incident response?

Question77: Which of the following is the BEST key performance indicator (KPI) for determining how well an IT policy is aligned to business requirements?

Question78: Which of the following is MOST important to review when determining whether a potential IT service provider s control environment is effective?

Question79: Which of the following would be MOST helpful to an information security management team when allocating resources to mitigate exposures?

Question80: A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?

Question81: An organization striving to be on the leading edge in regard to risk monitoring would MOST likely implement:

Question82: The BEST way to obtain senior management support for investment in a control implementation would be to articulate the reduction in:

Question83: A risk practitioner observes that the fraud detection controls in an online payment system do not perform as expected. Which of the following will MOST likely change as a result?

Question84: Which of the following is the MOST important data attribute of key risk indicators (KRIs)?

Question85: Periodically reviewing and updating a risk register with details on identified risk factors PRIMARILY helps to:

Question86: A control owner identifies that the organization's shared drive contains personally identifiable information (Pll) that can be accessed by all personnel. Which of the following is the MOST effective risk response?

Question87: An organization with a large number of applications wants to establish a security risk assessment program.
Which of the following would provide the MOST useful information when determining the frequency of risk assessments?

Question88: A control owner responsible for the access management process has developed a machine learning model to automatically identify excessive access privileges. What is the risk practitioner's BEST course of action?

Question89: Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question90: Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

Question91: A risk practitioner is reporting on an increasing trend of ransomware attacks in the industry. Which of the following information is MOST important to include to enable an informed response decision by key stakeholders?

Question92: Which of the following is the BEST indication of a mature organizational risk culture?

Question93: Which of the following is the MOST effective way to integrate business risk management with IT operations?

Question94: Senior management has asked a risk practitioner to develop technical risk scenarios related to a recently developed enterprise resource planning (ERP) system. These scenarios will be owned by the system manager.
Which of the following would be the BEST method to use when developing the scenarios?

Question95: A risk practitioner has identified that the organization's secondary data center does not provide redundancy for a critical application. Who should have the authority to accept the associated risk?

Question96: Which of the following is the MOST important consideration when determining whether to accept residual risk after security controls have been implemented on a critical system?

Question97: Which of the following is the MOST important factor affecting risk management in an organization?

Question98: While evaluating control costs, management discovers that the annual cost exceeds the annual loss expectancy (ALE) of the risk. This indicates the:

Question99: What should be the PRIMARY objective for a risk practitioner performing a post-implementation review of an IT risk mitigation project?

Question100: Which of the following is the MOST important consideration when developing an organization's risk taxonomy?

Question101: Which of the following is the MOST important objective of regularly presenting the project risk register to the project steering committee?

Question102: Which of the following is the BEST method for identifying vulnerabilities?

Question103: Which of the following would BEST enable a risk practitioner to embed risk management within the organization?

Question104: When developing a new risk register, a risk practitioner should focus on which of the following risk management activities?

Question105: A web-based service provider with a low risk appetite for system outages is reviewing its current risk profile for online security. Which of the following observations would be MOST relevant to escalate to senior management?

Question106: An organization has identified a risk exposure due to weak technical controls in a newly implemented HR system. The risk practitioner is documenting the risk in the risk register. The risk should be owned by the:

Question107: Which stakeholders are PRIMARILY responsible for determining enterprise IT risk appetite?

Question108: Which of the following is the MOST appropriate key risk indicator (KRI) for backup media that is recycled monthly?

Question109: A global organization is planning to collect customer behavior data through social media advertising. Which of the following is the MOST important business risk to be considered?

Question110: Which of the following would provide the BEST guidance when selecting an appropriate risk treatment plan?

Question111: Which of the following provides the BEST measurement of an organization's risk management maturity level?

Question112: The risk associated with data loss from a website which contains sensitive customer information is BEST owned by:

Question113: Which of the following should be included in a risk assessment report to BEST facilitate senior management's understanding of the results?

Question114: Which of the following will BEST help an organization evaluate the control environment of several third-party vendors?

Question115: From a risk management perspective, the PRIMARY objective of using maturity models is to enable:

Question116: Performing a background check on a new employee candidate before hiring is an example of what type of control?

Question117: An organizations chief technology officer (CTO) has decided to accept the risk associated with the potential loss from a denial-of-service (DoS) attack. In this situation, the risk practitioner's BEST course of action is to:

Question118: An organization is considering allowing users to access company data from their personal devices. Which of the following is the MOST important factor when assessing the risk?

Question119: Which of the following IT controls is MOST useful in mitigating the risk associated with inaccurate data?

Question120: When reviewing a risk response strategy, senior management's PRIMARY focus should be placed on the:

Question121: Which of the following is MOST helpful in aligning IT risk with business objectives?

Question122: An organization is increasingly concerned about loss of sensitive data and asks the risk practitioner to assess the current risk level. Which of the following should the risk practitioner do FIRST?

Question123: The purpose of requiring source code escrow in a contractual agreement is to:

Question124: Establishing and organizational code of conduct is an example of which type of control?

Question125: Who is BEST suited to determine whether a new control properly mitigates data loss risk within a system?

Question126: When collecting information to identify IT-related risk, a risk practitioner should FIRST focus on IT:

Question127: When testing the security of an IT system, il is MOST important to ensure that;

Question128: Which of the following is the MAIN benefit of involving stakeholders in the selection of key risk indicators (KRIs)?

Question129: Which of the following should be the MAIN consideration when validating an organization's risk appetite?

Question130: Which of the following is the MOST important enabler of effective risk management?

Question131: Which of the following should be considered FIRST when assessing risk associated with the adoption of emerging technologies?

Question132: Which of the following is the BEST way to determine the ongoing efficiency of control processes?

Question133: An organization has initiated a project to launch an IT-based service to customers and take advantage of being the first to market. Which of the following should be of GREATEST concern to senior management?

Question134: The PRIMARY reason to have risk owners assigned to entries in the risk register is to ensure:

Question135: Which of the following is the BEST evidence that a user account has been properly authorized?

Question136: Which of the following is MOST critical to the design of relevant risk scenarios?

Question137: A control for mitigating risk in a key business area cannot be implemented immediately. Which of the following is the risk practitioner's BEST course of action when a compensating control needs to be applied?

Question138: Prior to selecting key performance indicators (KPIs), itis MOST important to ensure:

Question139: Which of the following is the BEST method to identify unnecessary controls?

Question140: A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:

Question141: The risk associated with an asset before controls are applied can be expressed as:

Question142: Which of the following should be management's PRIMARY consideration when approving risk response action plans?

Question143: What is MOST important for the risk practitioner to understand when creating an initial IT risk register?

Question144: An audit reveals that there are changes in the environment that are not reflected in the risk profile. Which of the following is the BEST course of action?

Question145: A risk practitioner has been asked to advise management on developing a log collection and correlation strategy. Which of the following should be the MOST important consideration when developing this strategy?

Question146: Which of The following is the BEST way to confirm whether appropriate automated controls are in place within a recently implemented system?

Question147: Which of the following would BEST help identify the owner for each risk scenario in a risk register?

Question148: Which of the following is the MOST important responsibility of a risk owner?

Question149: An organization has procured a managed hosting service and just discovered the location is likely to be flooded every 20 years. Of the following, who should be notified of this new information FIRST.

Question150: The risk appetite for an organization could be derived from which of the following?

Question151: A bank is experiencing an increasing incidence of customer identity theft. Which of the following is the BEST way to mitigate this risk?

Question152: Which of the following is the MOST important consideration when identifying stakeholders to review risk scenarios developed by a risk analyst? The reviewers are:

Question153: Which of the following is the PRIMARY reason to have the risk management process reviewed by a third party?

Question154: Which of the following will BEST help to ensure that information system controls are effective?

Question155: Which of the following is the MOST cost-effective way to test a business continuity plan?

Question156: Which of the following is MOST important when defining controls?

Question157: After migrating a key financial system to a new provider, it was discovered that a developer could gain access to the production environment. Which of the following is the BEST way to mitigate the risk in this situation?

Question158: The BEST way to demonstrate alignment of the risk profile with business objectives is through:

Question159: An internal audit report reveals that not all IT application databases have encryption in place. Which of the following information would be MOST important for assessing the risk impact?

Question160: Which of the following MOST effectively limits the impact of a ransomware attack?

Question161: Which of the following is the BEST indication of an improved risk-aware culture following the implementation of a security awareness training program for all employees?

Question162: Which of The following is the PRIMARY consideration when establishing an organization's risk management methodology?

Question163: An organization is measuring the effectiveness of its change management program to reduce the number of unplanned production changes. Which of the following would be the BEST metric to determine if the program is performing as expected?

Question164: Which of the following is the BEST way for a risk practitioner to help management prioritize risk response?

Question165: Implementing which of the following will BEST help ensure that systems comply with an established baseline before deployment?

Question166: Which of the following roles would be MOST helpful in providing a high-level view of risk related to customer data loss?

Question167: To minimize risk in a software development project, when is the BEST time to conduct a risk analysis?

Question168: Which of the following provides the MOST important information to facilitate a risk response decision?

Question169: The head of a business operations department asks to review the entire IT risk register. Which of the following would be the risk manager s BEST approach to this request before sharing the register?

Question170: Which of the following BEST indicates whether security awareness training is effective?

Question171: Which of the following is the MOST effective control to ensure user access is maintained on a least-privilege basis?

Question172: Which of the following criteria is MOST important when developing a response to an attack that would compromise data?

Question173: Which of the following is the MOST important characteristic of an effective risk management program?

Question174: Which of the following would BEST help secure online financial transactions from improper users?

Question175: Which of the following is the FIRST step in managing the risk associated with the leakage of confidential data?

Question176: Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?

Question177: Which of the following BEST contributes to the implementation of an effective risk response action plan?

Question178: During the risk assessment of an organization that processes credit cards, a number of existing controls have been found to be ineffective and do not meet industry standards. The overall control environment may still be effective if:

Question179: Which of the following methods is the BEST way to measure the effectiveness of automated information security controls prior to going live?

Question180: Which of the following MUST be updated to maintain an IT risk register?

Question181: It is MOST appropriate for changes to be promoted to production after they are;

Question182: The BEST key performance indicator (KPI) for monitoring adherence to an organization's user accounts provisioning practices is the percentage of:

Question183: Which of the following is the BEST control to detect an advanced persistent threat (APT)?

Question184: Which of the following would MOST likely cause a risk practitioner to reassess risk scenarios?

Question185: Which of the following is the BEST way to identify changes to the risk landscape?

Question186: Which of the following would provide the MOST comprehensive information for updating an organization's risk register?

Question187: An organization has received notification that it is a potential victim of a cybercrime that may have compromised sensitive customer data. What should be The FIRST course of action?

Question188: Which of the following would be the BEST recommendation if the level of risk in the IT risk profile has decreased and is now below management's risk appetite?

Question189: When determining which control deficiencies are most significant, which of the following would provide the MOST useful information?

Question190: Which of the following MUST be assessed before considering risk treatment options for a scenario with significant impact?

Question191: Which of the following is a KEY outcome of risk ownership?

Question192: An organization's risk practitioner learns a new third-party system on the corporate network has introduced vulnerabilities that could compromise corporate IT systems. What should the risk practitioner do FIRST?

Question193: Which of the following is the MOST useful indicator to measure the efficiency of an identity and access management process?

Question194: Which of the following should be the PRIMARY focus of a risk owner once a decision is made to mitigate a risk?

Question195: Which of the following should be the PRIMARY consideration when implementing controls for monitoring user activity logs?

Question196: Which of the following is the MOST common concern associated with outsourcing to a service provider?

Question197: What should a risk practitioner do FIRST upon learning a risk treatment owner has implemented a different control than what was specified in the IT risk action plan?

