EMT Practice Test

1. Question Content...


Question List

Question1: A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected?

Question2: A security analyst has received an alert about being sent via email. The analyst's Chief information Security Officer (CISO) has made it clear that PII must be handle with extreme care From which of the following did the alert MOST likely originate?

Question3:

Question4: Following a prolonged datacenter outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements:
* There must be visibility into how teams are using cloud-based services.
* The company must be able to identify when data related to payment cards is being sent to the cloud.
* Data must be available regardless of the end user's geographic location
* Administrators need a single pane-of-glass view into traffic and trends.
Which of the following should the security analyst recommend?

Question5: A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?

Question6:

Question7: A security analyst is performing a forensic investigation compromisedaccount credentials. Using the Event Viewer, the analyst able to detect the following message, ''Special privileges assigned to new login.'' Several of these messages did not have a valid logon associated with the user before these privileges were assigned.
Which of the following attacks is MOST likely being detected?

Question8:

Question9: A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are:
* www.company.com (main website)
* contactus.company.com (for locating a nearby location)
* quotes.company.com (for requesting a price quote)
The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements?

Question10:

Question11:

Question12:

Question13:

Question14:

Question15: Which of the following BEST describes a security exploit for which a vendor patch is not readily available?

Question16: An organization suffered an outage and a critical system took 90 minutes to come back online. Though there was no data loss during the outage, the expectation was that the critical system wouldbe available again within
60 minutes Which of the following is the 60-minute expectation an example of:

Question17: A symmetric encryption algorithm Is BEST suited for:

Question18:

Question19: A security administrator needs to create a RAIS configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use?

Question20:

Question21:

Question22: A cybersecurity administrator is usingiptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive All connections are being dropped by the firewall. Which of the following would be the BEST option to remove the rules?

Question23: In which ofthe following situations would it be BEST to use a detective control type for mitigation?

Question24:

Question25: An attacker is exploiting a vulnerability that does not have a patch available. Which of the following is the attacker exploiting?

Question26:

Question27:

Question28: An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?

Question29: Which of the following relets to applications and systems that are used within an organization without consent or approval?

Question30: An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following:

Which of the following BEST describes the attack that was attempted against the forum readers?

Question31:

Question32: A security analyst needs to make a recommendation for restricting access to certain segments of the network using only data-link layer security. Which of the following controls will the analyst MOST likely recommend?

Question33: A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?

Question34: Which of the following ISO standards is certified for privacy?

Question35: A malicious actor recently penetration a company's network and movedlaterally to the datacenter. Upon investigation, a forensics firm wants to know was in the memory on the compromised server. Which of the following files should be given to the forensics firm?

Question36:

Question37:

Question38: A large enterprise has moved all Hs data to the cloud behind strong authentication andencryption A sales director recently had a laptop stolen and later, enterprise data was round to have been compromised database.
Which of the following was the MOST likely cause?

Question39: A security analyst discovers that a company username and password database was posted on aninternet forum.
The username and passwords are stored in plan text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Question40:

Question41:

Question42: When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

Question43:

Question44: A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute. Which of the following intelligence sources should to security analyst review?

Question45: An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139.
Which of the following sources should the analyst review to BEST ascertain how the Incident could have been prevented?

Question46:

Question47: The IT department at a university is concerned about professors placing servers on the university network in an attempt to bypass security controls. Which of thefollowing BEST represents this type of threat?

Question48: A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better.

Question49:

Question50: A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST toprovide security, manageability, and visibility into the platforms?

Question51: A user is concerned that a web application will not be able to handle unexpected or random input without crashing. Which of the following BEST describes the type of testing the user should perform?

Question52: Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?

Question53: A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring?

Question54: Which of the following algorithms has the SMALLEST key size?

Question55:

Question56:

Question57: Which of the following will MOST likelycause machine learning and Al-enabled systems to operate with unintended consequences?

Question58:

Question59: Select the appropriate attack andremediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, pleaseclick the Reset All button.

Question60: An organization's help desk is flooded with phone calls from usersstating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?

Question61:

Question62: A network administrator would like to configure a site-to-site VPN utilizing iPSec. The administrator wants the tunnel to be established with data integrity encryption, authentication and anti- replay functions Which of the following should the administrator use when configuring the VPN?

Question63: A security analyst is reviewing the output of a web server logand notices a particular account is attempting to transfer large amounts of money:

Which of the following types of attack is MOST likely being conducted?

Question64: A network administrator has been asked to install an IDS to improve the security posture of an organization.
Which of the following control types is an IDS?

Question65:

Question66:

Question67: A remote user recently took atwo-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user's inability to connect the laptop to the VPN?

Question68: After entering a username and password, and administrator must gesture on a touch screen. Which of the following demonstrates what the administrator is providing?

Question69: Which of the following incident response steps involvesactions to protect critical systems while maintaining business operations?

Question70: Which of the following describes the BEST approach for deploying application patches?

Question71:

Question72:

Question73:

Question74:

Question75:

Question76: The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the company's Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering techniques is the attacker using?

Question77: The SOC is reviewing process and procedures after a recent incident. The review indicates it took more than
30 minutes to determine that quarantining an infected host was the best course of action. Theallowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?

Question78:

Question79: Which of the following types of controls is a turnstile?

Question80: A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable toconnect to network drives. The issues appear to increase when laptop users return desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gainaccess to them. Which of the following is the MOST likely cause of this issue?

Question81: Anorganization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfer the pcap back to the machine for analysis. Which of the following tools should the analyst use tofurther review the pcap?

Question82: To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models wouldBEST meet the needs of the organization?

Question83: A security analyst has been asked to investigate a situation after the SOC started to receive alerts from theSIEM. The analyst first looks at the domain controller and finds the following events:

To better understand what is going on, the analyst runs a command and receives the following output:

Based on the analyst's findings, which of thefollowing attacks is being executed?

Question84:

Question85: Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in earlydiscussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?

Question86:

Question87: A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand beforewriting the policies?

Question88:

Question89: