EMT Practice Test

1. Question Content...


Question List

Question1: A software development manager is running a project using agile development methods. The company
cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production
code on the project.
Which of the following methods could be used in addition to an integrated development environment to
reduce the severity of the issue?

Question2: A software development team has spent the last 18 months developing a new web-based front-end that
will allow clients to check the status of their orders as they proceed through manufacturing. The marketing
team schedules a launch party to present the new application to the client base in two weeks. Before the
launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing
direct access to a database used by manufacturing. The development team did not plan to remediate
these vulnerabilities during development. Which of the following SDLC best practices should the
development team have followed?

Question3: The Chief Information Security Officer (CISO) has asked the security team to determine whether the
organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is
possible. The CISO has asked what process would be utilized to gather the information, and then wants to
apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the
MOST appropriate ordered steps to take to meet the CISO's request?

Question4: Legal authorities notify a company that its network has been compromised for the second time in two
years. The investigation shows the attackers were able to use the same vulnerability on different systems
in both attacks. Which of the following would have allowed the security team to use historical information to
protect against the second attack?

Question5: A security engineer is deploying an IdP to broker authentication between applications. These applications
all utilize SAML 2.0 for authentication. Users log into the IdP with their credentials and are given a list of
applications they may access. One of the application's authentications is not functional when a user
initiates an authentication attempt from the IdP. The engineer modifies the configuration so users browse
to the application first, which corrects the issue. Which of the following BEST describes the root cause?

Question6: The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant
metrics. The board of directors will use the dashboard to monitor and track the overall security posture of
the organization. The CIO produces a basic report containing both KPI and KRI data in two separate
sections for the board to review.
Which of the following BEST meets the needs of the board?

Question7: At a meeting, the systems administrator states the security controls a company wishes to implement seem
excessive, since all of the information on the company's web servers can be obtained publicly and is not
proprietary in any way. The next day the company's website is defaced as part of an SQL injection attack,
and the company receives press inquiries about the message the attackers displayed on the website.
Which of the following is the FIRST action the company should take?

Question8: A company's chief cybersecurity architect wants to configure mutual authentication to access an internal
payroll website. The architect has asked the administration team to determine the configuration that would
provide the best defense against MITM attacks. Which of the following implementation approaches would
BEST support the architect's goals?

Question9: A security administrator wants to allow external organizations to cryptographically validate the company's
domain name in email messages sent by employees. Which of the following should the security
administrator implement?

Question10: With which of the following departments should an engineer for a consulting firm coordinate when
determining the control and reporting requirements for storage of sensitive, proprietary customer
information?

Question11: A technician is validating compliance with organizational policies. The user and machine accounts in the
AD are not set to expire, which is non-compliant. Which of the following network tools would provide this
type of information?

Question12: A security engineer has been hired to design a device that will enable the exfiltration of data from within a
well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS
in place, as well as allow for the upload of commands from a centralized command and control answer.
The total cost of the device must be kept to a minimum in case the device is discovered during an
assessment. Which of the following tools should the engineer load onto the device being designed?

Question13: The risk subcommittee of a corporate board typically maintains a master register of the most prominent
risks to the company. A centralized holistic view of risk is particularly important to the corporate Chief
Information Security Officer (CISO) because:

Question14: A security engineer is working with a software development team. The engineer is tasked with ensuring all
security requirements are adhered to by the developers.
Which of the following BEST describes the contents of the supporting document the engineer is creating?

Question15: An organization's network engineering team recently deployed a new software encryption solution to
ensure the confidentiality of data at rest, which was found to add 300ms of latency to data read-write
requests in storage, impacting business operations.
Which of the following alternative approaches would BEST address performance requirements while
meeting the intended security objective?

Question16: A security analyst who is concerned about sensitive data exfiltration reviews the following:

Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?

Question17: A recent assessment identified that several users' mobile devices are running outdated versions of
endpoint security software that do not meet the company's security policy. Which of the following should be
performed to ensure the users can access the network and meet the company's security requirements?

Question18: A database administrator is required to adhere to and implement privacy principles when executing daily
tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an
organization's systems to the greatest extent possible.
Which of the following principles is being demonstrated?

Question19: A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the
following command:
dd if=/dev/ram of=/tmp/mem/dmp
The analyst then reviews the associated output:
^34^#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/bin/bash^21^03#45
However, the analyst is unable to find any evidence of the running shell.
Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?

Question20: A web developer has implemented HTML5 optimizations into a legacy web application. One of the
modifications the web developer made was the following client side optimization:
localStorage.setItem("session-cookie", document.cookie);
Which of the following should the security engineer recommend?

Question21: A security architect is determining the best solution for a new project. The project is developing a new
intranet with advanced authentication capabilities, SSO for users, and automated provisioning to
streamline Day 1 access to systems. The security architect has identified the following requirements:
1. Information should be sourced from the trusted master data source.
2. There must be future requirements for identity proofing of devices and users.
3. A generic identity connector that can be reused must be developed.
4. The current project scope is for internally hosted applications only.
Which of the following solution building blocks should the security architect use to BEST meet the
requirements?

Question22: An organization is in the process of integrating its operational technology and information technology
areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use
of resources during change windows, better protection of critical infrastructure, and the ability to respond to
incidents. The following observations have been identified:
1. The ICS supplier has specified that any software installed will result in lack of support.
2. There is no documented trust boundary defined between the SCADA and corporate networks.
3. Operational technology staff have to manage the SCADA equipment via the engineering workstation.
4. There is a lack of understanding of what is within the SCADA network.
Which of the following capabilities would BEST improve the security position?

Question23: A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot
remote hosts but not perform other activities. The analyst inspects the following portions of different
configuration files:
Configuration file 1:
Operator ALL=/sbin/reboot
Configuration file 2:
Command="/sbin/shutdown now", no-x11-forwarding, no-pty, ssh-dss
Configuration file 3:
Operator:x:1000:1000::/home/operator:/bin/bash
Which of the following explains why an intended operator cannot perform the intended action?

Question24: A security controls assessor intends to perform a holistic configuration compliance test of networked
assets. The assessor has been handed a package of definitions provided in XML format, and many of the
files have two common tags within them: "<object object_ref=... />"and "<state state_ref=...
/>".Which of the following tools BEST supports the use of these definitions?

Question25: An organization has established the following controls matrix:

The following control sets have been defined by the organization and are applied in aggregate fashion:
Systems containing PII are protected with the minimum control set.

Systems containing medical data are protected at the moderate level.

Systems containing cardholder data are protected at the high level.

The organization is preparing to deploy a system that protects the confidentially of a database containing
PII and medical data from clients. Based on the controls classification, which of the following controls
would BEST meet these requirements?

Question26: Which of the following describes a contract that is used to define the various levels of maintenance to be
provided by an external business vendor in secure environment?

Question27: An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the
final negotiations, there are a number of outstanding issues, including:
1. Indemnity clauses have identified the maximum liability
2. The data will be hosted and managed outside of the company's geographical location
The number of users accessing the system will be small, and no sensitive data will be hosted in the
solution. As the security consultant on the project, which of the following should the project's security
consultant recommend as the NEXT step?

Question28: A security analyst has requested network engineers integrate sFlow into the SOC's overall monitoring
picture. For this to be a useful addition to the monitoring capabilities, which of the following must be
considered by the engineering team?

Question29: A government organization operates and maintains several ICS environments. The categorization of one of
the ICS environments led to a moderate baseline. The organization has complied a set of applicable
security controls based on this categorization.
Given that this is a unique environment, which of the following should the organization do NEXT to
determine if other security controls should be considered?

Question30: An internal staff member logs into an ERP platform and clicks on a record. The browser URL changes to:
URL: http://192.168.0.100/ERP/accountId=5&action=SELECT
Which of the following is the MOST likely vulnerability in this ERP platform?

Question31: A hospital uses a legacy electronic medical record system that requires multicast for traffic between the
application servers and databases on virtual hosts that support segments of the application. Following a
switch upgrade, the electronic medical record is unavailable despite physical connectivity between the
hypervisor and the storage being in place. The network team must enable multicast traffic to restore
access to the electronic medical record. The ISM states that the network team must reduce the footprint of
multicast traffic on the network.

Using the above information, on which VLANs should multicast be enabled?

Question32: After embracing a BYOD policy, a company is faced with new security challenges from unmanaged mobile
devices and laptops. The company's IT department has seen a large number of the following incidents:
Duplicate IP addresses

Rogue network devices

Infected systems probing the company's network

Which of the following should be implemented to remediate the above issues? (Choose two.)

Question33: A security engineer is attempting to increase the randomness of numbers used in key generation in a
system. The goal of the effort is to strengthen the keys against predictive analysis attacks.
Which of the following is the BEST solution?

Question34: During a security assessment, activities were divided into two phases; internal and external exploitation.
The security assessment team set a hard time limit on external activities before moving to a compromised
box within the enterprise perimeter.
Which of the following methods is the assessment team most likely to employ NEXT?

Question35: A security architect is implementing security measures in response to an external audit that found
vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to
provide confidentiality for electronic correspondence between users and between users and group
mailboxes. Which of the following controls would BEST mitigate the identified vulnerability?

Question36: A systems administrator has installed a disk wiping utility on all computers across the organization and
configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The
company has also instituted a policy that requires users to erase files containing sensitive information
when they are no longer needed.
To ensure the process provides the intended results, an auditor reviews the following content from a
randomly selected decommissioned hard disk:

Which of the following should be included in the auditor's report based on the above findings?

Question37: Click on the exhibit buttons to view the four messages.





A security architect is working with a project team to deliver an important service that stores and processes
customer banking details. The project, internally known as ProjectX, is due to launch its first set of features
publicly within a week, but the team has not been able to implement encryption-at-rest of the customer
records. The security architect is drafting an escalation email to senior leadership.
Which of the following BEST conveys the business impact for senior leadership?

Question38: A security engineer is attempting to convey the importance of including job rotation in a company's
standard security policies. Which of the following would be the BEST justification?

Question39: A security incident responder discovers an attacker has gained access to a network and has overwritten
key system files with backdoor software. The server was reimaged and patched offline. Which of the
following tools should be implemented to detect similar attacks?

Question40: Which of the following BEST represents a risk associated with merging two enterprises during an
acquisition?

Question41: Providers at a healthcare system with many geographically dispersed clinics have been fined five times
this year after an auditor received notice of the following SMS messages:

Which of the following represents the BEST solution for preventing future fines?

Question42: Company.org has requested a black-box security assessment be performed on key cyber terrain. On area
of concern is the company's SMTP services. The security assessor wants to run reconnaissance before
taking any additional action and wishes to determine which SMTP server is Internet-facing.
Which of the following commands should the assessor use to determine this information?

Question43: A medical device company is implementing a new COTS antivirus solution in its manufacturing plant. All
validated machines and instruments must be retested for interoperability with the new software.
Which of the following would BEST ensure the software and instruments are working as designed?

Question44: An organization is currently working with a client to migrate data between a legacy ERP system and a
cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is
performing data deduplication and sanitization of client data to ensure compliance with regulatory
requirements. Which of the following is the MOST likely reason for the need to sanitize the client data?

Question45: The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged
access may be reading other users' emails. Review of a tool's output shows the administrators have used
web mail to log into other users' inboxes.
Which of the following tools would show this type of output?

Question46: Developers are working on anew feature to add to a social media platform. Thew new feature involves
users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned
about various types of abuse that might occur due to this new feature. The DPO state the new feature
cannot be released without addressing the physical safety concerns of the platform's users. Which of the
following controls would BEST address the DPO's concerns?

Question47: A security consultant is attempting to discover if the company is utilizing databases on client machines to
store the customer data. The consultant reviews the following information:

Which of the following commands would have provided this output?

Question48: After a large organization has completed the acquisition of a smaller company, the smaller company must
implement new host-based security controls to connect its employees' devices to the network. Given that
the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should
the security administrator do to integrate the new employees' devices into the network securely?

