EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following BEST describes the concept of perfect forward secrecy?

Question2: An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision?

Question3: A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM. Which of the following is the administrator protecting against?

Question4: During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Question5: A security engineer wants to add SSL to the public web server. Which of the following would be the FIRST step to implement the SSL certificate?

Question6: A Chief Security Officer (CSO) has implemented a policy to prevent the reuse of hard drives due to the risk of information spillage to unauthorized users. Which of the following would be the MOST practical process to decommission the workstations?

Question7: After a systems administrator installed and configured Kerberos services, several users experienced authentication issues. Which of the following should be installed to resolve these issues?

Question8: You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.
Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.

Question9: A technician is required to configure updates on a guest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates. Which of the following should the technician implement?

Question10: A technician is implementing 802 1X with dynamic VLAN assignment based on a user Active Directory group membership Which of the following configurations supports the VLAN definitions?

Question11: During an audit, the auditor requests to see a copy of the identified mission-critical applications as well as their disaster recovery plans. The company being audited has an SLA around the applications it hosts. With which of the following is the auditor MOST likely concerned?

Question12: An administrator needs to protect five websites with SSL certificates. Three of the websites have different domain names, and two of the websites share the domain name but have different subdomain prefixes. Which of the following SSL certificates should the administrator purchase to protect all the websites and be able to administer them easily at a later time?

Question13: A company is performing an analysis of the corporate enterprise network with the intent of identifying any one system, person, function, or service that, when neutralized, will cause or cascade disproportionate damage to the company's revenue, referrals, and reputation. Which of the following is an element of the BIA that this action is addressing?

Question14: Which of the following threat actors is motivated primarily by a desire for personal recognition and a sense of accomplishment?

Question15: Proprietary information was sent by an employee to a distribution list that included external email addresses. Which of the following BEST describes the incident that occurred and the threat actor in this scenario?

Question16: After patching computers with the latest application security patches/updates, users are unable to open certain applications. Which of the following will correct the issue?

Question17: A systems administrator wants to enforce the use of HTTPS on a new website. Which of the following should the systems administrator do NEXT after generating the CSR?

Question18: A Security analyst has received an alert about PII being sent via email. The analyst's Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate?

Question19: A technician is investigating a report of unusual behavior and slow performance on a company-owned laptop. The technician runs a command and reviews the following information:

Based on the above information, which of the following types of malware should the technician report?

Question20: While testing a new application, a developer discovers that the inclusion of an apostrophe in a username cause the application to crash. Which of the following secure coding techniques would be MOST useful to avoid this problem?

Question21: A pass-the-hash attack is commonly used to:

Question22: A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional dat a. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks Is the researcher MOST likely experiencing?

Question23: A company recently experienced data exfiltration via the corporate network. In response to the breach, a security analyst recommends deploying an out-of-band IDS solution. The analyst says the solution can be implemented without purchasing any additional network hardware. Which of the following solutions will be used to deploy the IDS?

Question24: When building a hosted datacenter, which of the following is the MOST important consideration for physical security within the datacenter?

Question25: After discovering a security incident and removing the affected files, an administrator disabled an unneeded service that led to the breach. Which of the following steps in the incident response process has the administrator just completed?

Question26: A systems administrator just issued the ssh-keygen -t rsa command on a Linux terminal Which of the following BEST describes what the rsa portion of the command represents?

Question27: An attacker has gained control of several systems on the Internet and is using them to attack a website, causing it to stop responding to legitimate traffic. Which of the following BEST describes the attack?

Question28: A company is determining where to host a hot site, and one of the locations being considered is in another country. Which of the following should be considered when evaluating this option?

Question29: Which of the following can be used to increase the time needed to brute force a hashed password?

Question30: An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

Question31: A software development company needs to augment staff by hiring consultants for a high-stakes project. The project has the following requirements:
Consultants will have access to highly confidential, proprietary dat
a. Consultants will not be provided with company-owned assets.
Work needs to start immediately.
Consultants will be provided with internal email addresses for communications.
Which of the following solutions is the BEST method for controlling data exfiltration during this project?

Question32: A coding error has been discovered on a customer-facing website. The error causes each request to return confidential PHI data for the incorrect organization. The IT department is unable to identify the specific customers who are affected. As a result, all customers must be notified of the potential breach. Which of the following would allow the team to determine the scope of future incidents?

Question33: A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The CIO wants to keep control over key visibility and management. Which of the following would be the BEST solution for the CIO to implement?"

Question34: When a malicious user is able to retrieve sensitive information from RAM, the programmer has failed a implement:

Question35: Which of the following types of vulnerability scans typically returns more detailed and thorough insights into actual system vulnerabilities?

Question36: A security analyst has recently deployed an MDM solution that requires biometric authentication for company-issued smartphones As the solution was implemented the help desk has seen a dramatic increase in calls by employees frustrated that company-issued phones take several attempts to unlock using the fingerprint scanner Which of the following should be reviewed to mitigate this problem?

Question37: A security analyst is emailing PII in a spreadsheet file to an audit validator for after-actions related to a security assessment. The analyst must make sure the PII data is protected with the following minimum requirements:
*Ensure confidentiality at rest.
* Ensure the integrity of the original email message.
Which of the following controls would ensure these data security requirements are carried out?

Question38: After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Question39: A technician has been asked to document which services are running on each of a collection of 200 servers. Which of the following tools BEST meets this need while minimizing the work required?

Question40: Which of the following enables a corporation to extend local security policies to corporate resources hosted in a CSP's infrastructure?

Question41: A security analyst is performing a BIA.
The analyst notes that in a disaster, failover systems must be up and running within 30 minutes. The failover systems must use backup data that is no older than one hour. Which of the following should the analyst include in the business continuity plan?

Question42: Which of the following is the proper use of a Faraday cage?

Question43: A security administrator needs to conduct a full inventory of all encryption protocols and cipher suites. Which of the following tools will the security administrator use to conduct this inventory MOST efficiently?

Question44: Which of the following is a benefit of credentialed vulnerability scans?

Question45: A company has a backup site with equipment on site without any dat
a. This is an example of:

Question46: An engineer is configuring a wireless network using PEAP for the authentication protocol. Which of the following is required?

Question47: A company uses WPA2-PSK, and it appears there are multiple unauthorized devices connected to the wireless network. A technician suspects this is because the wireless password has been shared with unauthorized individuals. Which of the following should the technician implement to BEST reduce the risk of this happening in the future?

Question48: Employees receive a benefits enrollment email from the company's human resources department at the beginning of each year. Several users have reported receiving the email but are unable to log in to the website with their usernames and passwords. Users who enter the URL for the human resources website can log in without issue. Which of the following security issues is occurring?

Question49: A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?

Question50: A security analyst received an after-hours alert indicating that a large number of accounts with the suffix "admin'' were locked out. The accounts were all locked out after five unsuccessful login attempts, and no other accounts on the network triggered the same alert. Which of the following is the BEST explanation for these alerts?

Question51: An organization is concerned that Its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

Question52: A red team initiated a DoS attack on the management interface of a switch using a known vulnerability The monitoring solution then raised an alert prompting a network engineer to log in to the switch to diagnose the issue When the engineer logged in. the red team was able to capture the credentials and subsequently log in to the switch Which of the following actions should the network team take to prevent this type of breach from reoccurring?

Question53: A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and Identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

Question54: An organization is looking to build its second head office in another city. which has a history of flooding with an average of two floods every 'I00 years. The estimated building cost is $1 million. and the estimated damage due to flooding is half of the buildings cost. Given this information, which of the following is the SLE?'

Question55: A company has users and porters in multiple geographic locations and the printers are locked in common areas of the offices. To preserve the confidentially of PII, a security administrator needs to implement the appropriate controls Which of the following would BEST meet the confidentiality requirements of the data?

Question56: A security analyst is specifying requirements for a wireless network. The analyst must explain the security features provided by various architecture choices.
Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS?

Question57: A user from the financial aid office is having trouble interacting with the finaid directory on the university's ERP system. The systems administrator who took the call ran a command and received the following output:

Subsequently, the systems administrator has also confirmed the user is a member of the finaid group on the ERP system.
Which of the following is the MOST likely reason for the issue?

Question58: A security team received reports of increased latency on a highly utilized e-commerce server. This led to eventual service unavailability as a result of internal scanning activity. The following web-server log was shared with the team to support this claim:
Which of the following actions would BEST address the service impact caused by scanning?

Question59: Which of the following access management concepts is MOST closely associated with the use of a password or PIN??

Question60: The director of information security at a company has recently directed the security engineering team to implement new security technologies aimed at reducing the impact of insider threats. Which of the following tools has the team MOST likely deployed? (Select TWO).

Question61: Which of the following represents a multifactor authentication system?

Question62: Users are attempting to access a company's website but are transparently redirected to another website. The users confirm the URL is correct. Which of the following would BEST prevent this issue in the future?

Question63: A manufacturing company updates a policy that instructs employees not to enter a secure area in groups and requires each employee to swipe their badge to enter the area When employees continue to ignore the policy, a mantrap is installed. Which of the following BEST describe the controls that were implemented to address this issue? (Select TWO).

Question64: A systems administrator wants to replace the process of using a CRL to verify certificate validity. Frequent downloads are becoming problematic. Which of the following would BEST suit the administrator's needs?

Question65: Confidential corporate data was recently stolen by an attacker who exploited data transport protections. Which of the following vulnerabilities is the MOST likely cause of this data breach?

Question66: If two employees are encrypting traffic between them using a single encryption key, which of the following algorithms are they using?

Question67: The website of a bank that an organization does business with is being reported as untrusted by the organization's web browser. A security analyst has been assigned to Investigate. The analyst discovers the band recently merged with another local bank and combined names. Additionally, the user's bookmark automatically redirects to the website of the newly named bank. Which of the following Is the MOST likely cause of the Issue?

Question68: Using an ROT13 cipher to protocol confidential information for unauthorized access is known as:

Question69: A security consultant was asked to revise the security baselines that are utilized by a large organization. Although the company provides different platforms for its staff, including desktops, laptops, and mobile devices, the applications do not vary by platform. Which of the following should the consultant recommend? (Select Two).

Question70: A systems administrator is auditing the company's Active Directory environment. It is quickly noted that the username "company\bsmith" is interactively logged into several desktops across the organization. Which of the following has the systems administrator MOST likely come across?

Question71: A security administrator has been conducting an account permissions review that has identified several users who belong to functional groups and groups responsible for auditing the functional groups' actions. Several recent outages have not been able to be traced to any user. Which of the following should the security administrator recommend to preserve future audit tag integrity?

Question72: A coffee company has hired an IT consultant to set up a WiFi network that will provide Internet access to customers who visit the company's chain of cafes. The coffee company has provided no requirements other than that customers should be granted access after registering via a web form and accepting the terms of service. Which of the following is the MINIMUM acceptable configuration to meet this single requirement?

Question73: Which of the following implements a lossy algorithm?

Question74: Which of the following provides the ability to attest to the integrity of a system from the initiation of an incident to the time the incident is litigated?

Question75: A Chief Information Officer (CIO) wants to eliminate the number of calls the help desk is receiving for password resets when users log on to internal portals. Which of the following is the BEST solution?

Question76: Which of the following often operates in a client-server architecture to act as a service repository, providing enterprise consumers access to structured threat Intelligence data?

Question77: A system in the network is used to store proprietary secrets and needs the highest level of security possible. Which of the following should a security administrator implement to ensure the system cannot be reached from the Internet?

Question78: Which of the following may indicate a configuration item has reached end-of-life?

Question79: A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?

Question80: A NIPS administrator needs to install a new signature to observe the behavior of a worm that may be spreading over SMB. Which of the following signatures should be installed on the NIPS?

Question81: A systems administrator is implementing a remote access method for the system that will utilize GUI. Which of the following protocols would be BEST suited for this?

Question82: Which of the following generates reports that show the number of systems that are associated with POODLE, 3DES, and SMBv1 listings?

Question83: A systems administrator wants to implement a secure wireless network requiring wireless clients to pre-register with the company and install a PKI client certificate prior to being able to connect to the wireless network. Which of the following should the systems administrator configure?

Question84: An administrator is setting up automated remote file transfers to another organization. The other organization has the following requirements for the connection protocol:
* Encryption in transit is required.
* Mutual authentication must be used.
* Certificate authentication must be used (no passwords).
Which of the following should the administrator choose?

Question85: A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

Question86: A company uses an enterprise desktop imaging solution to manage deployment of its desktop computers. Desktop computer users are only permitted to use software that is part of the baseline image. Which of the following technical solutions was MOST likely deployed by the company to ensure only known-good software can be installed on corporate desktops?

Question87: Which of the following would MOST likely support the integrity of a voting machine?

Question88: The Chief information Officer (CIO) has decided to add two-factor authentication along with the use of passwords when logging on to the network. Which of the following should be implemented to BEST accomplish this requirement?

Question89: Which of the following BEST describes a security exploit for which a vendor patch is not readily available?

Question90: As a security measure, an organization has disabled all external media from accessing the network. Since some users may have data that needs to be transferred to the network, which of the following would BEST assist a security administrator with transferring the data while keeping the internal network secure?

Question91: A systems administrator is configuring a new network switch for TACACS+ management and authentication.
Which of the following must be configured to provide authentication between the switch and the TACACS+ server?

Question92: A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

Question93: A systems engineer is configuring a wireless network. The network must not require installation of third-party software. Mutual authentication of the client and the server must be used. The company has an internal PKI. Which of the following configuration should the engineer choose?

Question94: A buffer overflow can result in:

Question95: A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:

Question96: Which of the following impacts MOST likely results from poor exception handling?

Question97: A company is deploying a wireless network. It is a requirement that client devices must use X.509 certifications to mutually authenticate before connecting to the wireless network. Which of the following protocols would be required to accomplish this?

Question98: Which of the following implements a stream cipher?

Question99: A company has drafted an Insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?

Question100: Which of the following concepts ensure ACL rules on a directory are functioning as expected? (Select TWO).

Question101: An attacker has recently compromised an executives laptop and installed a RAT. The attacker used a registry key to ensure the RAT starts every time the laptop Is powered on. Of which of the following is this an example?

Question102: A credentialed vulnerability scan is often preferred over a non-credentialed scan because credentialed scans:

Question103: A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question104: A user received an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case?

Question105: A security analyst is performing a manual audit of captured data from a packet analyzer. The analyst looks forbase64 encoded strings and applies the filter http.authbasic. Which of the following describes what the analysts looking for?

Question106: A developer is creating a new web application on a public cloud platform and wants to ensure the application can respond to increase in load while minimizing costs during periods of low usage. Which of the following strategies is MOST relevant to the use-case?

Question107: A company has won an important government contract. Several employees have been transferred from their existing projects to support a new contract. Some of the employees who have transferred will be working long hours and still need access to their project information to transition work to their replacements.
Which of the following should be implemented to validate that the appropriate offboarding process has been followed?

Question108: An organization's IRP prioritizes containment over eradication. An incident has been discovered where an attacker outside of the organization has installed cryptocurrency mining software on the organization's web servers. Given the organization's stated priorities, which of the following would be the NEXT step?

Question109: Management wants to ensure any sensitive data on company-provided cell phones is isolated in a single location that can be remotely wiped if the phone is lost. Which of the following technologies BEST meets this need?

Question110: Given the following output:
Which of the following BEST describes the scanned environment?

Question111: Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

Question112: A security analyst is investigating a call from a user regarding one of the websites receiving a 503: Service Unavailable error. The analyst runs a netstat -an command to discover if the web server is up and listening. The analyst receives the following output:
TCP 10.1.5.2:80 192.168.2.112:60973 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60974 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60975 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60976 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60977 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60978 TIME_WAIT
Which of the following types of attack is the analyst seeing?

Question113: In a lessons learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated group of attackers may have been responsible for a breach at a nuclear facility.
Which of the following describes the type of actors that may have been implicated?

Question114: A security administrator has been conducting an account permissions review that has identified several users who belong to functional groups and groups responsible for auditing the functional groups' actions. Several recent outages have not been able to be traced to any user. Which of the following should the security administrator recommend to preserve future audit log integrity?

Question115: A company has users and printers in multiple geographic locations, and the printers are located in common areas of the offices. To preserve the confidentiality of PII, a security administrator needs to implement the appropriate controls. Which of the following would BEST meet the confidentiality requirements of the data?

Question116: A company's MOM policy outlines the following requirements:
* Devices can be securely sanitized.
* Devices must only utilize secure WiFi.
* Devices must have biometric and PIN code setup.
The employees must also agree that all devices set up within the MDM have location services turned on. Which of the following options will address AT LEAST two of these requirements?

Question117: During the penetration testing of an organization, the tester was provided with the names of a few key servers, along with their IP address. Which of the following is the organization conducting?

Question118: Which of the following is the purpose of an industry-standard framework?

Question119: A technician needs lo document which application versions are listening on open ports. Which of the following is MOST likely to return the information the technician needs?

Question120: A technician wants to configure a wireless router at a small office that manages a family-owned dry cleaning business. The router will support five laptops, personal smartphones, a wireless printer, and occasional guests. Which of the following wireless configurations is BEST implemented in this scenario?

Question121: Which of the following systems, if compromised, may cause great danger to the integrity of water supplies and their chemical levels?

Question122: A security administrator wants to better prepare the incident response team for possible security events. The IRP has been updated and distributed to incident response team members. Which of the following is the BEST option to fulfill the administrator's objective?

Question123: A security engineer wants to further secure a sensitive VLAN on the network by introducing MFA.
Which of the following is the BEST example of this?

Question124: A company has had a BYOD policy in place for many years and now wants to roll out an MDM solution. The company has decided that end users who wish to utilize their personal devices for corporate use must opt in to the MDM solution. End users are voicing concerns about the company having access to their personal devices via the MDM solution. Which of the following should the company implement to ease these concerns?

Question125: A security professional wants to test a piece of malware that was isolated on a user's computer to document its effect on a system. Which of the following is the FIRST step the security professional should take?

Question126: Which of the following is a security consideration for IoT devices?

Question127: During certain vulnerability scanning scenarios, It is possible for the target system to react in unexpected ways. This type of scenario is MOST commonly known as:

Question128: Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

Question129: While monitoring the SIEM, a security analyst observes traffic from an external IP to an IP address of the business network on port 443. Which of the following protocols would MOST likely cause this traffic?

Question130: An organization uses simulated phishing attacks on its users to better prepare them to recognize actual phishing attacks and get them accustomed to reporting the attacks to the security team. This is an example of:

Question131: An organization has created a review process to determine how to best handle data with different sensitivity levels. The process includes the following requirements:
* Soft copy Pll must be encrypted.
* Hard copy Pll must be placed In a locked container.
* Soft copy PHI must be encrypted and audited monthly.
* Hard copy PHI must be placed in a locked container and inventoried monthly.
Locked containers must be approved and designated for document storage. Any violations must be reported to the Chief Security Officer {CSO}.
While searching for coffee in the kitchen, an employee unlocks a cabinet and discovers a list of customer names and phone numbers. Which of the following actions should the employee take?

Question132: A large Industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

Question133: An organization's policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using any of their previous 12 passwords. The quantization does not use single sign-on, nor does it centralize storage of passwords.
The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected for that separate system. Account login has been detected for users who are on vacation.
Which of the following BEST describes what is happening?

Question134: A first responder needs to collect digital evidence from a compromised headless virtual host. Which of the following should the first responder collect FIRST?

Question135: A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate devices using PKI. Which of the following should the administrator configure?

Question136: A dumpster diver was able 10 retrieve hard drives from a competitor's trash bin. After installing the and hard drives and running common date recovery software. Sensitive information was recovered. In which of the following ways did the competitor apply media sanitation?

Question137: Which of the following attacks can be used to exploit a vulnerability that was created by untrained users?

Question138: An employee opens a web browser and types a URL into the address bar. Instead of reaching the requested site, the browser opens a completely different site. Which of the following types of attacks have MOST likely occurred? (Choose two.)

Question139: A company recently experienced a network security breach and wants to apply two-factor authentication to secure its network. Which of the following should the company use? (Select TWO)

Question140: A security administrator in a bank is required to enforce an access control policy so no single individual is allowed to both initiate and approve financial transactions. Which of the following BEST represents the impact the administrator is deterring?

Question141: A company recently contracted a penetration testing firm to conduct an assessment. During the assessment, the penetration testers were able to capture unencrypted communication between directory servers. The penetration testers recommended encrypting this communication to fix the vulnerability. Which of the following protocols should the company implement to close this finding?

Question142: Which of the following would have the GREATEST impact on the supporting, database server if input handling is not properly implemented on a web application?

Question143: As a security measure, an organization has disabled all external media from accessing the network Since some users may have data that needs to be transferred to the network, which of the would BEST assist a security administrator with transferring the data while keeping the internal network secure?

Question144: An analyst is concerned about data leaks and wants to restrict access to Internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service Which of the following would be the BEST technology for me analyst to consider implementing?

Question145: A security administrator has been tasked with implementing controls that meet management goals. Drag and drop the appropriate control used to accomplish the account management goal. Options may be used once or not at all.

Question146: A company recently changed its security policy to allow access to only pre-approved websites and setup to occur without any end-user configuration. Which of the follow is the BEST configuration for implementing the new security policy?

Question147: Ann, a new employee, received an email from an unknown source indicating she needed to click on the provided link to update her company's profile. Once Ann clicked the link, a command prompt appeared with the following output:

Which of the following types of malware was executed?

Question148: A transitive trust:

Question149: Which of the following is the BEST example of a reputation impact identified during a risk assessment?

Question150: A Chief Executive Officer (CEO) is staying at a hotel during a business trip. The hotel's wireless network does not show a lock symbol. Which of the following precautions should the CEO take? (Select TWO).

Question151: Which of the following implements two-factor authentication on a VPN?

