EMT Practice Test

1. Question Content...


Question List

Question1: If a hacker is attempting to alter or delete system audit logs, in which of the following attack phases is the hacker involved?

Question2: Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?

Question3: Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?

Question4: Which of the following security best practices should a web developer reference when developing a new web- based application?

Question5: Which of the following data sources could provide indication of a system compromise involving the exfiltration of data to an unauthorized destination?

Question6: While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization's server. The analyst would like to investigate and compare contents of the current file with archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?

Question7: When attempting to determine which system or user is generating excessive web traffic, analysis of which of the following would provide the BEST results?

Question8: An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?

Question9: After a security breach, a security consultant is hired to perform a vulnerability assessment for a company's web application. Which of the following tools would the consultant use?

Question10: A user receives an email about an unfamiliar bank transaction, which includes a link. When clicked, the link redirects the user to a web page that looks exactly like their bank's website and asks them to log in with their username and password. Which type of attack is this?

Question11: According to company policy, all accounts with administrator privileges should have suffix _j a. While reviewing Windows workstation configurations, a security administrator discovers an account without the suffix in the administrator's group. Which of the following actions should the security administrator take?

Question12: Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)

Question13: During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is processing information and indicating network activity. The investigator is preparing to launch an investigation to determine what is happening with this laptop. Which of the following is the MOST appropriate set of Linux commands that should be executed to conduct the investigation?

Question14: An unauthorized network scan may be detected by parsing network sniffer data for:

Question15: Which of the following is a cybersecurity solution for insider threats to strengthen information protection?

Question16: A security administrator is investigating a compromised host. Which of the following commands could the investigator use to display executing processes in real time?

Question17: A Windows system administrator has received notification from a security analyst regarding new malware that executes under the process name of "armageddon.exe" along with a request to audit all department workstations for its presence. In the absence of GUI-based tools, what command could the administrator execute to complete this task?

Question18: It was recently discovered that many of an organization's servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)

Question19: After a hacker obtained a shell on a Linux box, the hacker then sends the exfiltrated data via Domain Name System (DNS). This is an example of which type of data exfiltration?

Question20: During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?

Question21: During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?

Question22: A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?

Question23: An incident responder has collected network capture logs in a text file, separated by five or more data fields.
Which of the following is the BEST command to use if the responder would like to print the file (to terminal/ screen) in numerical order?

Question24: A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)

Question25: During an incident, the following actions have been taken:
- Executing the malware in a sandbox environment
- Reverse engineering the malware
- Conducting a behavior analysis
Based on the steps presented, which of the following incident handling processes has been taken?

Question26: Which of the following are common areas of vulnerabilities in a network switch? (Choose two.)

Question27: A security administrator notices a process running on their local workstation called SvrsScEsdKexzCv.exe.
The unknown process is MOST likely:

Question28: Which of the following, when exposed together, constitutes PII? (Choose two.)

Question29: Which of the following characteristics of a web proxy strengthens cybersecurity? (Choose two.)

Question30: Which of the following is a method of reconnaissance in which a ping is sent to a target with the expectation of receiving a response?

Question31: Nmap is a tool most commonly used to:

Question32: Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are MOST important for log integrity? (Choose two.)

Question33: A first responder notices a file with a large amount of clipboard information stored in it. Which part of the MITRE ATT&CK matrix has the responder discovered?

Question34: Detailed step-by-step instructions to follow during a security incident are considered:

Question35: An automatic vulnerability scan has been performed. Which is the next step of the vulnerability assessment process?