EMT Practice Test

1. Question Content...


Question List

Question1: A buffer overflow can result in:

Question2: A security analyst is reviewing the logs from a NGFWs automated correlation engine and sees the following:

Which of the following should the analyst perform fiRST?

Question3: Which of the following BEST explains how the use of configuration templates reduces organization risk?

Question4: Given the following output:
Which of the following BEST describes the scanned environment?

Question5: A company uses WPA2-PSK, and it appears there are multiple unauthorized connected to the wireless network. A technician suspects this is because the wireless passwords has been shared with unauthorized individuals. Which of the following should the technician implement to BEST reduce the risk of this happening in the future?

Question6: The application team within a company is asking the security team to investigate why its application is slow after an upgrade. The source of the team's application is 10.13.136.9. and the destination IP is 10.17.36.5. The security analyst pulls the logs from the endpoint security software but sees nothing is being blocked. The analyst then looks at the UTM firewall logs and sees the following:

Which of the following should the security analyst request NEXT based on the UTM firewall analysis?

Question7: Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

Question8: A systems administrator wants to secure a backup environment so backups are less prone to ransomware attacks. The administrator would like to have a fully isolated set of backups. Which of the following would be the MOST secure option for the administrator to Implement?

Question9: A company has a backup site with equipment on site without any dat
a. This is an example of:

Question10: A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the administrator use?

Question11: A security analyst has identified malware that is propagating automatically to multiple systems on the network. Which of the following types of malware is MOST likely impacting the network?

Question12: A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Question13: A company needs to fix some audit findings related to its physical security. A key finding was that multiple people could physically enter a location at the same time. Which of the following is the BEST control to address this audit finding?

Question14: A company is looking for an all-in-one solution to provide identification authentication, authorization, and accounting services. Which of the following technologies should the company use?

Question15: Which of the following security controls BEST mitigates social engineering attacks?

Question16: A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the requirements are:
* Employees must provide an alternate work location (i.e., a home address).
* Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed.
Which of the following BEST describes the MDM options the company is using?

Question17: Which of the following BEST explains why a development environment should have the same database server secure baseline that exists in production even if there is no PII in the database?

Question18: An administrator is disposing of media that contains sensitive information. Which of the following will provide the MOST effective method to dispose of the media while ensuring the data will be unrecoverable?

Question19: A security engineer is analyzing the following line of JavaScript code that was found in a comment field on a web forum, which was recently involved in a security breach:
<script src=http://gotcha.com/hackme.js></script>
Given the line of code above, which of the following BEST represents the attack performed during the breach?

Question20: A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization's vulnerabilities.
Which of the following would BEST meet this need?

Question21: Which of the following algorithms would be used to provide non-repudiation of a file transmission?

Question22: Employees receive a benefits enrollment email from the company's human resources department at the beginning of each year. Several users have reported receiving the email but are unable to log in to the website with their usernames and passwords. Users who enter the URL for the human resources website can log in without issue. Which of the following security issues is occurring?

Question23: An incident responder is preparing to acquire images and files from a workstation that has been compromised. The workstation is still powered on and running. Which of the following should be acquired LAST?

Question24: Which of the following agreement types is a non-contractual agreement between two or more parties and outlines each party's requirements and responsibilities?

Question25: A user's laptop is being analyzed Because malware was discovered. The forensics analyst has taken the laptop off the corporate network. Following order of volatility, which of the following actions should be performed fiRST?

Question26: Which of the following is a security consideration for IoT devices?

Question27: Staff members of an organization received an email message from the Chief Executive Officer (CEO) asking them for an urgent meeting in the main conference room. When the staff assembled, they learned the message received was not actually from the CEO. Which of the following BEST represents what happened?

Question28: An organization handling highly confidential information needs to update its systems. Which of the following is the BEST method to prevent data compromise?

Question29: A security administrator is adding a NAC requirement for all VPN users to ensure the co requirement?

Question30: Which of the following implements two-factor authentication on a VPN?

Question31: A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are:
* www company com (mam website)
* contactus company com (for locating a nearby location)
* quotes company com (for requesting a price quote)
The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com. Which of the following certificate types would BEST meet the requirements?

Question32: Which of the following BEST explains why sandboxing is a best practice for testing software from an untrusted vendor prior to an enterprise deployment?

Question33: Which of the following is the primary reason for implementing layered security measures in a cyber security architecture?

Question34: An analyst is reviewing the following web-server log after receiving an alert from the DLP system about multiple PII records being transmitted in cleartext:

Which of the following IP addresses in MOST likely involved in the data leakage attempt?

Question35: A security technician has been given the task of preserving emails that are potentially involved in a dispute between a company and a contractor.
Which of the following BEST describes this forensic concept?

Question36: An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware; however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts?

Question37: In highly secure environments where the risk of malicious actors attempting to steal data is high, which of the following is the BEST reason to deploy Faraday cages?

Question38: Which of the following policies would help an organization identify and mitigate potential single points of failure in the company's IT/security operations?

Question39: An attacker has gathered information about a company employee by obtaining publicly available information from the Internet and social networks. Which of the following types of activity is the attacker performing?

Question40: A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

Question41: A security administrator begins assessing a network with software that checks for available exploits against a known database using both credentials and external scripts A report will be compiled and used to confirm patching levels This is an example of

Question42: A security administrator has been tasked with implementing controls that meet management goals. Drag and drop the appropriate control used to accomplish the account management goal. Options may be used once or not at all.

Question43: A security analyst is investigating a security breach involving the loss of sensitive dat a. A user passed the information through social media as vacation photos. Which of the following methods was used to encode the data?

Question44: A systems administrator wants to replace the process of using a CRL to verify certificate validity. Frequent downloads are becoming problematic. Which of the following would BEST suit the administrator's needs?

Question45: Which of the following is the purpose of an industry-standard framework?

Question46: A security engineer needs to build a solution to satisfy regulatory requirements that state certain critical server must be accessed using MFA.
However, the critical servers are older and are unable to support the addition of MFA. Which of the following will the engineer MOST likely use to achieve this objective?

Question47: A company is implementing a tool to mask all PII when moving data from a production server to a testing server. Which of the following security techniques is the company applying?

Question48: When building a hosted datacenter. Which of the following is the MOST important consideration for physical security within the datacenter?

Question49: The exploitation of a buffer-overrun vulnerability in an application will MOST likely lead to:

Question50: Which of the following would have the GREATEST impact on the supporting, database server if input handling is not properly implemented on a web application?

Question51: A security engineer needs to obtain a recurring log of changes to system files. The engineer is most concerned with detecting unauthorized changes to system dat a. Which of the following tools can be used to fulfill the requirements that were established by the engineer?

Question52: Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

Question53: A systems engineer is configuring a wireless network. The network must not require installation of third-party software. Mutual authentication of the client and the server must be used. The company has an internal PKI. Which of the following configuration should the engineer choose?

Question54: An organization is struggling to differentiate threats from normal traffic and access to systems A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in Identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?

Question55: A company recently updated its website to increase sales. The new website uses PHP forms for leads and provides a directory with sales staff and their phone numbers. A systems administrator is concerned about the new website and provides the following log to support the concern:

Which of the following is the systems administrator MOST likely to suggest to the Chief Information Security Officer (CISO) based on the above?

Question56: An organization is looking to build its second head office in another city. which has a history of flooding with an average of two floods every 'I00 years. The estimated building cost is $1 million. and the estimated damage due to flooding is half of the buildings cost. Given this information, which of the following is the SLE?'

Question57: An organization requires that all workstations he issued client computer certificates from the organization's PKI. Which of the following configurations should be implemented?

Question58: Joe, an employee, asks a coworker how long ago Ann started working at the help desk. The coworker expresses surprise since nobody named Ann works at the help desk. Joe mentions that Ann called several people in the customer service department 10 help reset their passwords over the phone due to unspecified "server issues.' Which of the following has occurred?

Question59: A user attempts to send an email to an external domain and quickly receives a bounce-back message. The user then contacts the help desk stating the message is important and needs to be delivered immediately. While digging through the email logs, a systems administrator finds the email and bounce-back details:
Your email has been rejected because It appears to contain SSN Information. Sending SSN information via email external recipients violates company policy.
Which of the following technologies successfully stopped the email from being sent?

Question60: A security analyst recommends implementing SSL for an existing web service. A technician installs the SSL certificate and successfully tests the connection on the server Soon after, the help desk begins receiving calls from users who are unable to log in After further investigation, it becomes clear that no users have successfully logged in since the certificate installation. Which of the following is MOST likely the issue?

Question61: During a penetration test, Joe, an analyst, contacts the target's service desk Impersonating a user, he attempts to obtain assistance with resetting an email password. Joe claims this needs to be done as soon as possible, as he is the vice president of sales and does not want to contact the Chief Operations Officer (COO) for approval, since the COO is on vacation. When challenged. Joe reaffirms that he needs this done immediately, and threatens to contact the service desk supervisor over the issue. Which of the following social engineering principles is Joe employing in this scenario'? (Select TWO).

Question62: Which of the following BEST describes why an air gap is a useful security control?

Question63: A hospital has received reports from multiple patients that their PHI was stolen after completing forms on the hospital's website. Upon investigation, the hospital finds a packet analyzer was used to steal dat a. Which of the following protocols would prevent this attack from reoccurring?

Question64: A security analyst has recently deployed an MDM solution that requires biometric authentication for company-issued smartphones As the solution was implemented the help desk has seen a dramatic increase in calls by employees frustrated that company-issued phones take several attempts to unlock using the fingerprint scanner Which of the following should be reviewed to mitigate this problem?

Question65: Which of the following attacks is used to capture the WPA2 handshake?

Question66: A developer is creating a new web application on a public cloud platform and wants to ensure the application can respond to increase in load while minimizing costs during periods of low usage. Which of the following strategies is MOST relevant to the use-case?

Question67: A network administrator was provided the following output from a vulnerability scan.

The network administrator has been instructed to prioritize remediation efforts based on overall risk to the enterprise Which of the following plugin IDs should be remediated fiRST?

Question68: Which of the following is the MOST likely motivation for a script kiddie threat actor?

Question69: An organization is setting up a satellite office and wishes to extend the corporate network to the new site. Which of the following is the BEST solution to allow the users to access corporate resources while focusing on usability and security?

Question70: An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

Question71: A company recently experienced a security breach. The security start determined that the intrusion was due to an out-of-date proprietary software program running on a non-compliant server The server was imaged and copied onto a hardened VM. with the previous connections re-established. Which of the Mowing Is the NEXT step in the incident response process?

Question72: Given the following:
> md5.exe filel.txt
> ADIFAB103773DC6A1E6021B7E503A210
> md5.exe file2.txt
> ADIFAB103773DC6A1E602lB7E503A210
Which of the following concepts of cryptography is shown?

Question73: An attacker is able to capture the payload for the following packet:
IP 192.168.1.22:2020 10.10.10.5:443
IP 192.166.1.10:1030 10.10.10.1:21
IP 192.168.1.57:5217 10.10.10.1:3389
During an investigation, an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company. Which of the following is the MOST likely reason?

Question74: Ann. a user, reports she is receiving emails that appear to be from organizations to which she belong. Put me emails contain links to websites that do not belong to those organizations. Which of the following security scenarios does this describe?

Question75: A security analyst is reviewing the password policy for a service account that is used for a critical network service. The password policy for this account is as follows:
Enforce password history: Three passwords remembered
Maximum password age?: 30 days
Minimum password age: Zero days
Complexity requirements: At least one special character, one uppercase
Minimum password length: Seven characters
Lockout duration: One day
Lockout threshold: five failed attempts in 15 minutes
Which of the following adjustments would be the MOST appropriate for the service account?

Question76: A government contracting company Issues smartphones lo employees lo enable access lo corporate resources. Several employees will need to travel to a foreign country (or business purposes and will require access lo their phones. However, the company recently received intelligence that its intellectual property is highly desired by the same country's government. Which of the following MDM configurations would BEST reduce the risk of compromise while on foreign soil?

Question77: Proprietary information was sent by an employee to a distribution list that included external email addresses. Which of the following BEST describes the incident that occurred and the threat actor in this scenario?

Question78: A NIPS administrator needs to install a new signature to observe the behavior of a worm that may be spreading over SMB Which of the following signatures should be installed on the NIPS'?

Question79: Which of the following is MOST likely happening?

Question80: A critical web application experiences slow response times during the end of a company's fiscal year. This web application typically sees a 35% increase in utilization during this time. The Chief Information Officer (CIO) wants an automated solution in place to deal with the annual spike. Which of the following does the CIO MOST likely want to implement?

Question81: Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly disclosed yet?

Question82: An analyst has determined that a server was not patched and an external actor extiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented?

Question83: A security auditor is reviewing the following output from file integrity monitoring software installed on a very busy server at a large service provider. The server has not been updates since it was installed. Drag and drop the log entry that identifies the first instance of server compromise.

