EMT Practice Test

1. Question Content...


Question List

Question1: What is the PRIMARY purpose of creating a security architecture?

Question2: In cloud computing, which type of hosting is MOST appropriate for a large organization that wants greater control over the environment?

Question3: Which of the following would allow an IS auditor to obtain a bit-for-bit copy of data?

Question4: Security awareness training is MOST effective against which type of threat?

Question5: Which of the following is a more efficient form of public key cryptography as it demands less computational power and offers more security per bit?

Question6: The GREATEST advantage of using a common vulnerability scoring system is that it helps with:

Question7: Which of the following is EASIEST for a malicious attacker to detect?

Question8: Which of the following is the MOST important consideration to help mitigate cybersecurity risks related to outsourcing a key business function?

Question9: A cloud service provider is used to perform analytics on an organization's sensitive dat a. A data leakage incident occurs in the service providers network from a regulatory perspective, who is responsible for the data breach?

Question10: Which of the following devices is at GREATEST risk from activity monitoring and data retrieval?

Question11: Which of the following provides an early signal of increasing risk exposures for an organization?

Question12: Which of the following is a MAIN benefit of using Security as a Service (SECaaS) providers?

Question13: Using a data loss prevention (DLP) solution to monitor data saved to a USB memory device is an example of managing:

Question14: The administrator for a human resources (HR) system has access to the system as a user as well as support. Which of the following is the BEST control to help prevent intentional or accidental misuse of the privilege?

Question15: What should be an IS auditor's GREATEST concern when an organization's virtual private network (VPN) is implemented on employees' personal mobile devices?

Question16: The integrity of digital assets can be controlled by:

Question17: Which of the following is a feature of an intrusion detection system (IDS)?

Question18: Which of the following is a weakness associated with the use of symmetric, private keys in wired equivalent privacy (WEP) encryption?

Question19: An organization's responsibility to protect its assets and operations, including IT infrastructure and information, is referred to as:

Question20: Which control mechanism is used to detect the unauthorized modification of key configuration settings?

Question21: Which of the following is MOST effective in detecting unknown malware?

Question22: Which of the following is the BEST indication of mature third-party vendor risk management for an organization?

Question23: Which of the following is the MOST serious consequence of mobile device loss or theft?

Question24: Which of the following backup procedures would only copy files that have changed since the last backup was made?

Question25: Which of the following is the MOST relevant type of audit to conduct when fraud has been detected following an incident?

Question26: Which of the following injects malicious scripts into a trusted website to infect a target?

Question27: Which of the following is MOST important to verify when reviewing the effectiveness of an organization's identity management program?

Question28: Which of the following BEST helps IT administrators to ensure servers have no unnecessary features installed?

Question29: Which intrusion detection system component is responsible for collecting data in the form of network packets, log files, or system call traces?

Question30: The discovery of known dangerous artifacts on a network such as IP addresses or domain names helps to identify which of the following?

Question31: Which of the following features of continuous auditing provides the BEST level of assurance over traditional sampling?

Question32: Which of the following is an attack attribute of an advanced persistent threat (APT) that is designed to remove data from systems and networks?

Question33: Which of the following mobile computing trends should cause the GREATEST concern for an organization that needs to protect sensitive organizational data?

Question34: What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?

Question35: Which of the following BEST characterizes security mechanisms for mobile devices?

Question36: In the context of network communications, what are the two types of attack vectors?

Question37: When passwords are tied into key generation, the strength of the encryption algorithm is:

Question38: A data loss prevention (DLP) program helps protect an organization from:

Question39: Which of the following is a client-server program that opens a secure, encrypted command-line shell session from the Internet for remote logon?

Question40: Why are security frameworks an important part of a cybersecurity strategy?

Question41: During which incident response phase is evidence obtained and preserved?

Question42: Which of the following is the MOST important step to determine the risks posed to an organization by social media?

Question43: What would be an IS auditor's BEST response to an IT managers statement that the risk associated with the use of mobile devices in an organizational setting is the same as for any other device?

Question44: Which of the following BEST facilitates the development of metrics for repotting to senior management on vulnerability management efforts?

Question45: Which of the following is the MOST cost-effective technique for implementing network security for human resources (HR) desktops and internal laptop users in an organization?

Question46: The protection of information from unauthorized access or disclosure is known as:

Question47: A cybersecurity audit reveals that an organization's risk management function has the right to overrule business management decisions. Would the IS auditor find this arrangement acceptable?

Question48: Which of the following is a passive activity that could be used by an attacker during reconnaissance to gather information about an organization?

Question49: Which of the following is the MOST important consideration when choosing between different types of cloud services?

Question50: Which of the following is MOST important to consider when defining actions to be taken in the event an intrusion is detected as part of an intrusion detection system (IDS) policy?

Question51: In public key cryptography, digital signatures are primarily used to;

Question52: What is the PRIMARY benefit of ensuring timely and reliable access to information systems?

Question53: The second line of defense in cybersecurity includes:

Question54: The "recover" function of the NISI cybersecurity framework is concerned with:

Question55: he MOST significant limitation of vulnerability scanning is the fact that modern scanners only detect:

Question56: When reviewing user management roles, which of the following groups presents the GREATEST risk based on their permissions?

Question57: Which of the following contains the essential elements of effective processes and describes an improvement path considering quality and effectiveness?

Question58: Which of the following is an important reason for tracing the access and origin of an intrusion once it has been detected?

Question59: An information security procedure indicates a requirement to sandbox emails. What does this requirement mean?

Question60: Which of the following is a computer-software vulnerability that is unknown to those who would be interested in mitigating the vulnerability?

Question61: Which of the following provides additional protection other than encryption to messages transmitted using portable wireless devices?

Question62: During which incident response phase is the incident management team activated?

Question63: Which of the following is the MAIN purpose of system hardening?