EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following BEST explains Platform as a Service?

Question2: Input validation is an important security defense because it:

Question3: A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?

Question4: A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?

Question5: Ann a new small business owner decides to implement WiFi access for her customers.
There are several other businesses nearby who also have WiFi hot spots. Ann is concerned about security of the wireless network and wants to ensure that only her customers have access. Which of the following choices BEST meets her intent of security and access?

Question6: A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?

Question7: A company replaces a number of devices with a mobile appliance, combining several functions.
Which of the following descriptions fits this new implementation? (Select TWO).

Question8: Which of the following delineates why it is important to perform egress filtering and monitoring on Internet connected security zones of interfaces on a firewall?

Question9: A security engineer, Joe, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate?

Question10: Joe is a helpdesk specialist. During a routine audit, a company discovered that his credentials were used while he was on vacation. The investigation further confirmed that Joe still has his badge and it was last used to exit the facility. Which of the following access control methods is MOST appropriate for preventing such occurrences in the future?

Question11: A security administrator working for a law enforcement organization is asked to secure a computer system at the scene of a crime for transport to the law enforcement forensic facility. In order to capture as mush evidence as possible, the computer system has been left running. The security administrator begins information by image which of the following system components FIRST?

Question12: An employee uses RDP to connect back to the office network. If RDP is misconfigured, which of the of the following security exposures would this lead to?

Question13: A web administrator has just implemented a new web server to be placed in production. As part of the company's security plan, any new system must go through a security test before it is placed in production. The security team runs a port scan resulting in the following data:
21 tcp open FTP
23 tcp open Telnet
22 tcp open SSH
25 UDP open smtp
110 tcp open pop3
443 tcp open https
Which of the following is the BEST recommendation for the web administrator?

Question14: Which of the following would MOST likely involve GPS?

Question15: A security administrator wants to check user password complexity. Which of the following is the BEST tool to use?

Question16: A security administrator determined that users within the company are installing unapproved software. Company policy dictates that only certain applications may be installed or ran on the user's computers without exception. Which of the following should the administrator do to prevent all unapproved software from running on the user's computer?

Question17: A security administrator looking through IDS logs notices the following entry: (where [email protected] and passwd= 'or 1==1') Which of the following attacks had the administrator discovered?

Question18: Several users' computers are no longer responding normally and sending out spam email to the users' entire contact list. This is an example of which of the following?

Question19: A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?

Question20: Which of the following BEST describes a demilitarized zone?

Question21: One of the senior managers at a company called the help desk to report to report a problem. The manager could no longer access data on a laptop equipped with FDE. The manager requested that the FDE be removed and the laptop restored from a backup. The help desk informed the manager that the recommended solution was to decrypt the hard drive prior to reinstallation and recovery. The senior manager did not have a copy of the private key associated with the FDE on the laptop. Which of the following tools or techniques did the help desk use to avoid losing the data on the laptop?

Question22: A company uses SSH to support internal users. They want to block external SSH connections from reaching internal machines. Which of the following should be blocked on the firewall?

Question23: A company's security administrator wants to manage PKI for internal systems to help reduce costs. Which of the following is the FIRST step the security administrator should take?

Question24: RC4 is a strong encryption protocol that is generally used with which of the following?

Question25: Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization?

Question26: Which of the following can be used to control specific commands that can be executed on a network infrastructure device?

Question27: A company hosts a web server that requires entropy in encryption initialization and authentication. To meet this goal, the company would like to select a block cipher mode of operation that allows an arbitrary length IV and supports authenticated encryption. Which of the following would meet these objectives?

Question28: After a recent breach, the security administrator performs a wireless survey of the corporate network. The security administrator notices a problem with the following output:
MACSSIDENCRYPTIONPOWERBEACONS
0 0:10:A1:36:12:CCMYCORPWPA2 CCMP601202
0 0:10:A1:49:FC:37MYCORPWPA2 CCMP709102
FB:90:11:42:FA:99MYCORPWPA2 CCMP403031
0 0:10:A1:AA:BB:CCMYCORPWPA2 CCMP552021
0 0:10:A1:FA:B1:07MYCORPWPA2 CCMP306044
Given that the corporate wireless network has been standardized, which of the following attacks is underway?

Question29: A Chief Executive Officer (CEO) is steering company towards cloud computing. The CEO is requesting a federated sign-on method to have users sign into the sales application.
Which of the following methods will be effective for this purpose?

