EMT Practice Test
1. Question Content...
Question4: The purpose of requiring source code escrow in a contractual agreement is to:
Question8: A risk practitioner has just learned about new done FIRST?
Question9: Who is accountable for risk treatment?
Question20: Which of the following is MOST important when developing key risk indicators (KRIs)?
Question23: Which of the following should be the HIGHEST priority when developing a risk response?
Question24: Which of the following is the MAIN reason for documenting the performance of controls?
Question25: Which of the following is a KEY responsibility of the second line of defense?
Question26: Which of the following represents a vulnerability?
Question30: Which of the following conditions presents the GREATEST risk to an application?
Question40: The PRIMARY basis for selecting a security control is:
Question50: The BEST criteria when selecting a risk response is the:
Question53: Which of the following is the MOST important benefit of key risk indicators (KRIs)'
Question61: The maturity of an IT risk management program is MOST influenced by:
Question69: An IT license audit has revealed that there are several unlicensed copies of co be to:
Question72: Risk management strategies are PRIMARILY adopted to:
Question74: Which of the following BEST indicates the effectiveness of anti-malware software?
Question76: Who is PRIMARILY accountable for risk treatment decisions?
Question77: Which of the following would be MOST beneficial as a key risk indicator (KRI)?
Question78: The BEST way to improve a risk register is to ensure the register:
Question83: Which of the following is the MOST important reason to create risk scenarios?
Question85: Which of the following BEST indicates whether security awareness training is effective?
Question105: Which of the following is MOST important when discussing risk within an organization?
Question107: Which of the following is the PRIMARY reason to perform ongoing risk assessments?
Question108: The MOST essential content to include in an IT risk awareness program is how to:
Question117: The PRIMARY reason for tracking the status of risk mitigation plans is to ensure:
Question118: Which of the following is the MOST important input when developing risk scenarios?
Question119: Which of the following is the GREATEST risk associated with the use of data analytics?
Question126: A violation of segregation of duties is when the same:
Question129: Which of the following is MOST important to the integrity of a security log?
Question136: Which of the following BEST facilitates the development of effective IT risk scenarios?
Question140: It is MOST appropriate for changes to be promoted to production after they are;
Question148: The MOST important reason to monitor key risk indicators (KRIs) is to help management:
Question153: Mapping open risk issues to an enterprise risk heat map BEST facilitates:
Question161: Which of the following is the MOST important responsibility of a risk owner?
Question172: Which of the following is MOST important when developing risk scenarios?
Question173: Which of the following is the BEST indication of an effective risk management program?
Question174: Which of the following is the BEST way to support communication of emerging risk?
Question177: Which of the following should be the PRIMARY input when designing IT controls?
Question183: Prudent business practice requires that risk appetite not exceed:
Question196: Which of the following is the PRIMARY objective for automating controls?
Question198: Which of the following is MOST essential for an effective change control environment?
Question203: Which of the following would require updates to an organization's IT risk register?
Question205: The FIRST task when developing a business continuity plan should be to:
Question206: Which of the following BEST assists in justifying an investment in automated controls?
Question214: Which of the following is the BEST method for identifying vulnerabilities?
Question230: Which of the following is MOST critical to the design of relevant risk scenarios?
Question235: The PRIMARY goal of a risk management program is to:
Question245: Which of the following attributes of a key risk indicator (KRI) is MOST important?
Question247: The PRIMARY objective for selecting risk response options is to:
Question249: Which of the following is MOST helpful in aligning IT risk with business objectives?
Question256: Mitigating technology risk to acceptable levels should be based PRIMARILY upon:
Question264: Calculation of the recovery time objective (RTO) is necessary to determine the:
Question272: Which of the following is MOST commonly compared against the risk appetite?
Question281: Which of the following will BEST support management repotting on risk?
Question284: Which of the following is the BEST method to identify unnecessary controls?
Question285: What is the PRIMARY benefit of risk monitoring?

