EMT Practice Test

1. Question Content...


Question List

Question1: A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?

Question2: A Chief Information Security Officer (CISO) asks the security architect to design a method for contractors to access the company's internal network securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the CISO?

Question3: A new PKI is being built at a company, but the network administrator has concerns about spikes of traffic occurring twice a day due to clients checking the status of the certificates. Which of the following should be implemented to reduce the spikes in traffic?

Question4: A common asymmetric algorithm utilizes the user's login name to create the key to encrypt communications. To ensure the key is Afferent each time the user encrypts data which of the following should be added to the login name?

Question5: A newly hired Chief Security Officer (CSO) is reviewing the company's IRP and notices the procedures for zero-day malware attacks are being poorly executed, resulting m the CSIRT failing to address and coordinate malware removal from the system. Which of the following phases would BEST address these shortcomings?

Question6: A systems administrator has been assigned to create accounts for summer interns. The interns are only authorized to be in the facility and operate computers under close supervision. They must also leave the facility at designated times each day. However, the interns can access intern file folders without supervision. Which of the following represents the BEST way to configure the accounts? (Select TWO).

Question7: A security engineer needs to obtain a recurring log of changes to system files. The engineer is most concerned with detecting unauthorized changes to system dat a. Which of the following tools can be used to fulfill the requirements that were established by the engineer?

Question8: A company recently installed fingerprint scanners at all entrances to increase the facility's security. The scanners were installed on Monday morning, and by the end of the week it was determined that 1.5% of valid users were denied entry. Which of the following measurements do these users fall under?

Question9: Which of the following command line tools would be BEST to identify the services running in a server?

Question10: A company is performing an analysis of the corporate enterprise network with the intent of identifying any one system, person, function, or service that, when neutralized, will cause or cascade disproportionate damage to the company's revenue, referrals, and reputation. Which of the following is an element of the BIA that this action is addressing?

Question11: After a business performed a risk assessment, the current RPO has been deemed insufficient for its needs. The business decides on a new RPO. Which of the following steps should be taken NEXT?

Question12: A systems administrator is auditing the company's Active Directory environment. It is quickly noted that the username "company\bsmith" is interactively logged into several desktops across the organization. Which of the following has the systems administrator MOST likely come across?

Question13: The website of a bank that an organization does business with is being reported as untrusted by the organization's web browser. A security analyst has been assigned to investigate. The analyst discovers the bank recently merged with another local bank and combined names. Additionally, the user's bookmark automatically redirects to the website of the newly named bank. Which of the following is the MOST likely cause of the issue?

Question14: For each of the given items, select the appropriate authentication category from the dropdown choices.
Instructions: When you have completed the simulation, please select the Done button to submit.

Question15: The Chief financial Officer (CFO) of an insurance company received an email from Ann, the company's Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering techniques is the attacker using?

Question16: Which of the following BEST describes a defense-in-depth strategy?

Question17: An organization's policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using any of their previous 12 passwords. The quantization does not use single sign-on, nor does it centralize storage of passwords.
The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected for that separate system. Account login has been detected for users who are on vacation.
Which of the following BEST describes what is happening?

Question18: After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?

Question19: A systems administrator performing routine maintenance notices a user's profile is sending GET requests to an external IP address Which of the following BEST fits this IOC?

Question20: A computer forensics analyst collected a flash drive that contained a single file with 500 pages of text. Which of the following algorithms should the analyst use to validate the integrity of the file?

Question21: A systems administrator has created network file shares for each department with associated security groups for each role within the organization. Which of the following security concepts is the systems administrator implementing?

Question22: A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?

Question23: A security analyst runs the c: \>netstat -b command on a workstation and receives the following output:

The analyst notices an entry on the server for a file called WmdowsRemote.exe that is listening on port 129 Which of the following types of malware is MOST likely being used?

Question24: Which of the following physical security controls is MOST effective when trying to prevent tailgating?

Question25: A company notices that at 10 a.m. every Thursday, three users' computers become inoperable. The security analyst team discovers a file called where.pdf.exe that runs on system startup. The contents of where.pdf.exe are shown below:

Based on the above information, which of the following types of malware was discovered?

Question26: A network administrator was provided the following output from a vulnerability scan.

The network administrator has been instructed to prioritize remediation efforts based on overall risk to the enterprise Which of the following plugin IDs should be remediated fiRST?

Question27: A security analyst has identified malware that is propagating automatically to multiple systems on the network. Which of the following types of malware is MOST likely impacting the network?

Question28: An administrator performs a workstation audit and finds one that has non-standard software installed. The administrator then requests a report to see if a change request was completed for the installed software. The report shows a request was completed. Which of the following has the administrator found?

Question29: You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.
Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.

Question30: You have just received some room and Wifi access control recommendations from a security consulting company. Click on each building to bring up available security controls. Please implement the following requirements:
The Chief Executive Officer's (CEO) office had multiple redundant security measures installed on the door to the office. Remove unnecessary redundancies to deploy three-factor authentication, while retaining the expensive iris render.
The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a passphrase on the customer receipts.
In the Data Center you need to include authentication from the "something you know" category and take advantage of the existing smartcard reader on the door.
In the Help Desk Office, you need to require single factor authentication through the use of physical tokens given to guests by the receptionist.
The PII Office has redundant security measures in place. You need to eliminate the redundancy while maintaining three-factor authentication and retaining the more expensive controls.

Instructions: The original security controls for each office can be reset at any time by selecting the Reset button. Once you have met the above requirements for each office, select the Save button. When you have completed the entire simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.




Question31: An employee workstation with an IP address of 204 211.38.211/24 reports it is unable to submit print jobs to a network printer at 204.211.38.52/24 after a firewall upgrade. The active firewall rules are as follows:

Assuming port numbers have not been changed from their defaults, which of the following should be modified to allow printing to the network printer?

Question32: Which of the following has the potential to create a DoS attack on a system?

Question33: A network administrator wants to further secure the routers and switches that are used on the company network The administrator would like to achieve full packet encryption and full command logging when interacting with these devices Which of the following technologies should be implemented?

Question34: Which of the following is a type of attack in which a hacker leverages previously obtained packets to gam access to a wireless network?

Question35: A network administrator wants to gather information on the security of the network servers in the DMZ. The administrator runs the following command:
Telnet www.example.com 80
Which of the following actions is the administrator performing?

Question36: A security analyst receives the following output:
Which of the following MOST likely occurred to produce this output?

Question37: A network administrator needs to restrict the users of the company's WAPs to the sales department. The network administrator changes and hides the SSID and then discovers several employees had connected their personal devices to the wireless network. Which of the following would limit access to the wireless network to only organization-owned devices in the sales department?

Question38: A network technician needs to monitor and view the websites that are visited by an employee. The employee Is connected to a network switch. Which of the following would allow the technician to monitor the employee's web traffic?

Question39: Which of the following involves the use of targeted and highly crafted custom attacks against a population of users who may have access to a particular service or program?

Question40: Which of the following serves to warn users against downloading and installing pirated software on company devices?

Question41: Which of the following BEST distinguishes Agile development from other methodologies in terms of vulnerability management?

Question42: Which of the following is MOST likely caused by improper input handling?

Question43: A NIPS administrator needs to install a new signature to observe the behavior of a worm that may be spreading over SMB Which of the following signatures should be installed on the NIPS'?

Question44: A Chief Security Officer's (CSO's) key priorities are to improve preparation response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?

Question45: Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

Question46: A newly hired Chief Security Officer (CSO) is reviewing the company's IRP and notices the procedures for zero- day malware attacks are being poorly executed, resulting in the CSIRT failing to address and coordinate malware removal from the system. Which of the following phases would BEST address these shortcomings?

Question47: A security analyst is emailing PII in a spreadsheet file to an audit validator for after-actions related to a security assessment. The analyst must make sure the PII data is protected with the following minimum requirements:
*Ensure confidentiality at rest.
* Ensure the integrity of the original email message.
Which of the following controls would ensure these data security requirements are carried out?

Question48: The website of a bank that an organization does business with is being reported as untrusted by the organization's web browser. A security analyst has been assigned to Investigate. The analyst discovers the band recently merged with another local bank and combined names. Additionally, the user's bookmark automatically redirects to the website of the newly named bank. Which of the following Is the MOST likely cause of the Issue?

Question49: A company is performing an analysis of which corporate units are most likely to cause revenue loss in the event the unit is unable to operate. Which of the following is an element of the BIA that this action is addressing?

Question50: An application developer is working on a new calendar and scheduling application. The developer wants to test new functionality that is time/date dependent and set the local system time to one year in the future. The application also has a feature that uses SHA-256 hashing and AES encryption for data exchange. The application attempts to connect to a separate remote server using SSL, but the connection fails. Which of the following is the MOST likely cause and next step?

Question51: An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware; however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts?

Question52: During a routine check, a security analyst discovered the script responsible for the backup of the corporate file server has been changed to the following:

Which of the following BEST describes the type of malware the analyst discovered?

Question53: Ann. a user, reported to the service desk that many files on her computer will not open or the contents are not readable. The service desk technician asked Ann if she encountered any strange messages on boot-up or login, and Ann indicated she did not. Which of the following has MOST likely occurred on Ann's computer?

Question54: A developer is creating a new web application on a public cloud platform and wants to ensure the application can respond to increase in load while minimizing costs during periods of low usage. Which of the following strategies is MOST relevant to the use-case?

Question55: A member of the IR team has identified an infected computer Which of the following IR phases should the team member conduct NEXT?

Question56: A security administrator learns that Pll, which was gathered by the organization, has been found in an open forum As a result, several C-level executives found their identities were compromised and they were victims of a recent whaling attack. Which of the following would prevent these problems in the future? (Select TWO)

Question57: A developer has just finished coding a custom web application and would like to test it for bugs by automatically injecting malformed data into it. Which of the following is the developer looking to perform?