Question30: Prior to leaving for an extended vacation, Joe uses his mobile phone to take a picture of his family in the house living room. Joe posts the picture on a popular social media site together with the message: "Heading to our two weeks vacation to Italy." Upon returning home, Joe discovers that the house was burglarized. Which of the following is the MOST likely reason the house was burglarized if nobody knew Joe's home address?

Question31: Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?

Question32: A bank has recently deployed mobile tablets to all loan officers for use at customer sites.
Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen?

Question33: Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?

Question34: One month after a software developer was terminated the helpdesk started receiving calls that several employees' computers were being infected with malware. Upon further research, it was determined that these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed the errant code. Which of the following attacks has taken place?

Question35: A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because the:

Question36: Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles?

Question37: The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Select TWO).

Question38: A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?

Question39: A company has identified a watering hole attack. Which of the following Best describes this type of attack?

Question40: An attacker has gained access to the company's web server by using the administrator's credentials. The attacker then begins to work on compromising the sensitive data on other servers. Which off the following BEST describes this type of attack?

Question41: The information security technician wants to ensure security controls are deployed and functioning as intended to be able to maintain an appropriate security posture. Which of the following security techniques is MOST appropriate to do this?

Question42: An organization has hired a penetration tester to test the security of its ten web servers.
The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future?

Question43: Company policy requires the use if passphrases instead if passwords. Which of the following technical controls MUST be in place in order to promote the use of passphrases?

Question44: A network administrator has recently updated their network devices to ensure redundancy is in place so that:

Question45: The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as:

Question46: An employee in the accounting department recently received a phishing email that instructed them to click a link in the email to view an important message from the IRS which threatened penalties if a response was not received by the end of the business day.
The employee clicked on the link and the machine was infected with malware. Which of the following principles BEST describes why this social engineering ploy was successful?

Question47: A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network.
Which of the following should the administrator implement?

Question48: A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net). Which of the following rules is preventing the CSO from accessing the site?
Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?

Question49: One of the servers on the network stops responding due to lack of available memory.
Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have BEST kept this incident from occurring?

Question50: Which of the following attacks targets high level executives to gain company information?

Question51: Ann, the security administrator, wishes to implement multifactor security. Which of the following should be implemented in order to compliment password usage and smart cards?

Question52: Which of the following is true about asymmetric encryption?

Question53: Ann, the network administrator, is receiving reports regarding a particular wireless network in the building. The network was implemented for specific machines issued to the developer department, but the developers are stating that they are having connection issues as well as slow bandwidth. Reviewing the wireless router's logs, she sees that devices not belonging to the developers are connecting to the access point. Which of the following would BEST alleviate the developer's reports?

Question54: Which of the following risks could IT management be mitigating by removing an all-in-one device?

Question55: Which of the following is the MOST secure protocol to transfer files?

Question56: A network consists of various remote sites that connect back to two main locations. Pete, the security administrator, needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal?

Question57: A security administrator must implement a network that is immune to ARP spoofing attacks.
Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques?

Question58: Which the following flags are used to establish a TCP connection? (Select TWO).

Question59: A systems administrator is configuring a new file server and has been instructed to configure writeable to by the department manager, and read only for the individual employee. Which of the following is the name for the access control methodology used?

Question60: A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with?

Question61: An employee finds a usb drive in the employee lunch room and plugs the drive into a shared workstation to determine who owns the drive. When the drive is inserted, a command prompt opens and a script begins to run. The employee notifies a technician who determines that data on a server have been compromised. This is an example of:

Question62: Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Pete implement to BEST achieve this goal?

Question63: While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations Acceptable Use Policy. Which of the following tool or technology would work BEST for obtaining more information on this traffic?

Question64: Which of the following ports would be blocked if Pete, a security administrator, wants to deny access to websites?

Question65: An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of the following describes how this private key should be stored so that it is protected from theft?

Question66: Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company?

Question67: The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO's requirements?

Question68: Which of the following is the term for a fix for a known software problem?

Question69: Configuring the mode, encryption methods, and security associations are part of which of the following?

Question70: An attacker unplugs the access point at a coffee shop. The attacker then runs software to make a laptop look like an access point and advertises the same network as the coffee shop normally does. Which of the following describes this type of attack?

Question71: Which of the following attack types is being carried out where a target is being sent unsolicited messages via Bluetooth?

Question72: The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO's direction but has mandated that key authentication systems be run within the organization's network. Which of the following would BEST meet the CIO and CRO's requirements?

Question73: A router was shut down as a result of a DoS attack. Upon review of the router logs, it was determined that the attacker was able to connect to the router using a console cable to complete the attack. Which of the following should have been implemented on the router to prevent this attack? (Select two)

Question74: A company executive's laptop was compromised, leading to a security breach. The laptop was placed into storage by a junior system administrator and was subsequently wiped and re-imaged. When it was determined that the authorities would need to be involved, there was little evidence to present to the investigators. Which of the following procedures could have been implemented to aid the authorities in their investigation?

Question75: Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure of the code, is BEST described as which of the following?

Question76: Joe a company's new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits. Which of the following should Joe recommend to remediate these issues?

Question77: A security technician is implementing PKI on a Network. The technician wishes to reduce the amount of bandwidth used when verifying the validity of a certificate. Which of the following should the technician implement?

Question78: A company's business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?

Question79: Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home. Joe is concerned that another patron of the coffee shop may be trying to access his laptop. Which of the following is an appropriate control to use to prevent the other patron from accessing Joe's laptop directly?

Question80: When an order was submitted via the corporate website, an administrator noted special characters (e.g., ";--" and "or 1=1 --") were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?

Question81: Each server on a subnet is configured to only allow SSH access from the administrator's workstation. Which of the following BEST describes this implementation?

Question82: A news and weather toolbar was accidently installed into a web browser. The toolbar tracks users online activities and sends them to a central logging server. Which of the following attacks took place?

Question83: Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would BEST fit her objective?

Question84: Which of the following provides the strongest authentication security on a wireless network?

Question85: Purchasing receives an automated phone call from a bank asking to input and verify credit card information. The phone number displayed on the caller ID matches the bank. Which of the following attack types is this?

Question86: Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10.
DIAGRAM
PC1 PC2
[192.168.1.30]--------[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]---------[10.2.2.10] LOGS
10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN
10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK
10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK
Given the above information, which of the following can be inferred about the above environment?

Question87: The security administrator installed a newly generated SSL certificate onto the company web server. Due to a misconfiguration of the website, a downloadable file containing one of the pieces of the key was available to the public. It was verified that the disclosure did not require a reissue of the certificate. Which of the following was MOST likely compromised?

Question88: The below report indicates that the system is MOST likely infected by which of the following?
Protocol LOCAL IP FOREIGN IP STATE
TCP 0.0.0:445 0.0.0.0:0 Listening
TCP 0.0.0.0:3390 0.0.0.0:0 Listening

Question89: A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity. Which of the following is the MOST likely cause?

Question90: Which of the following describes the implementation of PAT?

Question91: Mike, a user, states that he is receiving several unwanted emails about home loans. Which of the following is this an example of?

Question92: If an organization wants to implement a BYOD policy, which of the following administrative control policy considerations MUST be addressed? (Select two)

Question93: A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system.
Which of the following describes this cause?

Question94: Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company's network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement?

Question95: A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?

Question96: Which of the following allows an organization to store a sensitive PKI component with a trusted third party?

Question97: A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack?

Question98: A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening?

Question99: After disabling SSID broadcast, a network administrator still sees the wireless network listed in available networks on a client laptop. Which of the following attacks may be occurring?

Question100: a malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL. Which of the following is the attacker most likely utilizing?

Question101: Which of the following encrypts data a single bit at a time?

Question102: After installing a new Linux system the administrator runs a command that records the size, permissions, and MD5 sum of all the files on the system. Which of the following describes what the administrator is doing?

Question103: A security administrator would like to write an access rule to block the three IP addresses given below. Which of the following combinations should be used to include all of the given IP addresses?
192.168.12.255
192.168.12.227
192.168.12.229

Question104: Which of the following is described as an attack against an application using a malicious file?

Question105: A technician has been assigned a service request to investigate a potential vulnerability in the organization's extranet platform. Once the technician performs initial investigative measures, it is determined that the potential vulnerability was a false-alarm. Which of the following actions should the technician take in regards to the findings?

Question106: Which of the following should be used to implement voice encryption?

Question107: A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080?

Question108: The system administrator is reviewing the following logs from the company web server:
12:34:56 GET /directory_listing.php?user=admin&pass=admin1
12:34:57 GET /directory_listing.php?user=admin&pass=admin2
12:34:58 GET /directory_listing.php?user=admin&pass=1admin
12:34:59 GET /directory_listing.php?user=admin&pass=2admin
Which of the following is this an example of?

Question109: Joe, a security analyst, is attempting to determine if a new server meets the security requirements of his organization. As a step in this process, he attempts to identify a lack of security controls and to identify common misconfigurations on the server. Which of the following is Joe attempting to complete?

Question110: A security administrator needs to implement a system that detects possible intrusions based upon a vendor provided list. Which of the following BEST describes this type of IDS?

Question111: A security technician is concerned there4 is not enough security staff available the web servers and database server located in the DMZ around the clock. Which of the following technologies, when deployed, would provide the BEST round the clock automated protection?

Question112: Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain \. Which of the following tools would aid her to decipher the network traffic?

Question113: Which of the following explains the difference between a public key and a private key?

Question114: A security administrator is tasked with calculating the total ALE on servers. In a two year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company?

Question115: Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann's administrative capabilities. Which of the following systems should be deployed?

Question116: Which of the following is the LEAST volatile when performing incident response procedures?

Question117: Which of the following authentication services should be replaced with a more secure alternative?

Question118: Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?

Question119: A software developer wants to prevent stored passwords from being easily decrypted.
When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as:

Question120: An application developer has tested some of the known exploits within a new application.
Which of the following should the administrator utilize to test for unidentified faults or memory leaks?

Question121: A company has a BYOD policy that includes tablets and smart phones. In the case of a legal investigation, which of the following poses the greatest security issues?

Question122: A large bank has moved back office operations offshore to another country with lower wage costs in an attempt to improve profit and productivity. Which of the following would be a customer concern if the offshore staff had direct access to their data?

Question123: An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?

Question124: Which of the following is where an unauthorized device is found allowing access to a network?

Question125: Ann, a security administrator, has concerns regarding her company's wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be.
Which of the following would BEST alleviate Ann's concerns with minimum disturbance of current functionality for clients?

Question126: How must user accounts for exiting employees be handled?

Question127: Which of the following is a hardware based encryption device?

Question128: A large corporation has data centers geographically distributed across multiple continents.
The company needs to securely transfer large amounts of data between the data center.
The data transfer can be accomplished physically or electronically, but must prevent eavesdropping while the data is on transit. Which of the following represents the BEST cryptographic solution?

Question129: A security administrator is reviewing the below output from a password auditing tool:
P@ss.
@pW1.
S3cU4
Which of the following additional policies should be implemented based on the tool's output?

Question130: Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers.
Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?

Question131: An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts?

Question132: Ann a user has been promoted from a sales position to sales manager. Which of the following risk mitigation strategies would be MOST appropriate when a user changes job roles?

Question133: To protect corporate data on removable media, a security policy should mandate that all removable devices use which of the following?

Question134: Who should be contacted FIRST in the event of a security breach?

Question135: In an effort to test the effectiveness of an organization's security awareness training, a penetrator tester crafted an email and sent it to all of the employees to see how many of them clicked on the enclosed links. Which of the following is being tested?

Question136: A recent audit has revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO).

Question137: In order to prevent and detect fraud, which of the following should be implemented?

Question138: A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected?

Question139: Which of the following has a storage root key?

Question140: The security administrator is currently unaware of an incident that occurred a week ago.
Which of the following will ensure the administrator is notified in a timely manner in the future?

Question141: What is a system that is intended or designed to be broken into by an attacker?

Question142: Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?

Question143: Ann, a technician, wants to implement a single protocol on a remote server which will enable her to encrypt and proxy all of her traffic though the remote server via SOCKS5.
Which of the following should Ann enable to support both encryption and proxy services?

Question144: A malicious individual used an unattended customer service kiosk in a busy store to change the prices of several products. The alteration was not noticed until several days later and resulted in the loss of several thousand dollars for the store. Which of the following would BEST prevent this from occurring again?

Question145: Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies?

Question146: A company is preparing to decommission an offline, non-networked root certificate server.
Before sending the server's drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed. Which of the following, if implemented, would BEST reassure the CSO? (Select TWO).

Question147: A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system's services to the list of standard services on the company's system image. This review process depends on:

Question148: The security administrator is analyzing a user's history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user's history log shows evidence that the user attempted to escape the rootjail?

Question149: Which of the following is an example of multifactor authentication?

Question150: A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization?

Question151: A Security technician would like that to obscure sensitive data within a file so that can be transferred without causing suspicion. Which of the following technologies would BEST be suited to accomplish this?

Question152: Which of the following devices is used for the transparent security inspection of network traffic by redirecting user packets prior to sending the packets to the intended destination?

Question153: Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?

Question154: The programmer confirms that there is potential for a buffer overflow on one of the data input fields in a corporate application. The security analyst classifies this as a (N).

