EMT Practice Test

1. Question Content...


Question List

Question1: Which statement is NOT a method of securing web applications?

Question2: You are assessing your organization's Disaster Recovery and Business Continuity (BR/BCP) requirements based on the shift to remote work. Which statement is LEAST reflective of current practices in business resiliency?

Question3: Which policy requirement is typically NOT defined in an Asset Management program?

Question4: You are reviewing assessment results of workstation and endpoint security. Which result should trigger more investigation due to greater risk potential?

Question5: Which of the following factors is LEAST likely to trigger notification obligations in incident response?

Question6: Which factor is the LEAST important attribute when classifying personal data?

Question7: An IT asset management program should include all of the following components EXCEPT:

Question8: Which example is typically NOT included in a Business Impact Analysis (BIA)?

Question9: Select the risk type that is defined as: "A third party may not be able to meet its obligations due to inadequate systems or processes".

Question10: Which statement is TRUE regarding the use of questionnaires in third party risk assessments?

Question11: Which of the following data safeguarding techniques provides the STRONGEST assurance that data does not identify an individual?

Question12: You are updating program requirements due to shift in use of technologies by vendors to enable hybrid work.
Which statement is LEAST likely to represent components of an Asset
Management Program?

Question13: Which statement is FALSE regarding the primary factors in determining vendor risk classification?

Question14: Which statement is FALSE when describing the differences between security vulnerabilities and security defects?

Question15: Which statement does NOT reflect current practice in addressing fourth party risk or subcontracting risk?

Question16: Which statement is FALSE regarding the methods of measuring third party risk?

Question17: Which statement BEST represents the roles and responsibilities for managing corrective actions upon completion of an onsite or virtual assessment?

Question18: Which statement is FALSE regarding the risk factors an organization may include when defining TPRM compliance requirements?

Question19: Which cloud deployment model is focused on the management of hardware equipment?

Question20: Which factor is less important when reviewing application risk for application service providers?

Question21: Which of the following is a positive aspect of adhering to a secure SDLC?

Question22: Which of the following topics is LEAST important when evaluating a service provider's Security and Privacy Awareness Program?

Question23: Which statement is FALSE regarding the different types of contracts and agreements between outsourcers and service providers?

Question24: Which of the following is NOT an example of a type of application security testing?

Question25: Which risk treatment approach typically requires a negotiation of contract terms between parties?

Question26: Which statement BEST describes the use of risk based decisioning in prioritizing gaps identified at a critical vendor when defining the corrective action plan?

Question27: Which example of a response to external environmental factors is LEAST likely to be managed directly within the BCP or IT DR plan?

Question28: Tracking breach, credential exposure and insider fraud/theft alerts is an example of which continuous monitoring technique?

Question29: Which of the following is LEAST likely to be included in an organization's mobile device policy?

Question30: Which activity reflects the concept of vendor management?

Question31: When evaluating compliance artifacts for change management, a robust process should include the following attributes:

Question32: When evaluating remote access risk, which of the following is LEAST applicable to your analysis?

Question33: Which factor in patch management is MOST important when conducting postcybersecurity incident analysis related to systems and applications?

Question34: Your company has been alerted that an IT vendor began utilizing a subcontractor located in a country restricted by company policy. What is the BEST approach to handle this situation?

Question35: Which statement provides the BEST example of the purpose of scoping in third party assessments?

Question36: All of the following processes are components of controls evaluation in the Third Party Risk Assessment process EXCEPT:

Question37: Which statement provides the BEST description of inherent risk?

Question38: Which of the following is NOT a key component of TPRM requirements in the software development life cycle (SDLC)?

Question39: Which statement BEST represents the primary objective of a third party risk assessment:

Question40: You are updating the inventory of regulations that impact your TPRM program during the company's annual risk assessment. Which statement provides the optimal approach to prioritizing the regulations?

Question41: Which statement BEST describes the methods of performing due diligence during third party risk assessments?

Question42: Which of the following indicators is LEAST likely to trigger a reassessment of an existing vendor?

Question43: Which of the following data types would be classified as low risk data?

Question44: Which statement is TRUE regarding defining vendor classification or risk tiering in a TPRM program?

Question45: Which of the following actions reflects the first step in developing an emergency response plan?

Question46: Which requirement is NOT included in IT asset end-of-life (EOL) processes?

Question47: A visual representation of locations, users, systems and transfer of personal information between outsourcers and third parties is defined as:

Question48: Which activity BEST describes conducting due diligence of a lower risk vendor?

Question49: Which cloud deployment model is primarily used for load balancing?

Question50: The primary disadvantage of Single Sign-On (SSO) access control is:

Question51: Which statement is FALSE regarding analyzing results from a vendor risk assessment?

Question52: Which statement is TRUE regarding the tools used in TPRM risk analyses?

Question53: Which statement BEST reflects the factors that help you determine the frequency of cyclical assessments?

Question54: If a system requires ALL of the following for accessing its data: (1) a password, (2) a security token, and (3) a user's fingerprint, the system employs: