EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the BEST method of maintaining the confidentiality of digital information?

Question2: What would be an IS auditor's BEST response to an IT managers statement that the risk associated with the use of mobile devices in an organizational setting is the same as for any other device?

Question3: Within the NIST core cybersecurity framework, which function is associated with using organizational understanding to minimize risk to systems, assets, and data?

Question4: Which of the following is the GREATEST risk pertaining to sensitive data leakage when users set mobile devices to "always on" mode?

Question5: Availability can be protected through the use of:

Question6: The risk of an evil twin attack on mobile devices is PRIMARILY due to:

Question7: Which of the following is the SLOWEST method of restoring data from backup media?

Question8: The second line of defense in cybersecurity includes:

Question9: Which of the following is a limitation of intrusion detection systems (IDS)?

Question10: Which of the following describes specific, mandatory controls or rules to support and comply with a policy?

Question11: Which of the following contains the essential elements of effective processes and describes an improvement path considering quality and effectiveness?

Question12: In public key cryptography, digital signatures are primarily used to;

Question13: Which of the following provides the GREATEST assurance that data can be recovered and restored in a timely manner in the event of data loss?

Question14: The GREATEST advantage of using a common vulnerability scoring system is that it helps with:

Question15: Which of the following is the BEST indication of mature third-party vendor risk management for an organization?

Question16: Which of the following BEST facilitates the development of metrics for repotting to senior management on vulnerability management efforts?

Question17: What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?

Question18: When reviewing user management roles, which of the following groups presents the GREATEST risk based on their permissions?

Question19: Which of the following BEST characterizes security mechanisms for mobile devices?

Question20: Which of the following is the GREATEST advantage of using a virtual private network (VPN) over dedicated circuits and dial-in servers?

Question21: Strong data loss prevention (DLP) solutions help protect information in which of the following states?

Question22: Which intrusion detection system component is responsible for collecting data in the form of network packets, log files, or system call traces?

Question23: What is the PRIMARY purpose of creating a security architecture?

Question24: Which of the following is EASIEST for a malicious attacker to detect?

Question25: Which of the following is the MOST cost-effective technique for implementing network security for human resources (HR) desktops and internal laptop users in an organization?

Question26: Which of the following is the BEST indication that an organization's vulnerability management process is operating effectively?

Question27: Which of the following is a feature of an intrusion detection system (IDS)?

Question28: One way to control the integrity of digital assets is through the use of:

Question29: Security awareness training is MOST effective against which type of threat?

Question30: Which of the following should an IS auditor do FIRST to ensure cyber security-related legal and regulatory requirements are followed by an organization?

Question31: Which of the following is an objective of public key infrastructure (PKI)?

Question32: Using a data loss prevention (DLP) solution to monitor data saved to a USB memory device is an example of managing:

Question33: Which type of tools look for anomalies in user behavior?

Question34: Which of the following is a feature of a stateful inspection firewall?

Question35: Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?

Question36: Which of the following are politically motivated hackers who target specific individuals or organizations to achieve various ideological ends?

Question37: An IS auditor has learned that a cloud service provider has not adequately secured its application programming interface (API). Which of the following is MOST important for the auditor to consider in an assessment of the potential risk factors?