Question49: A system owner has requested support from data owners to evaluate options for the disposal of equipment
containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via
logical means or physically destroyed. Which of the following factors is the regulation intended to address?

Question50: To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200
vulnerabilities on production servers to be remediated. The security engineer must determine which
vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the
most dangerous risks. The CISO wants the security engineer to act in the same manner as would an
external threat, while using vulnerability scan results to prioritize any actions. Which of the following
approaches is described?

Question51: Ann, a member of the finance department at a large corporation, has submitted a suspicious email she
received to the information security team. The team was not expecting an email from Ann, and it contains a
PDF file inside a ZIP compressed archive. The information security learn is not sure which files were
opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a
social engineering attempt to deliver an exploit.
Which of the following would provide greater insight on the potential impact of this attempted attack?

Question52: A security analyst is inspecting pseudocode of the following multithreaded application:
1. perform daily ETL of data
1.1 validate that yesterday's data model file exists
1.2 validate that today's data model file does not exist
1.2 extract yesterday's data model
1.3 transform the format
1.4 load the transformed data into today's data model file
1.5 exit
Which of the following security concerns is evident in the above pseudocode?

Question53: Given the following output from a security tool in Kali:

Question54: A security manager recently categorized an information system. During the categorization effort, the
manager determined the loss of integrity of a specific information type would impact business significantly.
Based on this, the security manager recommends the implementation of several solutions. Which of the
following, when combined, would BEST mitigate this risk? (Select TWO.)

Question55: A newly hired security analyst has joined an established SOC team. Not long after going through corporate
orientation, a new attack method on web-based applications was publicly revealed. The security analyst
immediately brings this new information to the team lead, but the team lead is not concerned about it.
Which of the following is the MOST likely reason for the team lead's position?

Question56: An organization enables BYOD but wants to allow users to access the corporate email, calendar, and
contacts from their devices. The data associated with the user's accounts is sensitive, and therefore, the
organization wants to comply with the following requirements:
Active full-device encryption

Enabled remote-device wipe

Blocking unsigned applications

Containerization of email, calendar, and contacts

Which of the following technical controls would BEST protect the data from attack or loss and meet the
above requirements?

Question57: The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesets
faster, prior to new rules being released by IDS vendors. Which of the following BEST meets this
objective?

Question58: A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6
traffic originating from a client, even though IPv6 is not currently in use. The client is a stand-alone device,
not connected to the AD that manages a series of SCADA devices used for manufacturing. Which of the
following is the appropriate command to disable the client's IPv6 stack?
A:

B:

C:

D:

Question59: A project manager is working with a team that is tasked to develop software applications in a structured
environment and host them in a vendor's cloud-based infrastructure. The organization will maintain
responsibility for the software but will not manage the underlying server applications. Which of the following
does the organization plan to leverage?

Question60: A recent CRM upgrade at a branch office was completed after the desired deadline. Several technical
issues were found during the upgrade and need to be discussed in depth before the next branch office is
upgraded.
Which of the following should be used to identify weak processes and other vulnerabilities?

Question61: An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietary
data.

Based on the data classification table above, which of the following BEST describes the overall
classification?

Question62: During a security assessment, an organization is advised of inadequate control over network
segmentation. The assessor explains that the organization's reliance on VLANs to segment traffic is
insufficient to provide segmentation based on regulatory standards. Which of the following should the
organization consider implementing along with VLANs to provide a greater level of segmentation?

Question63: The legal department has required that all traffic to and from a company's cloud-based word processing
and email system is logged. To meet this requirement, the Chief Information Security Officer (CISO) has
implemented a next-generation firewall to perform inspection of the secure traffic and has decided to use a
cloud-based log aggregation solution for all traffic that is logged.
Which of the following presents a long-term risk to user privacy in this scenario?

Question64: The government is concerned with remote military missions being negatively being impacted by the use of
technology that may fail to protect operational security. To remediate this concern, a number of solutions
have been implemented, including the following:
End-to-end encryption of all inbound and outbound communication, including personal email and chat

sessions that allow soldiers to securely communicate with families.
Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and

443 and approved applications
A host-based whitelist of approved websites and applications that only allow mission-related tools and

sites
The use of satellite communication to include multiple proxy servers to scramble the source IP address

Which of the following is of MOST concern in this scenario?

Question65: A deployment manager is working with a software development group to assess the security of a new
version of the organization's internally developed ERP tool. The organization prefers to not perform
assessment activities following deployment, instead focusing on assessing security throughout the life
cycle. Which of the following methods would BEST assess the security of the product?

Question66: Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The
CISO is very concerned about the response time to the previous breach and wishes to know how the
security team expects to react to a future attack. Which of the following is the BEST method to achieve this
goal while minimizing disruption?

Question67: A managed service provider is designing a log aggregation service for customers who no longer want to
manage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to
them, and that log files could contain very sensitive entries. Customers have indicated they want on-
premises and cloud-based infrastructure logs to be stored in this new service. An engineer, who is
designing the new service, is deciding how to segment customers.
Which of the following is the BEST statement for the engineer to take into consideration?

Question68: Given the following output from a local PC:

Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet
website?

Question69: Security policies that are in place at an organization prohibit USB drives from being utilized across the
entire enterprise, with adequate technical controls in place to block them. As a way to still be able to work
from various locations on different computing resources, several sales staff members have signed up for a
web-based storage solution without the consent of the IT department. However, the operations department
is required to use the same service to transmit certain business partner documents.
Which of the following would BEST allow the IT department to monitor and control this behavior?

Question70: While attending a meeting with the human resources department, an organization's information security
officer sees an employee using a username and password written on a memo pad to log into a specific
service. When the information security officer inquires further as to why passwords are being written down,
the response is that there are too many passwords to remember for all the different services the human
resources department is required to use.
Additionally, each password has specific complexity requirements and different expiration time frames.
Which of the following would be the BEST solution for the information security officer to recommend?

Question71: An information security manager is concerned that connectivity used to configure and troubleshoot critical
network devices could be attacked. The manager has tasked a network security engineer with meeting the
following requirements:
Encrypt all traffic between the network engineer and critical devices.

Segregate the different networking planes as much as possible.

Do not let access ports impact configuration tasks.

Which of the following would be the BEST recommendation for the network security engineer to present?

Question72: A company has created a policy to allow employees to use their personally owned devices. The Chief
Information Officer (CISO) is getting reports of company data appearing on unapproved forums and an
increase in theft of personal electronic devices.
Which of the following security controls would BEST reduce the risk of exposure?

Question73: Given the code snippet below:

Which of the following vulnerability types in the MOST concerning?

Question74: An engineer maintains a corporate-owned mobility infrastructure, and the organization requires that all web
browsing using corporate-owned resources be monitored. Which of the following would allow the
organization to meet its requirement? (Choose two.)

Question75: A security architect has been assigned to a new digital transformation program. The objectives are to
provide better capabilities to customers and reduce costs. The program has highlighted the following
requirements:
1. Long-lived sessions are required, as users do not log in very often.
2. The solution has multiple SPs, which include mobile and web applications.
3. A centralized IdP is utilized for all customer digital channels.
4. The applications provide different functionality types such as forums and customer portals.
5. The user experience needs to be the same across both mobile and web-based applications.
Which of the following would BEST improve security while meeting these requirements?

Question76: A company has gone through a round of phishing attacks. More than 200 users have had their workstation
infected because they clicked on a link in an email. An incident analysis has determined an executable ran
and compromised the administrator account on each workstation. Management is demanding the
information security team prevent this from happening again.
Which of the following would BEST prevent this from happening again?

Question77: An organization's Chief Financial Officer (CFO) was the target of several different social engineering
attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer
(CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO's
inbox from a familiar name with an attachment. Which of the following should the CISO task a security
analyst with to determine whether or not the attachment is safe?

Question78: A newly hired systems administrator is trying to connect a new and fully updated, but very customized,
Android device to access corporate resources. However, the MDM enrollment process continually fails.
The administrator asks a security team member to look into the issue. Which of the following is the MOST
likely reason the MDM is not allowing enrollment?

Question79: An agency has implemented a data retention policy that requires tagging data according to type before
storing it in the data repository. The policy requires all business emails be automatically deleted after two
years. During an open records investigation, information was found on an employee's work computer
concerning a conversation that occurred three years prior and proved damaging to the agency's
reputation. Which of the following MOST likely caused the data leak?

Question80: A security engineer is embedded with a development team to ensure security is built into products being
developed. The security engineer wants to ensure developers are not blocked by a large number of
security requirements applied at specific schedule points.
Which of the following solutions BEST meets the engineer's goal?

Question81: A user asks a security practitioner for recommendations on securing a home network. The user recently
purchased a connected home assistant and multiple IoT devices in an effort to automate the home. Some
of the IoT devices are wearables, and other are installed in the user's automobiles. The current home
network is configured as a single flat network behind an ISP-supplied router. The router has a single IP
address, and the router performs NAT on incoming traffic to route it to individual devices.
Which of the following security controls would address the user's privacy concerns and provide the BEST
level of security for the home network?

Question82: After investigating virus outbreaks that have cost the company $1000 per incident, the company's Chief
Information Security Officer (CISO) has been researching new antivirus software solutions to use and be
fully supported for the next two years. The CISO has narrowed down the potential solutions to four
candidates that meet all the company's performance and capability requirements:

Using the table above, which of the following would be the BEST business-driven choice among five
possible solutions?

Question83: An organization just merged with an organization in another legal jurisdiction and must improve its network
security posture in ways that do not require additional resources to implement data isolation. One
recommendation is to block communication between endpoint PCs. Which of the following would be the
BEST solution?

Question84: A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside
cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the
following:
High-impact controls implemented: 6 out of 10

Medium-impact controls implemented: 409 out of 472

Low-impact controls implemented: 97 out of 1000

The report includes a cost-benefit analysis for each control gap. The analysis yielded the following
information:
Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control

gap: $95,000
Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impact

control gap: $11,000
Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of
the medium-impact controls will take two years to fully implement. Which of the following conclusions could
the CISO draw from the analysis?

Question85: A software development team is conducting functional and user acceptance testing of internally developed
web applications using a COTS solution. For automated testing, the solution uses valid user credentials
from the enterprise directory to authenticate to each application. The solution stores the username in plain
text and the corresponding password as an encoded string in a script within a file, located on a globally
accessible network share. The account credentials used belong to the development team lead. To reduce
the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following
are the BEST actions to take? (Choose two.)

Question86: A company has adopted and established a continuous-monitoring capability, which has proven to be
effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the
likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle.
Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)

Question87: A systems administrator at a medical imaging company discovers protected health information (PHI) on a
general purpose file server. Which of the following steps should the administrator take NEXT?

Question88: A security analyst is reviewing the following company requirements prior to selecting the appropriate
technical control configuration and parameter:
RTO: 2 days
RPO: 36 hours
MTTR: 24 hours
MTBF: 60 days
Which of the following solutions will address the RPO requirements?

Question89: A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which
of the following activities would be MOST appropriate?

Question90: A systems security engineer is assisting an organization's market survey team in reviewing requirements
for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about
a particular class of devices that uses a separate SoC for baseband radio I/O. For which of the following
reasons is the engineer concerned?

Question91: An administrator has noticed mobile devices from an adjacent company on the corporate wireless network.
Malicious activity is being reported from those devices. To add another layer of security in an enterprise
environment, an administrator wants to add contextual authentication to allow users to access enterprise
resources only while present in corporate buildings. Which of the following technologies would accomplish
this?

Question92: Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access
to them. Ann emails her previous manager and asks to get her personal photos back.
Which of the following BEST describes how the manager should respond?

Question93: Two competing companies experienced similar attacks on their networks from various threat actors. To
improve response times, the companies wish to share some threat intelligence about the sources and
methods of attack. Which of the following business documents would be BEST to document this
engagement?

Question94: Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities be
conducted during incident response planning:
Involve business owners and stakeholders

Create an applicable scenario

Conduct a biannual verbal review of the incident response plan

Report on the lessons learned and gaps identified

Which of the following exercises has the CEO requested?