Question58: Poor inventory control practices can lead to undetected and potentially catastrophic system exploitation due to:

Question59: A startup company is using multiple SaaS and laaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

Question60: A pass-the-hash attack is commonly used to:

Question61: A security analyst just discovered that developers have access to production systems that are used for deployment and troubleshooting One developer, who recently left the company abused this access to obtain sensitive information Which of the following is the BEST account management strategy to prevent this from reoccurring?

Question62: A computer forensics team is performing an integrity check on key systems files. The team is comparing the signatures of original baseline files with the latest signatures. The original baseline was taken on March 2, 2016. and was established to be clean of malware and uncorrupted. The latest tile signatures were generated yesterday. One file is known to be corrupted, but when the team compares the signatures of the original and latest flies, the team sees the Following:
Original: 2d da b1 4a fc f1 98 06 b1 e5 26 b2 df e5 5b 3e cb 83 e1
Latest: 2d da b1 4a 98 fc f1 98 bl e5 26 b2 df e5 5b 3e cb 83 e1
Which of the following is MOST likely the situation?

Question63: After deploying an antivirus solution on some network-isolated industrial computers, the service desk team received a trouble ticket about the following message being displayed on the computers' screens:
Your AV protection has blocked an unknown application while performing suspicious activities. The application was put in quarantine.
Which of the following would be the SAFEST next step to address the issue?

Question64: An attacker has gained control of several systems on the Internet and is using them to attack a website, causing it to stop responding to legitimate traffic. Which of the following BEST describes the attack?

Question65: A security analyst runs a monthly file integrity check on the main web server. When analyzing the logs, the analyst observed the following entry:

No OS patches were applied to this server during this period. Considering the log output, which of the following is the BEST conclusion?

Question66: A security administrator begins assessing a network with software that checks for available exploits against a known database, using both credentials and external scripts. A report will be compiled and used to confirm patching levels. This is an example of:

Question67: A corporation wants to allow users who work for its affiliate companies to sign on to each other's wireless network with their own company's credentials. Which of the following architectures would support this requirement?

Question68: A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:

Question69: Exercising various programming responses for the purpose of gaming insight into a system's security posture without exploiting the system is BEST described as.

Question70: An organization's Chief Executive Officer (CEO) directs a newly hired computer technician to install an OS on the CEO's: personal laptop. The technician performs the installation, and a software audit later in the month indicates a violation of the EULA occurred as a result. Which of the following would address this violation going forward?

Question71: An analyst is reviewing the following web-server log after receiving an alert from the DLP system about multiple PII records being transmitted in cleartext:

Which of the following IP addresses in MOST likely involved in the data leakage attempt?

Question72: Which of the following BEST explains how the use of configuration templates reduces organization risk?

Question73: A security analyst is conducting a vulnerability scan and comes across a scheduled task that runs a batch script The analyst sees the following text when viewing the batch script s contents:

Which of the following is the MOST likely reason for the analyst to flag this task?

Question74: A government agency with sensitive information wants to virtualize its infrastructure. Which of the following cloud deployment models BEST fits the agency's needs?

Question75: Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question76: Which of the following access management concepts is MOST closely associated with the use of a password or PIN??

Question77: Joe, a contractor, is hired by a firm to perform a penetration test against the firm's infrastructure. While conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types is Joe performing?

Question78: A network administrator is brute forcing accounts through a web interface. Which of the following would provide the BEST defense from an account password being discovered?

Question79: A large Industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

Question80: A technician is investigating a report of unusual behavior and slow performance on a company-owned laptop. The technician runs a command and reviews the following information:

Based on the above information, which of the following types of malware should the technician report?

Question81: A security analyst is reviewing the following log:

Which of the following should the analyst report to the security manager?

Question82: Which of the following enables a corporation to extend local security policies to corporate resources hosted in a CSP's infrastructure?

Question83: An employee on the Internet facing part of a company's website submits a 20-character phrase in a small textbox on a web form. The website returns a message back to the browser stating.

Of which of the following is this an example?

Question84: A critical web application experiences slow response times during the end of a company's fiscal year. This web application typically sees a 35% increase in utilization during this time. The Chief Information Officer (CIO) wants an automated solution in place to deal with the annual spike. Which of the following does the CIO MOST likely want to implement?

Question85: An organization needs to integrate with a third-party cloud application. The organization has 15000 users and does not want to allow the cloud provider to query its LDAP authentication server directly. Which of the following is the BEST way for the organization to integrate with the cloud application?

Question86: A Security analyst has received an alert about PII being sent via email. The analyst's Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate?

Question87: An email systems administrator is configuring the mail server to prevent spear phishing attacks through email messages. Which of the following refers to what the administrator is doing?

Question88: A company is implementing a remote access portal so employees can work remotely from home. The company wants to implement a solution that would securely integrate with a third party. Which of the following is the BEST solution?

Question89: A systems administrator just issued the ssh-keygen -t rsa command on a Linux terminal Which of the following BEST describes what the rsa portion of the command represents?

Question90: Which of the following is a technical preventive control?

Question91: An organization wants to implement a solution that allows for automated logical controls for network defense. An engineer plans to select an appropriate network security component, which automates response actions based on security threats to the network. Which of the following would be MOST appropriate based on the engineer's requirements?

Question92: A technician wants to implement PKI-based authentication on an enterprise wireless network. Which of the following should configure to enforce the use for client-site certificates?

Question93: A law firm wants to protect its customers' individual information, which is stored at a remote facility, from inadvertently being compromised through a violation of the security objectives. Which of the following BEST describes the customer information that is being stored at this facility?

Question94: A systems administrator wants to enforce the use of HTTPS on a new website. Which of the following should the systems administrator do NEXT after generating the CSR?

Question95: A company employee recently retired, and there was a schedule delay because no one was capable of filling the employee's position. Which of the following practices would BEST help to prevent this situation in the future?

Question96: During a forensic investigation, which of the following must be addressed fiRST according to the order of volatility?

Question97: A security analyst recommends implementing SSL for an existing web service. A technician installs the SSL certificate and successfully tests the connection on the server. Soon after, the help desk begins receiving calls from users who are unable to log in. After further investigation, it becomes clear that no users have successfully connected to the web server since the certificate installation. Which of the following is MOST likely the issue?

Question98: An organization handling highly confidential information needs to update its systems. Which of the following is the BEST method to prevent data compromise?

Question99: A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and Identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

Question100: A Chief Security Officer (CSO) has implemented a policy to prevent the reuse of hard drives due to the risk of information spillage to unauthorized users. Which of the following would be the MOST practical process to decommission the workstations?

Question101: A network administrator needs to prevent users from accessing the accounting department records. All users are connected to the same Layer 2 device and access the Internet through the same router. Which of the following should be implemented to segment the accounting department from the rest of the users?

Question102: A security team has downloaded a public database of the largest collection of password dumps on the Internet. This collection contains the cleartext credentials of every major breach for the last four years. The security team pulls and compares users' credentials to the database and discovers that more than 30% of the users were still using passwords discovered in this list. Which of the following would be the BEST combination to reduce the risks discovered?

Question103: A security administration a hardening a VPN connection. Recently, company pre-shared keys were hijacked during an MITM attack and reused to breach the VPN connection. Which of the following should the security administrator do to BEST address this issue?

Question104: Which of the following BEST explains 'likelihood of occurrence'?

Question105: When building a hosted datacenter, which of the following is the MOST important consideration for physical security within the datacenter?

Question106: A technician is evaluating a security appliance solution. The company needs a system that continues to pass traffic if the system crashes. Which of the following appliance feature would BEST meet the company's needs?

Question107: An authorized user is conducting a penetration scan of a system for an organization. The tester has a set of network diagrams. Source code, version numbers of applications. and other information about the system. Including hostnames and network addresses. Which of the following BEST describes this type of penetration test?

Question108: Joe, an employee, asks a coworker how long ago Ann started working at the help desk. The coworker expresses surprise since nobody named Ann works at the help desk. Joe mentions that Ann called several people in the customer service department 10 help reset their passwords over the phone due to unspecified "server issues.' Which of the following has occurred?

Question109: A user from the financial aid office is having trouble interacting with the finaid directory on the university's ERP system. The systems administrator who took the call ran a command and received the following output:

Subsequently, the systems administrator has also confirmed the user is a member of the finaid group on the ERP system.
Which of the following is the MOST likely reason for the issue?

Question110: A security engineer deploys a certificate from a commercial CA to the RADIUS server for use with the EAP-TLS wireless network. Authentication is failing, so the engineer examines the certificate's properties:
Issuer: (A commercial CA) Valid from: (yesterday's date)
Valid to: (one year from yesterday's date) Subject: CN=smithco.com
Public key: RSA (2048 bits)
Enhanced key usage: Client authentication (1.3.6.1.5.5.7.3.2) Key usage: Digital signature, key encipherment (a0) Which of the following is the MOST likely cause of the failure?

Question111: A security analyst is investigating a report from an employee in the human resources (HR) department who is having sporadic issues with Internet access. When the security analyst pulls the UTM logs for the IP addresses in the HR group, the following activity is shown:
Which of the following actions should the security analyst take?

Question112: Which of the following is the BEST example of a reputation impact identified during a risk assessment?

Question113: Which of the following implements a stream cipher?

Question114: Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

Question115: A manufacturer creates designs for very high security products that are required to be protected and controlled by government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?

Question116: An organization is drafting an IRP and needs to determine which employees have the authority to take systems offline during an emergency situation. Which of the following is being outlined?

Question117: An organization is struggling to differentiate threats from normal traffic and access to systems A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in Identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?

Question118: A company recently experienced a security breach. The security staff determined that the intrusion was due to an out-of-date proprietary software program running on a non-compliant server. The server was imaged and copied onto a hardened VM, with the previous connections re-established. Which of the following is the NEXT step in the incident response process?

Question119: A systems administrator is implementing a remote access method for the system that will utilize GUI. Which of the following protocols would be BEST suited for this?

Question120: A company has forbidden the use of external media within its headquarters location. A security analyst is working on adding additional repositories to a server in the environment when the analyst notices some odd processes running on the system. The analyst runs a command and sees the following:

Given this output, which of the following security issues has been discovered?

Question121: A company has just completed a vulnerability scan of its servers. A legacy application that monitors the HVAC system in the datacenter presents several challenges, as the application vendor is no longer in business.
Which of the following secure network architecture concepts would BEST protect the other company servers if the legacy server were to be exploited?

Question122: A company hired a firm to test the security posture of its database servers and determine if any vulnerabilities can be exploited. The company provided limited information pertaining to the infrastructure and database server. Which of the following forms of testing does this BEST describe?

Question123: Which of the following cloud models is used to share resources and information with business partners and like businesses without allowing everyone else access?

Question124: While testing a new application, a developer discovers that the inclusion of an apostrophe in a username causes the application to crash. Which of the following secure coding techniques would be MOST useful to avoid this problem?

Question125: When an initialization vector is added to each encryption cycle, it is using the:

Question126: Which of the following algorithms would be used to provide non-repudiation of a file transmission?

Question127: An organization has defined secure baselines for all servers and applications Before any servers or applications are placed into production they must be reviewed for compliance deviations Which of the following actions would streamline the process and provide more consistent results?

Question128: Which of the following BEST describes the concept of persistence in the context of penetration testing?

Question129: An administrator is trying to inspect SSL traffic to evaluate rf it has a malicious code injection The administrator is planning to use the inspection features of a firewall solution Which of the following should be done after the implementation of the firewall solution?

Question130: Which of the following is a symmetric encryption that applies the encryption over multiple iterations?

Question131: A customer calls a technician and needs to remotely connect to a web server to change some code manually. The technician needs to configure the user's machine with protocols to connect to the Unix web server, which is behind a firewall. Which of the following protocols does the technician MOST likely need to configure?

Question132: Which of the following generates reports that show the number of systems that are associated with POODLE, 3DES, and SMBv1 listings?

Question133: A software development company needs to augment staff by hiring consultants for a high-stakes project The project has the following requirements:
* Consultants will have access to flighty confidential, proprietary data.
* Consultants will not be provided with company-owned assets.
* Work needs to start Immediately.
* Consultants will be provided with Internal email addresses for communications.
Which of the following solutions is the BEST method lor controlling data exfiltration during this project?

Question134: Users are attempting to access a company's website but are transparently redirected to another website. The users confirm the URL is correct. Which of the following would BEST prevent this issue in the future?

Question135: A system uses an application server and database server Employing the principle of least privilege, only database administrators are given administrative privileges on the database server, and only application team members are given administrative privileges on the application server. Audit and log file reviews are performed by the business unit (a separate group from the database and application teams).
The organization wants to optimize operational efficiency when application or database changes are needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit and log review performed by the business unit. Which of the following approaches would BEST meet the organization's goals?

Question136: When conducting a penetration test, a pivot is used to describe a scenario in which:

Question137: A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines:
* The VPN must support encryption of header and payload.
* The VPN must route all traffic through the company's gateway.
Which of the following should be configured on the VPN concentrator?

Question138: A user receives a security alert pop-up from the host-based IDS, and a few minutes later notices a document on the desktop has disappeared and in its place is an odd filename with no icon image. When clicking on this icon, the user receives a system notification that it cannot find the correct program to use to open this file. Which of the following types of malware has MOST likely targeted this workstation?

Question139: The security office has had reports of increased tailgating in the datacenter. Which of the following controls should security put in place?

Question140: A security consultant is analyzing data from a recent compromise. The following data points are documented: Access to data on share drives and certain networked hosts was lost after an employee logged in to an interactive session as a privileged user.
The data was unreadable by any known commercial software.
The issue spread through the enterprise via SMB only when certain users accessed dat a. Removal instructions were not available from any major antivirus vendor.
Which of the following types of malware is this an example of?

Question141: Ann, a new employee, received an email from an unknown source indicating she needed to click on the provided link to update her company's profile. Once Ann clicked the link, a command prompt appeared with the following output:

Which of the following types of malware was executed?

Question142: A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunication company has decided to discontinue its dark fiber product and is offering an MPLS connection. Which the law office feels is too expensive. Which of the following is the BEST solution for the law office?

Question143: A company uses WPA2-PSK, and it appears there are multiple unauthorized connected to the wireless network. A technician suspects this is because the wireless passwords has been shared with unauthorized individuals. Which of the following should the technician implement to BEST reduce the risk of this happening in the future?

Question144: The IT department's on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?

Question145: Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly disclosed yet?

Question146: To further secure a company's email system, an administrator is adding public keys to DNS records in the company's domain. Which of the following is being used?

Question147: An organization is building a new customer services team, and the manager needs to keep the team focused on customer issues and minimize distractions. The users have a specific set of tools installed, which they must use to perform their duties. Other tools are not permitted for compliance and tracking purposes. Team members have access to the Internet for product lookups and to research customer issues. Which of the following should a security engineer employ to fulfill the requirements for the manager?

Question148: An analyst is trying to obtain a signed certificate from a CA by pasting a public key into the CA's web request form; however it does not work and an error is generated. Which of the following does the analyst need to paste into the web request form?

Question149: Which of the following control types are alerts sent from a SIEM fulfilling based on vulnerably signatures?

Question150: A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:

Which of the following is the router experiencing?

Question151: A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.
INSTRUCTIONS
Please click on the below items on the network diagram and configure them accordingly:
WAP
DHCP Server
AAA Server
Wireless Controller
LDAP Server
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question152: Smart home devices that ate always on or connected, such as HVAC system components, introduce SOHO networks to risks because of:

Question153: A security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center.
Drag and drop the applicable controls to each asset types?
Instructions: Controls can be used multiple times and not all placeholders need to be filled. When you have completed the simulation, please select the Done button to submit.

Question154: A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?

Question155: Which of the following provides PFS?

Question156: A user contacts the help desk about getting a newly installed application to work When searching the logging servers for the user's IP address the help desk analyst finds the following output from the host-based firewall:

Which of the following is MOST likely occurring?

Question157: Which of the following is an example of resource exhaustion?

Question158: A mobile application developer wants to secure an application that transmits sensitive information Which of the following should the developer implement to prevent SSL MITM attacks?

Question159: The president of a company that specializes in military contracts receives a request for an interview. During the interview, the reporter seems more interested in discussing the president's family life and personal history than the details of a recent company success. Which of the following security concerns is this MOST likely an example of?

Question160: As a security measure, an organization has disabled all external media from accessing the network. Since some users may have data that needs to be transferred to the network, which of the following would BEST assist a security administrator with transferring the data while keeping the internal network secure?

Question161: A company needs to implement an on-premises system that allows partner organizations to exchange order and inventory data electronically with the company over the Internet. The security architect must ensure the data is protected while minimizing the overhead associated with managing individual partner connections. Which of the following should the security architect recommend?

Question162: A coding error has been discovered on a customer-facing website. The error causes each request to return confidential PHI data for the incorrect organization. The IT department is unable to identify the specific customers who are affected. As a result, all customers must be notified of the potential breach. Which of the following would allow the team to determine the scope of future incidents?

Question163: An organization wants to control user accounts and privileged access to database servers. The organization wants to create an audit trail of account requests and approvals, Out also wants to facilitate operational efficiency when account and access changes are needed. The organization has the following account management practices.
* Access requests are processed through a service ticket that requires server and system owner approval.
* Once approved, user access is granted directly to the user's privileged account
* The requests and approvals are sent to the security officer where they are retained for future audits.
* Account activity and user activity are monitored and audited monthly by the business unit.
Which of the following changes should be implemented?

Question164: A junior systems administrator noticed that one of two hard drives in a server room had a red error notification. The administrator removed the hard drive to replace it but was unaware that the server was configured in an array. Which of the following configurations would ensure no data is lost?

Question165: A security engineer wants to add SSL to the public web server. Which of the following would be the fiRST step to implement the SSL certificate?

Question166: Which of the following can occur when a scanning tool cannot authenticate to a server and has to rely on limited information obtained from service banners?

Question167: An organization is updating its access control standards for SSL VPN login to include multifactor authentication The security administrator assigned to this project has been given the following guidelines to use when selecting a solution
* High security
* Lowest false acceptance rate
* Quick provisioning time for remote users and offshore consultants
Which of the following solutions will BEST fit this organization's requirements?

Question168: Exercising various programming responses for the purpose of gaining insight into a system's security posture without exploiting the system is BEST described as:

Question169: Passive reconnaissance during a penetration test consists of:

Question170: Which of the following BEST describes a security exploit for which a vendor patch is not readily available?

Question171: An attacker has obtained the user ID and password of a datacenter's backup operator and has gained access to a production system. Which of the following would be the attacker's NEXT action?

Question172: Which of the following should a technician use to protect a cellular phone that is needed for an investigation, to ensure the data will not be removed remotely?

Question173: A company that processes sensitive information has implemented a BYOD policy and an MDM solution to secure sensitive data that is processed by corporate and personally owned mobile devices. Which of the following should the company implement to prevent sensitive data from being stored on mobile devices?

Question174: A company uses WPA2-PSK. and it appears there are multiple unauthorized devices connected to the wireless network A technician suspects this is because the wireless password has been shared with unauthorized individuals. Which of the following should the technician implement to BEST reduce the risk of this happening in the future?

Question175: A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants lo ensure il does not happen again. Which of the following should the IT administrator do fiRST after recovery?

Question176: While reviewing system logs, a security analyst notices that a large number of end users are changing their passwords four times on the day the passwords are set to expire. The analyst suspects they are cycling their passwords to circumvent current password controls. Which of the following would provide a technical control to prevent this activity from occurring?

Question177: A company has users and porters in multiple geographic locations and the printers are locked in common areas of the offices. To preserve the confidentially of PII, a security administrator needs to implement the appropriate controls Which of the following would BEST meet the confidentiality requirements of the data?

Question178: An analyst is currently looking at the following output:

Which of the following security issues has been discovered based on the output?

Question179: Buffer overflow can be avoided using proper:

Question180: Which of the following is an example of the second A in the AAA model?

Question181: Joe recently assumed the role of data custodian for this organization. While cleaning out an unused storage safe, he discovers several hard drives that are labeled "unclassified" and awaiting destruction. The hard drives are obsolete and cannot be installed in any of his current computing equipment. Which of the following is the BEST method for disposing of the hard drives?

Question182: Which of the following BEST describes the concept of perfect forward secrecy?

Question183: Given the following:
> md5.exe filel.txt
> ADIFAB103773DC6A1E6021B7E503A210
> md5.exe file2.txt
> ADIFAB103773DC6A1E602lB7E503A210
Which of the following concepts of cryptography is shown?

Question184: The security administrator has installed a new firewall which implements an implicit DENY policy by default.
INSTRUCTIONS:
Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the financial server ONLY, over the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

Hot Area:



Section: Network Security

Question185: A security analyst wants to obfuscate some code and decides to use ROT13. Which of the following is an example of the text "HELLO WORLD" in ROT13?

Question186: A company has forbidden the use of external media within its headquarters location. A security analyst is working on adding additional repositories to a server in the environment when the analyst notices some odd processes running on the system. The analyst runs a command and sees the following:
Given this output, which of the following security issues has been discovered?

Question187: Given the information below:
MD5HASH document.doc 049eab40fd36caadlfab10b3cdf4a883
MD5HASH image.jpg 049eab40fd36caadlfab10b3cdf4a883
Which of the following concepts are described above? (Choose two.)

Question188: A company's MOM policy outlines the following requirements:
* Devices can be securely sanitized.
* Devices must only utilize secure Wifi.
* Devices must have biometric and PIN code setup.
The employees must also agree that all devices set up within the MDM have location services turned on. Which of the following options will address AT LEAST two of these requirements?

Question189: An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential incidents in the company. The vertical axis indicates the likelihood or an incident, while the horizontal axis indicates the impact.

Which of the following is this table an example of?

Question190: A security analyst is asked to check the configuration of the company's DNS service on the server. Which of the following command line tools should the analyst use to perform the initial assessment?

Question191: Confidential corporate data was recently stolen by an attacker who exploited data transport protections. Which of the following vulnerabilities is the MOST likely cause of this data breach?

Question192: A security analyst is reviewing the password policy for a service account that is used for a critical network service. The password policy for this account is as follows:
Enforce password history: Three passwords remembered
Maximum password age?: 30 days
Minimum password age: Zero days
Complexity requirements: At least one special character, one uppercase
Minimum password length: Seven characters
Lockout duration: One day
Lockout threshold: five failed attempts in 15 minutes
Which of the following adjustments would be the MOST appropriate for the service account?

Question193: An organization's IRP prioritizes containment over eradication. An incident has been discovered where an attacker outside of the organization has installed cryptocurrency mining software on the organization's web servers. Given the organization's stated priorities, which of the following would be the NEXT step?

Question194: Which of the following is the BEST example of a reputation impact identified during a risk assessment?

Question195: A security analyst wants to prevent current employees who previously worked in different departments from accessing resources that are no longer necessary for their present job roles. Which of the following policies would meet this objective?

Question196: An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

Question197: A security administrator is reviewing the following firewall configuration after receiving reports that users are unable to connect to remote websites:

Which of the following is the MOST secure solution the security administrator can implement to fix this issue?

Question198: A security team has completed the installation of a new server. The OS and applications have been patched and tested, and the server is ready to be deployed. Which of the following actions should be taken before deploying the new server?

Question199: A security administrator plans to conduct a vulnerability scan on the network to determine if system applications are up to date. The administrator wants to limit disruptions to operations but not consume too many resources. Which of the following types of vulnerability scans should be conducted?

Question200: A security analyst is specifying requirements for a wireless network. The analyst must explain the security features provided by various architecture choices.
Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS?

Question201: A user received an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case?

Question202: A company moved into a new building next to a sugar mil. Cracks have been discovered in the walls of the server room, which is located on the same side as the sugar mill loading docks. The cracks are believed to have been caused by heavy trucks. Moisture has begun to seep into the server room, causing extreme humidification problems and equipment failure. Which of the following BEST describes the type of threat the organization faces?

Question203: A network technician discovered the usernames and passwords used for network device configuration have been compromised by a user with a packet sniffer. Which of the following would secure the credentials from sniffing?

Question204: A company is determining where to host a hot site, and one of the locations being considered is in another country. Which of the following should be considered when evaluating this option?

Question205: A security administrator is reviewing the following information from a file that was found on a compromised host:
cat suspiciousfile.txt
www.CompTIA.org\njohn\miloveyou\n$200\nWorking Late\nJohn\nI%20will%20be%20in% 20the%20office%20till%206pm%20to%20finish%20the%20report\n Which of the following types of malware is MOST likely installed on the compromised host?

Question206: A systems administrator has implemented multiple websites using host headers on the same server. The server hosts two websites that require encryption and other websites where encryption is optional. Which of the following should the administrator implement to encrypt web traffic for the required websites?

