EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the MOST likely reason to perform a qualitative risk analysis?

Question2: Which of the following is the PRIMARY objective of vulnerability assessments?

Question3: When defining the risk monitoring process, management should also define the:

Question4: Of the following, who is BEST suited to be responsible for continuous monitoring of risk?

Question5: The PRIMARY reason for the implementation of additional security controls is to:

Question6: Which of the following is MOST important for the determination of I&T-related risk?

Question7: Which of the following is the MOST important factor to consider when developing effective risk scenarios?

Question8: When analyzing l&T-related risk, an enterprise defines likelihood and impact on a scale from 1 to 5, and the scale of impact also defines a range expressed in monetary terms. Which of the following risk analysis approaches has been adopted?

Question9: If the residual risk associated with a particular control is within the enterprise risk appetite, the residual risk should be:

Question10: An enterprise's risk policy should be aligned with its:

Question11: Which of the following is the PRIMARY concern with vulnerability assessments?

Question12: The MOST important reason to monitor implemented controls is to ensure the controls:

Question13: Which risk response option has been adopted when an enterprise outsources disaster recovery activities to leverage the skills and expertise of a third-party provider?

Question14: To establish an enterprise risk appetite, an organization should:

Question15: The use of risk scenarios to guide senior management through a rapidly changing market environment is considered a key risk management

Question16: When evaluating the current state of controls, which of the following will provide the MOST comprehensive analysis of enterprise processes, incidents, logs, and the threat environment?

Question17: Which of the following occurs earliest in the risk response process?

Question18: Which of the following would have the MOST impact on the accuracy and appropriateness of plans associated with business continuity and disaster recovery?

Question19: An l&T-related risk assessment enables individuals responsible for risk governance to:

Question20: To be effective, risk reporting and communication should provide:

Question21: Which of the following is the PRIMARY outcome of a risk scoping activity?

Question22: The MOST important reason for developing and monitoring key risk indicators (KRIs) is that they provide:

Question23: Which of the following is a KEY contributing component for determining risk rankings to direct risk response?

Question24: An enterprise has moved its data center from a flood-prone area where it had experienced significant service disruptions to one that is not a flood zone. Which risk response strategy has the organization selected?

Question25: Which of the following BEST supports a risk-aware culture within an enterprise?

Question26: Which of the following are KEY considerations when selecting the best risk response for a given situation?

Question27: To establish an enterprise risk appetite, an organization should:

Question28: Which of the following is the FIRST step in an advanced persistent threat (APT) attack?

Question29: Which of the following represents a vulnerability associated with legacy systems using older technology?

Question30: Which of the following is the MOST important aspect of key performance indicators (KPIs)?

Question31: An enterprise is currently experiencing an unacceptable 8% processing error rate and desires to manage risk by establishing a policy that error rates cannot exceed 5%. In addition, management wants to be alerted when error rates meet or exceed 4%. The enterprise should set a key performance indicator (KPI) metric at which of the following levels?

Question32: Risk monitoring is MOST effective when it is conducted:

Question33: What is the FIRST step in the risk response process?

Question34: Risk analysis makes it easier to communicate impact in terms of:

Question35: Which types of controls are designed to avoid undesirable events, errors, and other adverse occurrences?

Question36: An enterprise that uses a two-factor authentication login method for accessing sensitive data has implemented which type of control?

Question37: Key risk indicators (KRIs) are metrics designed to:

Question38: Which of the following is MOST important for a risk practitioner to ensure when preparing a risk report?

Question39: A key risk indicator (KRI) is PRIMARILY used for which of the following purposes?

Question40: Risk maps can help to develop common profiles in order to identify which of the following?

Question41: Which of the following are control conditions that exist in IT systems and may be exploited by an attacker?

Question42: A business continuity plan (BCP) is:

Question43: Which of the following is the MOST important information for determining the critical path of a project?

Question44: Which of the following is a benefit of using a top-down approach when developing risk scenarios?

Question45: Which of the following provides the BEST input when developing specific, measurable, realistic, and time- bound (SMART) metrics?

Question46: Applying statistical analysis methods to I&T risk scenarios is MOST appropriate when:

Question47: Potential losses resulting from employee errors and system failures are examples of:

Question48: An enterprise recently implemented multi-factor authentication. During the most recent risk assessment, it was determined that cybersecurity risk is within the organization's risk appetite threshold. What is the MOST appropriate action for the organization to take regarding the remaining cybersecurity residual risk?

Question49: Publishing l&T risk-related policies and procedures BEST enables an enterprise to:

Question50: Which of the following is the MOST useful information to include in a risk report to indicate control effectiveness?

Question51: Which of the following is the MAIN reason to conduct a penetration test?