EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following tools allows you to implement packet filtering for a network?

Question2: You are creating an information security policy for your company.
Which of the following activities will help you focus on creating policies for the most important resources?

Question3: Which ICMP message type is sent whenever the destination cannot handle the amount of traffic being received?

Question4: A security breach has occurred in which a third party was able to obtain and misuse legitimate authentication information. After investigation, you determined that the specific cause for the breach was that end users have been placing their passwords underneath their keyboards.
Which step will best help you resolve this problem?

Question5: Which step in security policy implementation ensures that security policy will change as technology advances?

Question6: An application is creating hashes of each file on an attached storage device.
Which of the following will typically occur during this process?

Question7: How do activity logs help to implement and maintain a security plan?

Question8: The best way to thwart a dictionary attack is by enforcing a:

Question9: After you have determined that a hacker has entered your system, what is the first step you should take?

Question10: A disgruntled employee has discovered that the company Web server is not protected against particular buffer overflow vulnerability.
The disgruntled employee has created an application to take advantage of this vulnerability and secretly obtain sensitive data from the Web server's hard disk. This application sends a set of packets to the Web server that causes it to present an unauthenticated terminal with root privileges.
What is the name for this particular type of attack?

Question11: A flaw is discovered in an application. Before a patch is available, this vulnerability is used to gain access to sensitive data.
What type of attack is being described?

Question12: Which of the following is a primary auditing activity?

Question13: Which security management concept is the ability for a department to accurately determine the costs of using various networking security services?

Question14: Which of the following security services, as defined by the ISO 7498-2 Security Architecture document, protects against active threats by verifying or maintaining the consistency of information?

Question15: Consider the following image of a packet capture:
Which of the following best describes the protocol used, along with its primary benefit?

Question16: Which tool is best suited for identifying applications and code on a Web server that can lead to a SQL injection attack?

Question17: Which type of attack exploits routed IP datagrams and is often found at the network layer?

Question18: You want to create a quick solution that allows you to obtain real-time login information for the administrative account on an LDAP server that you feel may become a target.
Which of the following will accomplish this goal?

Question19: You have been assigned to configure a DMZ that uses multiple firewall components. Specifically, you must configure a router that will authoritatively monitor and, if necessary, block traffic. This device will be the last one that inspects traffic before it passes to the internal network.
Which term best describes this device?

Question20: Which security standard consists of 11 titles that are designed to improve the accuracy and reliability of corporate disclosure to reinforce investment confidence and protect investors?

Question21: Which attribute of a security matrix considers the number of employees necessary to successfully implement and maintain your system?

Question22: You have determined that an attack is currently underway on your database server. An attacker is currently logged in, modifying data. You want to preserve logs, caching and other data on this affected server.
Which of the following actions will best allow you to stop the attack and still preserve data?

Question23: Which of the following describes the practice of stateful multi-layer inspection?

Question24: You have discovered that the ls, su and ps commands no longer function as expected. They do not return information in a manner similar to any other Linux system. Also, the implementation of Tripwire you have installed on this server is returning new hash values.
Which of the following has most likely occurred?

Question25: Consider the following image of a packet capture:
This packet capture has recorded two types of attacks.
Which choice lists both attack types?

Question26: What is the primary drawback of using symmetric-key encryption?

Question27: You have implemented a version of the Kerberos protocol for your network.
What service does Kerberos primarily offer?

Question28: Which type of certificate is used to verify a company's Web server?

Question29: Which of the following accurately describes an aspect of an access control list (ACL)?

Question30: Why can instant messaging (IM) and peer-to-peer (P2P) applications be considered a threat to network security?

Question31: Which type of attack requires that the hacker be physically located between the two legitimate hosts being attacked?

Question32: Which of the following is considered to be the most secure default firewall policy, yet usually causes the most work from an administrative perspective?

Question33: Which of the following is the device used to authenticate and encrypt packets in IPsec?

Question34: Which of the following is a typical target of a trojan on a Linux system?

Question35: You purchased a network scanner six months ago. In spite of regularly conducting scans using this software, you have noticed that attackers have been able to compromise your servers over the last month.
Which of the following is the most likely explanation for this problem?

Question36: To implement a successful security system, you should:

Question37: A distributed denial-of-service (DDOS) attack has occurred where both ICMP and TCP packets have crashed the company's Web server.
Which of the following techniques will best help reduce the severity of this attack?

Question38: What would be the result if you were the recipient of a SYN flood or malformed packet?

Question39: Which of the following authentication methods would include the use of a smart card?

Question40: The vast majority of hackers are which type of attacker?

Question41: Which of the following details should be included in documentation of an attack?

Question42: Which of the following is a security principle that allows you to protect your network resources?

Question43: All servers assume that a valid IP address belongs to the computer that sent it. Because TCP/IP contains no built-in authentication, a hacker can assume the identity of another device.
If your security depends entirely upon the TCP/IP identity, which type of attack can allow a hacker to gain access to your system?

Question44: David has enabled auditing on the C, D and E drives of his Web server. This server runs Windows Server 2003 and uses all SCSI components. After David has finished his change, the help desk receives calls from customers complaining that transactions are being completed at an unusually slow rate.
What has David failed to consider?

Question45: Which of the following commands would you use to create a simple personal firewall that blocks all incoming ICMP traffic?

Question46: Consider the following image:
From the information in this image, what type of attack is occurring?

Question47: Which of the following activities is the most effective at keeping the actions of nae end users from putting the company's physical and logical resources at risk?

Question48: You have been asked to encrypt a large file using a secure encryption algorithm so you can send it via e-mail to your supervisor. Encryption speed is important. The key will not be transmitted across a network.
Which form of encryption should you use?

Question49: Which of the following can help you authoritatively trace a network flooding attack?

Question50: Which of the following is a primary weakness of asymmetric-key encryption?

Question51: Requests for Web-based resources have become unacceptably slow. You have been assigned to implement a solution that helps solve this problem.
Which of the following would you recommend?

Question52: Which choice lists typical firewall functions?

Question53: In relation to security, which of the following is the primary benefit of classifying systems?

Question54: Which of the following causes problems with firewalls

Question55: Why should you notify the hacker's ISP if you have successfully identified a hacker?

Question56: Consider the following diagram:
Which of the following best describes the protocol activity shown in the diagram, along with the most likely potential threat that accompanies this protocol?