Question207: A systems engineer is configuring a wireless network. The network must not require installation of third-party software. Mutual authentication of the client and the server must be used. The company has an internal PKI. Which of the following configuration should the engineer choose?

Question208: A large organization has recently noticed an increase in the number of corporate mobile devices that are being lost These mobile devices are used exclusively for on-campus communication at the organization's international headquarters using the wireless network Per the organization's policy the devices should not be taken off campus The security team must find a solution that will encourage users to leave the devices on campus Which of the following is the BEST solution?

Question209: A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

Question210: Several systems and network administrators are determining how to manage access to a facility and enable managers to allow after-hours access. Which of the following access control methods should managers use to assign after-hours access to the employees?

Question211: Which of the following is MOST likely the security impact of continuing to operate end-of-life systems?

Question212: A company is deploying a wireless network. It is a requirement that client devices must use X.509 certifications to mutually authenticate before connecting to the wireless network. Which of the following protocols would be required to accomplish this?

Question213: A technician needs lo document which application versions are listening on open ports. Which of the following is MOST likely to return the information the technician needs?

Question214: An organization has the following password policies:
* Passwords must be at least 16 characters long.
* A password cannot be the same as any previous 20 passwords.
* Three failed login attempts will lock the account for five minutes.
* Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol.
A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and suspicious logins are now being detected on a completely separate server. Which of the following is MOST likely the issue and the best solution?

Question215: A network technician is setting up a new branch for a company. The users at the new branch will need to access resources securely as if they were at 'the main location. Which of the following networking concepts would BEST accomplish this'?

Question216: Which of the following models is considered an iterative approach with frequent testing?

Question217: After receiving an alert regarding an anomaly in network traffic spikes a secunty analyst discovered a web server has a web-enabled application The application was recently installed and was being used by a group of developers that shared a set of default credentials During a switch migration, the server was unintentionally plugged into a switchport that was configured for DMZ access The analysis provided evidence showing the server was being accessed from international IP addresses via the web-enabled application and used to process and print shipping labels Which of the following would prevent this from happening?

Question218: Select the appropriate attack from each drop down list to label the corresponding illustrated attack.
Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have completed the simulation, please select the Done button to submit.

Question219: During the penetration testing of an organization, the tester was provided with the names of a few key servers, along with their IP address. Which of the following is the organization conducting?

Question220: A company recently experienced a network security breach and wants to apply two-factor authentication to secure its network. Which of the following should the company use? (Select TWO)

Question221: A security engineer implements multiple technical measures to secure an enterprise network. The engineer also works with the Chief information Officer (CID) to implement policies to govern user behavior. Which of the following strategies is the security engineer executing?

Question222: An organization has the following written policies:
Users must request approval for non-standard software installation.
Administrators will perform all software installations.
Software must be installed from a trusted repository.
A recent security audit identified crypto-currency software installed on one user's machine. There are no indications of compromise on this machine. Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence?

Question223: Which of the following will ensure the integrity of a file is preserved during the process of forensic acquisition?

Question224: A security engineer wants to further secure a sensitive VLAN on the network by introducing MFA.
Which of the following is the BEST example of this?

Question225: An organization's research department uses workstations in an air-gapped network. A competitor released products based on files that originated in the research department. Which of the following should management do to improve the security and confidentiality of the research files?

Question226: A manufacturing company updates a policy that instructs employees not to enter a secure area in groups and requires each employee to swipe their badge to enter the area When employees continue to ignore the policy, a mantrap is installed. Which of the following BEST describe the controls that were implemented to address this issue? (Select TWO).

Question227: A technician is configuring an intrusion prevention system to improve its ability to find and stop threats In the past, the system did not detect and stop some threats Which of the following BEST describes what the technician is trying to correct with the new configuration?

Question228: A network administrator is trying to provide the most resilient hard drive configuration in a server. With five hard drives, which of the following is the MOST fault-tolerant configuration?

Question229: A technician wants to implement PKI-based authentication on an enterprise wireless network. Which of the following should the technician configure to enforce the use of client-side certificates?

Question230: An organization wishes to allow its users to select devices for business use but does not want to overwhelm the service desk with requests for too many different device types and models. Which of the following deployment models should the organization use to BEST meet these requirements?

Question231: Which of the following has a direct impact on whether a company can meet the RTO?

Question232: An analyst is reviewing the following web-server log after receiving an alert from the DLP system about multiple PII records being transmitted in cleartext:
Which of the following IP addresses is MOST likely involved in the data leakage attempt?

Question233: An organization wants to set up a wireless network in the most secure way. Budget is not a major consideration, and the organization is willing to accept some complexity when clients are connecting. It is also willing to deny wireless connectivity for clients who cannot be connected in the most secure manner. Which of the following would be the MOST secure setup that conforms to the organization's requirements?

Question234: An attacker is able to capture the payload for the following packet:
IP 192.168.1.22:2020 10.10.10.5:443
IP 192.166.1.10:1030 10.10.10.1:21
IP 192.168.1.57:5217 10.10.10.1:3389
During an investigation, an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company. Which of the following is the MOST likely reason?

Question235: Which of the following would MOST likely support the integrity of a voting machine?