Question84: A systems developer needs to provide machine-to-machine interface between an application and a database server in the production environment. This interface will exchange data once per day. Which of the following access control account practices would BEST be used in this situation?

Question85: Which of the following concepts ensure ACL rules on a directory are functioning as expected? (Select TWO).

Question86: An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk Is greater than the five-year cost of the insurance policy. The organization is enabling risk:

Question87: A technician has been asked to document which services are running on each of a collection of 200 servers. Which of the following tools BEST meets this need while minimizing the work required?

Question88: A company is deploying a wireless network. It is a requirement that client devices must use X.509 certifications to mutually authenticate before connecting to the wireless network. Which of the following protocols would be required to accomplish this?

Question89: An authorized user is conducting a penetration scan of a system for an organization. The tester has a set of network diagrams. Source code, version numbers of applications. and other information about the system. Including hostnames and network addresses. Which of the following BEST describes this type of penetration test?

Question90: An attacker is attempting to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:
The username you entered does not exist.
Which of the following should the analyst recommend be enabled?

Question91: An auditor is requiring an organization to perform real-time validation of SSL certificates Which of the following should the organization implement?

Question92: An employee on the Internet facing part of a company's website submits a 20-character phrase in a small textbox on a web form. The website returns a message back to the browser stating.

Of which of the following is this an example?

Question93: A network technician discovered the usernames and passwords used for network device configuration have been compromised by a user with a packet sniffer. Which of the following would secure the credentials from sniffing?

Question94: In a lessons learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated group of attackers may have been responsible for a breach at a nuclear facility.
Which of the following describes the type of actors that may have been implicated?

Question95: An organization wants to implement a solution that allows for automated logical controls for network defense. An engineer plans to select an appropriate network security component, which automates response actions based on security threats to the network. Which of the following would be MOST appropriate based on the engineer's requirements?

Question96: An employee workstation with an IP address of 204 211.38.211/24 reports it is unable to submit print jobs to a network printer at 204.211.38.52/24 after a firewall upgrade. The active firewall rules are as follows:

Assuming port numbers have not been changed from their defaults, which of the following should be modified to allow printing to the network printer?

Question97: A company help desk as received several reports that employees have experienced identify theft and compromised accounts. This occurred several days after receiving an email asking them to update their personal bank information. Which of the following is a vulnerability that has been exploited?

Question98: An organization's research department uses workstations in an air-gapped network. A competitor released products based on files that originated in the research department. Which of the following should management do to improve the security and confidentiality of the research files?

Question99: An internal intranet site is required to authenticate users and restrict access to content to only those who are authorized to view it The site administrator previously encountered issues with credential spoofing when using the default NTLM setting and wants to move to a system that will be more resilient to replay attacks Which of the following should the administrator implement?

Question100: A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.
INSTRUCTIONS
Please click on the below items on the network diagram and configure them accordingly:
WAP
DHCP Server
AAA Server
Wireless Controller
LDAP Server
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question101: Which of the following is a component of multifactor authentication?

Question102: An organization has created a review process to determine how to best handle data with different sensitivity levels. The process includes the following requirements:
* Soft copy Pll must be encrypted.
* Hard copy Pll must be placed In a locked container.
* Soft copy PHI must be encrypted and audited monthly.
* Hard copy PHI must be placed in a locked container and inventoried monthly.
Locked containers must be approved and designated for document storage. Any violations must be reported to the Chief Security Officer {CSO}.
While searching for coffee in the kitchen, an employee unlocks a cabinet and discovers a list of customer names and phone numbers. Which of the following actions should the employee take?

Question103: A security analyst is performing a BIA.
The analyst notes that in a disaster, failover systems must be up and running within 30 minutes. The failover systems must use backup data that is no older than one hour. Which of the following should the analyst include in the business continuity plan?

Question104: A security analyst needs a solution that can execute potential malware in a restricted and isolated environment for analysis. In which of the following technologies is the analyst interested?

Question105: A user received an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case?

Question106: An accountant is attempting to log in to the internal accounting system and receives a message that the website's certificate is fraudulent. The accountant finds instructions for manually installing the new trusted root onto the local machine. Which of the following would be the company's BEST option for this situation in the future?

Question107: Which of the following is an example of the second A in the AAA model?