Question152: A security analyst investigate a report from an employee in the human resources (HR) department who is issues with Internal access. When the security analyst pull the UTM logs for the IP addresses in the HR group, the following activity is shown:

Which of the following actions should the security analyst take?

Question153: An incident response analyst at a large corporation is reviewing proxy log dat a. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the best NEXT step for the analyst to take?

Question154: A network technician discovered the usernames and passwords used for network device configuration have been compromised by a user with a packet sniffer. Which of the following would secure the credentials from sniffing?

Question155: A company has forbidden the use of external media within its headquarters location. A security analyst is working on adding additional repositories to a server in the environment when the analyst notices some odd processes running on the system. The analyst runs a command and sees the following:

Given this output, which of the following security issues has been discovered?

Question156: A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunication company has decided to discontinue its dark fiber product and is offering an MPLS connection. Which the law office feels is too expensive. Which of the following is the BEST solution for the law office?

Question157: An organization wishes to allow its users to select devices for business use but does not want to overwhelm the service desk with requests for too many different device types and models. Which of the following deployment models should the organization use to BEST meet these requirements?

Question158: An organization has the following written policies:
Users must request approval for non-standard software installation.
Administrators will perform all software installations.
Software must be installed from a trusted repository.
A recent security audit identified crypto-currency software installed on one user's machine. There are no indications of compromise on this machine. Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence?

Question159: A company is performing an analysis of which corporate units are most likely to cause revenue loss in the event the unit is unable to operate. Which of the following is an element of the BIA that this action is addressing?

Question160: Which of the following BEST explains how the use of configuration templates reduces organization risk?

Question161: Which of the following policies would help an organization identify and mitigate potential single points of failure in the company's IT/security operations?

Question162: While reviewing system logs, a security analyst notices that a large number of end users are changing their passwords four times on the day the passwords are set to expire. The analyst suspects they are cycling their passwords to circumvent current password controls. Which of the following would provide a technical control to prevent this activity from occurring?

Question163: A company recently experienced a security breach. The security staff determined that the intrusion was due to an out-of-date proprietary software program running on a non-compliant server. The server was imaged and copied onto a hardened VM, with the previous connections re-established. Which of the following is the NEXT step in the incident response process?

Question164: The web platform team is deploying a new web application During testing, the team notices the web application is unable to create a TLS connection to the API gateway. The administrator created a firewall rule that permit TLS traffic from the web application server to the API gateway. However, the firewall logs show all traffic is being dropped. Which of the following is MOST likely causing the issue'

Question165: Exercising various programming responses for the purpose of gaining insight into a system's security posture without exploiting the system is BEST described as:

Question166: An attachment that was emailed to finance employees contained an embedded message. The security administrator investigates and finds the intent was to conceal the embedded information from public view. Which of the following BEST describes this type of message?

Question167: A network administrator was provided the following output from a vulnerability scan.

The network administrator has been instructed to prioritize remediation efforts based on overall risk to the enterprise Which of the following plugin IDs should be remediated FIRST?

Question168: A company recently experienced a security breach. The security start determined that the intrusion was due to an out-of-date proprietary software program running on a non-compliant server The server was imaged and copied onto a hardened VM. with the previous connections re-established. Which of the Mowing Is the NEXT step in the incident response process?

Question169: A user attempts to send an email to an external domain and quickly receives a bounce-back message. The user then contacts the help desk stating the message is important and needs to be delivered immediately. While digging through the email logs, a systems administrator finds the email and bounce-back details:
Your email has been rejected because It appears to contain SSN Information. Sending SSN information via email external recipients violates company policy.
Which of the following technologies successfully stopped the email from being sent?

Question170: Which of the following should a company require prior to performing a penetration test?

Question171: Which of the following types of attack is being used when an attacker responds by sending the MAC address of the attacking machine to resolve the MAC to IP address of a valid server?

Question172: A systems administrator has installed a new UTM that is capable of inspecting SSL/TLS traffic for malicious payloads. All inbound network traffic coming from the Internet and terminating on the company's secure web servers must be inspected. Which of the following configurations would BEST support this requirement?

Question173: The network information for a workstation is as follows:

When the workstation's user attempts to access www.example.com. the URL that actually opens is www.notexample.com. The user successfully connects to several other legitimate URLs. Which of the following have MOST likely occurred? (Select TWO).

Question174: Which of the following security controls BEST mitigates social engineering attacks?

Question175: A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

Question176: Which of the following penetration testing concepts is an attacker MOST interested in when placing the path of a malicious file in the windows/Currentversion/Run registry key?

Question177: A company notices that at 10 a.m. every Thursday, three users' computers become inoperable. The security analyst team discovers a file called where.pdf.exe that runs on system startup. The contents of where.pdf.exe are shown below:

Based on the above information, which of the following types of malware was discovered?

Question178: A company uses WPA2-PSK, and it appears there are multiple unauthorized connected to the wireless network. A technician suspects this is because the wireless passwords has been shared with unauthorized individuals. Which of the following should the technician implement to BEST reduce the risk of this happening in the future?

Question179: A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.
INSTRUCTIONS
Please click on the below items on the network diagram and configure them accordingly:
WAP
DHCP Server
AAA Server
Wireless Controller
LDAP Server
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question180: The security office has had reports of increased tailgating in the datacenter. Which of the following controls should security put in place?

Question181: If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?

Question182: Which of the following documents would provide specific guidance regarding ports and protocols that should be disabled on an operating system?

Question183: A security engineer wants to further secure a sensitive VLAN on the network by introducing MFA.
Which of the following is the BEST example of this?

Question184: In the event of a security incident, which of the following should be captured FIRST?

Question185: A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are:
* www company com (mam website)
* contactus company com (for locating a nearby location)
* quotes company com (for requesting a price quote)
The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com. Which of the following certificate types would BEST meet the requirements?

Question186: An Organization requires secure configuration baselines for all platforms and technologies that are used. If any system cannot conform to the secure baseline, the organization must process a risk acceptance and receive approval before the system is placed into production. It may have non-conforming systems in its lower environments (development and staging) without risk acceptance, but must receive risk approval before the system is placed in production. Weekly scan reports identify systems that do not conform to any secure baseline.
The application team receive a report with the following results:

There are currently no risk acceptances for baseline deviations. This is a mission-critical application, and the organization cannot operate If the application is not running. The application fully functions in the development and staging environments. Which of the following actions should the application team take?

Question187: An Organization requires secure configuration baselines for all platforms and technologies that are used. If any system cannot conform to the secure baseline, the organization must process a risk acceptance and receive approval before the system is placed into production. It may have non-conforming systems in its lower environments (development and staging) without risk acceptance, but must receive risk approval before the system is placed in production. Weekly scan reports identify systems that do not conform to any secure baseline.
The application team receive a report with the following results:
There are currently no risk acceptances for baseline deviations. This is a mission-critical application, and the organization cannot operate If the application is not running. The application fully functions in the development and staging environments. Which of the following actions should the application team take?

Question188: A company utilizes 802.11 for all client connectivity within a facility. Users in one part of the building are reporting they are unable to access company resources when connected to the company SSID. Which of the following should the security administrator use to assess connectivity?

Question189: When choosing a hashing algorithm for storing passwords in a web database, which of the following is the BEST explanation for choosing HMAC-MD5 over simple MD5?

Question190: In highly secure environments where the risk of malicious actors attempting to steal data is high, which of the following is the BEST reason to deploy Faraday cages?

Question191: A company that processes sensitive information has implemented a BYOD policy and an MDM solution to secure sensitive data that is processed by corporate and personally owned mobile devices. Which of the following should the company implement to prevent sensitive data from being stored on mobile devices?

Question192: A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

INSTRUCTIONS
Click on each firewall to do the following:
1. Deny cleartext web traffic
2. Ensure secure management protocols are used.
3. Resolve issues at the DR site.
The ruleset order cannot be modified due to outside constraints.
Hat any time you would like to bring back the initial state of the simulation, please dick the Reset All button.


Question193: During a network assessment a security analyst identifies that most of the egress traffic is related to port 443. The company is interested in identifying the content of this traffic, as allowed by the corporate policy. Which of the following technologies should the security analyst deploy?

Question194: An attacker is attempting to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:
The username you entered does not exist.
Which of the following should the analyst recommend be enabled?

Question195: A state-sponsored threat actor has launched several successful attacks against a corporate network. Although the target has a robust patch management program in place, the attacks continue in depth and scope, and the security department has no idea how the attacks are able to gain access. Given that patch management and vulnerability scanners are being used, which of the following would be used to analyze the attack methodology?

Question196: An administrator is disposing of media that contains sensitive information. Which of the following will provide the MOST effective method to dispose of the media while ensuring the data will be unrecoverable?

Question197: A company help desk as received several reports that employees have experienced identify theft and compromised accounts. This occurred several days after receiving an email asking them to update their personal bank information. Which of the following is a vulnerability that has been exploited?

Question198: A systems developer needs to provide machine-to-machine interface between an application and a database server in the production environment. This interface will exchange data once per day. Which of the following access control account practices would BEST be used in this situation?

Question199: Which of the following impacts MOST likely result from poor exception handling?

Question200: While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below:

Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability?

Question201: Which of the following is the MOST likely motivation for a script kiddie threat actor?

Question202: A new PKI is being built at a company, but the network administrator has concerns about spikes of traffic occurring twice a day due to clients checking the status of the certificates. Which of the following should be implemented to reduce the spikes in traffic?

Question203: The help desk received a call from a user who was trying to access a set of files from the day before but received the following error message: File format not recognized. Which of the following types of malware MOST likely caused this to occur?

Question204: A security engineer needs to obtain a recurring log of changes to system files. The engineer is most concerned with detecting unauthorized changes to system dat a. Which of the following tools can be used to fulfill the requirements that were established by the engineer?

Question205: A Chief Information Security Officer (CISO) for a school district wants to enable SSL to protect all of the public-facing servers in the domain. Which of the following is a secure solution that is the MOST cost effective?

Question206: Joe, a contractor, is hired by a firm to perform a penetration test against the firm's infrastructure. While conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types is Joe performing?

Question207: A user is unable to obtain an IP address from the corporate DHCP server. Which of the following is MOST likely the cause?

Question208: A company recently implemented a new security system. In the course of configuration, the security administrator adds the following entry:
#Whitelist USB\VID_13FE&PID_4127&REV_0100
Which of the following security technologies is MOST likely being configured?

Question209: Which of the following attacks is used to capture the WPA2 handshake?

Question210: An administrator needs to protect rive websites with SSL certificates Three of the websites have different domain names, and two of the websites share the domain name but have different subdomain prefixes. Which of the following SSL certificates should the administrator purchase to protect all the websites and be able to administer them easily at a later time?

Question211: An organization discovers that unauthorized applications have been installed on company-provided mobile phones. The organization issues these devices, but some users have managed to bypass the security controls. Which of the following Is the MOST likely issue, and how can the organization BEST prevent this from happening?

Question212: A government contracting company Issues smartphones lo employees lo enable access lo corporate resources. Several employees will need to travel to a foreign country (or business purposes and will require access lo their phones. However, the company recently received intelligence that its intellectual property is highly desired by the same country's government. Which of the following MDM configurations would BEST reduce the risk of compromise while on foreign soil?

Question213: Which of the following types of security testing is the MOST cost-effective approach used to analyze existing code and identity areas that require patching?

Question214: An Organization wants to separate permissions for individuals who perform system changes from individuals who perform auditing of those system changes. Which of the following access control approaches is BEST suited for this?

Question215: An organization has hired a security analyst to perform a penetration test. The analyst captures 1GB worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to future review the pcap?

Question216: A security administrator begins assessing a network with software that checks for available exploits against a known database using both credentials and external scripts A report will be compiled and used to confirm patching levels This is an example of

Question217: When choosing a hashing algorithm for storing passwords in a web server database, which of the following is the BEST explanation for choosing HMAC-MD5 over simple MD5?

Question218: Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

Question219: During certain vulnerability scanning scenarios, It is possible for the target system to react in unexpected ways. This type of scenario is MOST commonly known as:

Question220: A corporation with 35,000 employees replaces its staff laptops every three years. The social responsibility director would like to reduce the organization's carbon footprint and e-waste by donating the old equipment to a charity. Which of the following would be the MOST cost- and time-effective way for the corporation to prevent accidental disclosure of data and minimize additional cost to the charity?

Question221: An organization is updating its access control standards for SSL VPN login to include multifactor authentication The security administrator assigned to this project has been given the following guidelines to use when selecting a solution
* High security
* Lowest false acceptance rate
* Quick provisioning time for remote users and offshore consultants
Which of the following solutions will BEST fit this organization's requirements?

Question222: An organization was recently compromised by an attacker who used a server certificate with the company's domain issued by an irrefutable CA.
Which of the following should be used to mitigate this risk in the future?

Question223: An administrator is beginning an authorized penetration test of a corporate network. Which of the following tools would BEST assist in identifying potential attacks?

Question224: An organization has the following password policies:
* Passwords must be at least 16 characters long.
* A password cannot be the same as any previous 20 passwords.
* Three failed login attempts will lock the account for five minutes.
* Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol.
A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and suspicious logins are now being detected on a completely separate server. Which of the following is MOST likely the issue and the best solution?