Question198: Which of the following is the BEST evidence that risk management is driving business decisions in an organization?

Question199: Which of the following would BEST ensure that identified risk scenarios are addressed?

Question200: An organization uses a vendor to destroy hard drives. Which of the following would BEST reduce the risk of data leakage?

Question201: A department has been granted an exception to bypass the existing approval process for purchase orders. The risk practitioner should verify the exception has been approved by which of the following?

Question202: Who is the MOST appropriate owner for newly identified IT risk?

Question203: When reviewing a business continuity plan (BCP). which of the following would be the MOST significant deficiency?

Question204: An organization has outsourced its backup and recovery procedures to a third-party cloud provider. Which of the following is the risk practitioner s BEST course of action?

Question205: Which of the following is the GREATEST benefit of analyzing logs collected from different systems?

Question206: The MAIN goal of the risk analysis process is to determine the:

Question207: An identified high probability risk scenario involving a critical, proprietary business function has an annualized cost of control higher than the annual loss expectancy. Which of the following is the BEST risk response?

Question208: Which of the following should be of GREATEST concern to a risk practitioner when determining the effectiveness of IT controls?

Question209: A change management process has recently been updated with new testing procedures. What is the NEXT course of action?

Question210: An organization is unable to implement a multi-factor authentication requirement until the next fiscal year due to budget constraints. Consequently, a policy exception must be submitted. Which of the following is MOST important to include in the analysis of the exception?

Question211: Which of the following is the BEST course of action when risk is found to be above the acceptable risk appetite?

Question212: Which of the following risk register elements is MOST likely to be updated if the attack surface or exposure of an asset is reduced?

Question213: Implementing which of the following controls would BEST reduce the impact of a vulnerability that has been exploited?

Question214: An application owner has specified the acceptable downtime in the event of an incident to be much lower than the actual time required for the response team to recover the application. Which of the following should be the NEXT course of action?

Question215: Which of the following is MOST important when developing key risk indicators (KRIs)?

Question216: Which of the following is the BEST approach for determining whether a risk action plan is effective?

Question217: Which of these documents is MOST important to request from a cloud service provider during a vendor risk assessment?

Question218: Which of the following is a risk practitioner's BEST course of action upon learning that a control under internal review may no longer be necessary?

Question219: In an organization with a mature risk management program, which of the following would provide the BEST evidence that the IT risk profile is up to date?

Question220: Which of the following tools is MOST effective in identifying trends in the IT risk profile?

Question221: Deviation from a mitigation action plan's completion date should be determined by which of the following?

Question222: A data processing center operates in a jurisdiction where new regulations have significantly increased penalties for data breaches. Which of the following elements of the risk register is MOST important to update to reflect this change?

Question223: Which of the following is the BEST method for assessing control effectiveness?

Question224: The BEST criteria when selecting a risk response is the:

Question225: Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?

Question226: Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?

Question227: Which of the following observations would be GREATEST concern to a risk practitioner reviewing the implementation status of management action plans?

Question228: Which of the following would be- MOST helpful to understand the impact of a new technology system on an organization's current risk profile?

Question229: Which of the following is a detective control?

Question230: A business unit has decided to accept the risk of implementing an off-the-shelf, commercial software package that uses weak password controls. The BEST course of action would be to:

Question231: An organization has just implemented changes to close an identified vulnerability that impacted a critical business process. What should be the NEXT course of action?

Question232: Which of the following techniques would be used during a risk assessment to demonstrate to stakeholders that all known alternatives were evaluated?

Question233: Which of the following is the MOST important reason to create risk scenarios?

Question234: A risk practitioner is reviewing a vendor contract and finds there is no clause to control privileged access to the organization's systems by vendor employees. Which of the following is the risk practitioner's BEST course of action?

Question235: Which of the following resources is MOST helpful when creating a manageable set of IT risk scenarios?

Question236: Which of the following BEST measures the impact of business interruptions caused by an IT service outage?