Question108: After a security assessment was performed on the enterprise network, it was discovered that:
Configuration changes have been made by users without the consent of IT.
Network congestion has increased due to the use of social media.
Users are accessing file folders and network shares that are beyond the scope of their need to know.
Which of the following BEST describe the vulnerabilities that exist in this environment? (Choose two.)

Question109: Poor inventory control practices can lead to undetected and potentially catastrophic system exploitation due to:

Question110: Which of the following would provide a safe environment for an application to access only the resources needed to function while not having access to run at the system level?

Question111: Which of the following has the potential to create a DoS attack on a system?

Question112: Which of the following serves to warn users against downloading and installing pirated software on company devices?

Question113: A Security analyst has received an alert about PII being sent via email. The analyst's Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate?

Question114: The Chief Executive Officer (CEO) received an email from the Chief financial Officer (CFO), asking the CEO to send financial details. The CEO thought it was strange that the CFO would ask for the financial details via email. The email address was correct in the "From "section of the email. The CEO clicked the form and sent the financial information as requested. Which of the following caused the incident?

Question115: A company's IT staff is given the task of securely disposing of 100 server HDDs. The security team informs the IT staff that the data must not be accessible by a third party after disposal. Which of the following is the MOST time-efficient method to achieve this goal?

Question116: After a ransomware attack. a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?

Question117: When conducting a penetration test, a pivot is used to describe a scenario in which:

Question118: An organization's Chief Information Officer (CIO) read an article that identified leading hacker trends and attacks, one of which is the alteration of URLs to IP addresses resulting in users being redirected to malicious websites. To reduce the chance of this happening in the organization, which of the following secire protocols should be implemented?

Question119: A security administrator is working with the human resources department to classify data held by the company. The administrator has determined the data contains a variety of data types, including health information, employee names and addresses, trade secrets, and confidential customer information. Which of the following should the security administrator do NEXT?

Question120: The Chief Information Officer (CIO) has heard concerns from the business and the help desk about frequent user account lockouts Which of the following account management practices should be modified to ease the burden?

Question121: An organization discovers that unauthorized applications have been installed on company-provided mobile phones. The organization issues these devices, but some users have managed to bypass the security controls. Which of the following Is the MOST likely issue, and how can the organization BEST prevent this from happening?

Question122: A security administrator is Implementing a secure method that allows developers to place files or objects onto a Linux server Developers ate required to log In using a username. password, and asymmetric key. Which of the following protocols should be implemented?

Question123: An organization needs to integrate with a third-party cloud application. The organization has 15000 users and does not want to allow the cloud provider to query its LDAP authentication server directly. Which of the following is the BEST way for the organization to integrate with the cloud application?

Question124: A network technician is setting up a new branch for a company. The users at the new branch will need to access resources securely as if they were at 'the main location. Which of the following networking concepts would BEST accomplish this'?

Question125: A technician wants to implement PKI-based authentication on an enterprise wireless network. Which of the following should configure to enforce the use for client-site certificates?

Question126: A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the following protocols should be configured on the RADIUS server? (Select TWO).

Question127: A user wants to send a confidential message to a customer to ensure unauthorized users cannot access the information. Which of the following can be used to ensure the security of the document while in transit and at rest?

Question128: A network administrator is brute forcing accounts through a web interface. Which of the following would provide the BEST defense from an account password being discovered?

Question129: A security administrator wants to better prepare the incident response team for possible security events. The IRP has been updated and distributed to incident response team members. Which of the following is the BEST option to fulfill the administrator's objective?

Question130: An analyst is currently looking at the following output:

Which of the following security issues has been discovered based on the output?

Question131: Which of the following is the security threat a hiring manager is trying to prevent by performing a background screening of a job candidate?

Question132: Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

Question133: A customer calls a technician and needs to remotely connect to a web server to change some code manually. The technician needs to configure the user's machine with protocols to connect to the Unix web server, which is behind a firewall. Which of the following protocols does the technician MOST likely need to configure?

Question134: Task: Determine the types of attacks below by selecting an option from the dropdown list.

Question135: A security specialist is notified about a certificate warning that users receive when using a new internal website. After being given the URL from one of the users and seeing the warning, the security specialist inspects the certificate and realizes it has been issued to the IP address, which is how the developers reach the site. Which of the following would BEST resolve the issue?

Question136: A network administrator was recently terminated. A few weeks later, the new administrator noticed unauthorized changes to several devices that are causing denial of services. Additionally, the administrator noticed an unusual connection from an external IP address to an internal server. Which of the following is the MOST likely cause of the problem?

Question137: A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee's hard disk. Which of the following should the administrator use?

Question138: Fuzzing is used to reveal which of the following vulnerabilities in web applications?

Question139: The security administrator has installed a new firewall which implements an implicit DENY policy by default.
INSTRUCTIONS:
Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the financial server ONLY, over the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

Hot Area:

Question140: An organization is updating its access control standards for SSL VPN login to include multifactor authentication The security administrator assigned to this project has been given the following guidelines to use when selecting a solution
* High security
* Lowest false acceptance rate
* Quick provisioning time for remote users and offshore consultants
Which of the following solutions will BEST fit this organization's requirements?

Question141: A company has won an important government contract. Several employees have been transferred from their existing projects to support a new contract. Some of the employees who have transferred will be working long hours and still need access to their project information to transition work to their replacements.
Which of the following should be implemented to validate that the appropriate offboarding process has been followed?

Question142: Which of the following should be implemented to stop an attacker from interacting with the hypervisor through another guest?

Question143: A company is performing an analysis of the corporate enterprise network with the intent of identifying any one system, person, function, or service that, when neutralized, will cause or cascade disproportionate damage to the company's revenue, referrals, and reputation. Which of the following is an element of the BIA that this action is addressing?

Question144: A coding error has been discovered on a customer-facing website. The error causes each request to return confidential PHI data for the incorrect organization. The IT department is unable to identify the specific customers who are affected. As a result, all customers must be notified of the potential breach. Which of the following would allow the team to determine the scope of future incidents?

Question145: Which of the following cloud models is used to share resources and information with business partners and like businesses without allowing everyone else access?

Question146: Which of the following is a technical preventive control?

Question147: After a breach, a company has decided to implement a solution to better understand the technique used by the attackers. Which of the following is the BEST solution to be deployed?

Question148: A company is planning to utilize its legacy desktop systems by converting them into dummy terminals and moving all heavy applications and storage to a centralized server that hosts all of the company's required desktop applications. Which of the following describes the BEST deployment method to meet these requirements?

Question149: A security engineer at a manufacturing company is implementing a third-party cloud application. Rather than creating users manually in the application, the engineer decides to use the SAML protocol. Which of the following is being used for this implementation?

Question150: The Chief Information Officer (CIO) has determined the company's new PKI will not use OCSP. The purpose of OCSP still needs to be addressed. Which of the following should be implemented?

Question151: A network administrator is implementing multifactor authentication for employees who travel and use company devices remotely by using the company VPN. Which of the following would provide the required level of authentication?

Question152: A security analyst is performing a manual audit of captured data from a packet analyzer. The analyst looks forbase64 encoded strings and applies the filter http.authbasic. Which of the following describes what the analysts looking for?

Question153: A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two-drive failure for better fault tolerance. Which of the following RAID levels should the administrator select?

Question154: Which of the following is the proper use of a Faraday cage?

Question155: A security administrator plans to conduct a vulnerability scan on the network to determine if system applications are up to date. The administrator wants to limit disruptions to operations but not consume too many resources. Which of the following types of vulnerability scans should be conducted?

Question156: A security analyst has been asked to implement secure protocols to prevent cleartext credentials from being transmitted over the internal network. Which of the following protocols is the security analyst MOST likely to implement? (Select TWO).

Question157: The director of information security at a company has recently directed the security engineering team to implement new security technologies aimed at reducing the impact of insider threats. Which of the following tools has the team MOST likely deployed? (Select TWO).

Question158: After discovering a security incident and removing the affected files, an administrator disabled an unneeded service that led to the breach. Which of the following steps in the incident response process has the administrator just completed?

Question159: Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

Question160: A member of the IR team has identified an infected computer Which of the following IR phases should the team member conduct NEXT?

Question161: Which of the following BEST describes the purpose of authorization?

Question162: A common asymmetric algorithm utilizes the user's login name to create the key to encrypt communications. To ensure the key is Afferent each time the user encrypts data which of the following should be added to the login name?

Question163: Which of the following documents would provide specific guidance regarding ports and protocols that should be disabled on an operating system?

Question164: A security analyst received an after-hours alert indicating that a large number of accounts with the suffix "admin'' were locked out. The accounts were all locked out after five unsuccessful login attempts, and no other accounts on the network triggered the same alert. Which of the following is the BEST explanation for these alerts?