Question155: Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?

Question156: Ann would like to forward some Personal Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely?

Question157: Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?

Question158: During a disaster recovery planning session, a security administrator has been tasked with determining which threats and vulnerabilities pose a risk to the organization. Which of the following should the administrator rate as having the HIGHEST frequency of risk to the organization?

Question159: Ann, a security administrator, has been instructed to perform fuzz-based testing on the company's applications. Which of the following best describes what she will do?

Question160: Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers.
Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?

Question161: Which of the following was launched against a company based on the following IDS log?
122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET
/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAA
AAA HTTP/1.1" 200 2731 "http://www.company.com/cgibin/
forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)"

Question162: Which of the following devices will help prevent a laptop from being removed from a certain location?

Question163: Which of the following is a BEST practice when dealing with user accounts that will only need to be active for a limited time period?

Question164: Which of the following must be kept secret for a public key infrastructure to remain secure?

Question165: Account lockout is a mitigation strategy used by Jane, the administrator, to combat which of the following attacks? (Select TWO).

Question166: Which of the following types of attacks is based on coordinating small slices of a task across multiple systems?

Question167: The string:
'or 1=1-- -
Represents which of the following?

Question168: A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?

Question169: Joe, the security administrator, sees this in a vulnerability scan report:
'The server 10.1..2.232 is running Apache 2.2.20 which may be vulnerabel to a mod_cgi exploit." Joe verifies that mod_cgi module is not enabled on 10.1.2.232. This message is an example of

Question170: The security manager received a report that an employee was involved in illegal activity and has saved data to a workstation's hard drive. During the investigation, local law enforcement's criminal division confiscates the hard drive as evidence. Which of the following forensic procedures is involved?

Question171: Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks?

Question172: Which of the following BEST describes the weakness in WEP encryption?

Question173: A network administrator was to implement a solution that will allow authorized traffic, deny unauthorized traffic and ensure that appropriate ports are being used for a number of TCP and UDP protocols. Which of the following network controls would meet these requirements?

Question174: Which of the following application attacks is used to gain access to SEH?

Question175: An organization is implementing a password management application which requires that all local administrator passwords be stored and automatically managed. Auditors will be responsible for monitoring activities in the application by reviewing the logs. Which of the following security controls is the BEST option to prevent auditors from accessing or modifying passwords in the application?

Question176: An administrator needs to segment internal traffic between layer 2 devices within the LAN.
Which of the following types of network design elements would MOST likely be used?

Question177: Which of the following are MOST susceptible to birthday attacks?

Question178: Speaking a passphrase into a voice print analyzer is an example of which of the following security concepts?

Question179: Joe is the accounts payable agent for ABC Company. Joe has been performing accounts payable function for the ABC Company without any supervision. Management has noticed several new accounts without billing invoices that were paid. Which of the following is the BEST management option for review of the new accounts?

Question180: Attempting to inject 50 alphanumeric key strokes including spaces into an application input field that only expects four alpha characters in considered which of the following attacks?

Question181: Which of the following is considered an environmental control?

Question182: Ann, a security administrator is hardening the user password policies. She currently has the following in place.
Passwords expire every 60 days
Password length is at least eight characters
Passwords must contain at least one capital letter and one numeric character Passwords cannot be reused until the password has been changed eight times She learns that several employees are still using their original password after the 60-day forced change. Which of the following can she implement to BEST mitigate this?

Question183: Which of the following types of cloud computing would be MOST appropriate if an organization required complete control of the environment?

Question184: An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that automatically change every 30 seconds. Which of the following type of authentication mechanism is this?

Question185: A breach at a credit card company resulted in customers credit card information being exposed . The company has conducted a full forensic investigation and identified the source of the breach. Which of the following should the company do NEXT?

Question186: Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should Pete do NEXT?

Question187: At the outside break area, an employee, Ann, asked another employee to let her into the building because her badge is missing. Which of the following does this describe?

Question188: Sara, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Sara then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST?

Question189: Which of the following file systems is from Microsoft and was included with their earliest operating systems?

Question190: Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed.
Which of the following would be the BEST control to implement?

Question191: New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks?

Question192: Joe, the security administrator, has determined that one of his web servers is under attack.
Which of the following can help determine where the attack originated from?

Question193: Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. This concern relates to which of the following concepts?

Question194: Which of the following steps in incident response procedures entails of the incident and identification of knowledge gained that can be applied to future handling of incidents?