Question165: The Chief financial Officer (CFO) of an insurance company received an email from Ann, the company's Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering techniques is the attacker using?

Question166: An organization is building a new customer services team, and the manager needs to keep the team focused on customer issues and minimize distractions. The users have a specific set of tools installed, which they must use to perform their duties. Other tools are not permitted for compliance and tracking purposes. Team members have access to the Internet for product lookups and to research customer issues. Which of the following should a security engineer employ to fulfill the requirements for the manager?

Question167: A company has purchased a new SaaS application and is in the process of configuring it to meet the company's needs. The director of security has requested that the SaaS application be integrated into the company's IAM processes. Which of the following configurations should the security administrator set up in order to complete this request?

Question168: The website of a bank that an organization does business with is being reported as untrusted by the organization's web browser. A security analyst has been assigned to Investigate. The analyst discovers the band recently merged with another local bank and combined names. Additionally, the user's bookmark automatically redirects to the website of the newly named bank. Which of the following Is the MOST likely cause of the Issue?

Question169: After being alerted to potential anomalous activity related to trivial DNS lookups, a security analyst looks at the following output of implemented firewall rules:

The analyst notices that the expected policy has no hit count for the day. Which of the following MOST likely occurred?

Question170: A security administrator is choosing an algorithm to generate password hashes. Which of the following would offer the BEST protection against offline brute force attacks?

Question171: SIMULATION
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question172: Which of the following encryption algorithms require one encryption key? (Choose two.)

Question173: A computer forensics analyst collected a flash drive that contained a single file with 500 pages of text. Which of the following algorithms should the analyst use to validate the integrity of the file?

Question174: A company occupies the third floor of a leased building that has other tenants. The path from the demarcation point to the company's controlled space runs through unsecured areas managed by other companies. Which of the following could be used to protect the company's cabling as it passes through uncontrolled spaces?

Question175: A company uses wireless for ail laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring?

Question176: A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

INSTRUCTIONS
Click on each firewall to do the following:
1. Deny cleartext web traffic
2. Ensure secure management protocols are used.
3. Resolve issues at the DR site.
The ruleset order cannot be modified due to outside constraints.
Hat any time you would like to bring back the initial state of the simulation, please dick the Reset All button.



In firewall 1, HTTP inbound Action should be DENY. As shown below

In firewall 2, Management Service should be DNS, As shown below.
In firewall 3, HTTP Inbound Action should be DENY, as shown below

Question177: A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM. Which of the following is the administrator protecting against?

Question178: A threat actor motivated by political goals that is active for a short period of time but has virtually unlimited resources is BEST categorized as a:

Question179: A startup company is using multiple SaaS and laaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

Question180: While testing a new vulnerability scanner, a technician becomes concerned about reports that list security concerns that are not present on the systems being tested. Which of the following BEST describes this flaw?

Question181: A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants lo ensure il does not happen again. Which of the following should the IT administrator do fiRST after recovery?

Question182: An Organization requires secure configuration baselines for all platforms and technologies that are used. If any system cannot conform to the secure baseline, the organization must process a risk acceptance and receive approval before the system is placed into production. It may have non-conforming systems in its lower environments (development and staging) without risk acceptance, but must receive risk approval before the system is placed in production. Weekly scan reports identify systems that do not conform to any secure baseline.
The application team receive a report with the following results:
There are currently no risk acceptances for baseline deviations. This is a mission-critical application, and the organization cannot operate If the application is not running. The application fully functions in the development and staging environments. Which of the following actions should the application team take?

Question183: A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Select TWO).

Question184: The president of a company that specializes in military contracts receives a request for an interview. During the interview, the reporter seems more interested in discussing the president's family life and personal history than the details of a recent company success. Which of the following security concerns is this MOST likely an example of?

Question185: A Chief Information Officer (CIO) wants to eliminate the number of calls help desk is receiving for password resets when users log on to internal portals. Which of the following is the BEST solution?

Question186: When considering IoT systems, which of the following represents the GREATEST ongoing risk after a vulnerability has been discovered?

Question187: Joe, a contractor, is hired by a firm to perform a penetration test against the firm's infrastructure. While conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types is Joe performing?

Question188: A highly complex password policy has made it nearly impossible to crack account passwords. Which of the following might a hacker still be able to perform?