EMT Practice Test

1. Question Content...


Question List

Question1: A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?

Question2: Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?

Question3: During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of
12 months via the internet. The penetration tester stops the test to inform the client of the findings Which of the following should be the client's NEXT step to mitigate the issue''

Question4: During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this reasoning?

Question5: A penetration tester was able to compromise an internal server and is now trying to pivot the current session in a network lateral movement Which of the following tools if available on the server, will provide the MOST useful information for the next assessment step?

Question6: A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the following would BEST meet these requirements?

Question7: After reluming from a conference, a user's laptop has been operating slower than normal and overheating and the fans have been running constantly Dunng the diagnosis process, an unknown piece of hardware is found connected to the laptop's motherboard Which of the following attack vectors was exploited to install the hardware?

Question8: An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

Question9: Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a secunty analyst for further review The security analyst reviews the following metrics:

Which of the following is MOST likely the result of the security analyst's review?

Question10: An organization has activated an incident response plan due to a malware outbreak on its network The organization has brought in a forensics team that has identified an internet-facing Windows server as the likely point of initial compromise The malware family that was detected is known to be distributed by manually logging on to servers and running the malicious code Which of the following actions would be BEST to prevent reinfection from the initial infection vector?

Question11: As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?

Question12: A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud.
Which of the following cloud models is being used?

Question13: A company is implementing BYOD and wants to ensure all users have access to the same cloud-based services. Which of the following would BEST allow the company to meet this requirement?

Question14: Which of the following would be indicative of a hidden audio file found inside of a piece of source code?

Question15: A company has a flat network in the cloud. The company needs to implement a solution to segment its production and non-production servers without migrating servers to a new network. Which of the following solutions should the company implement?

Question16: After a recent security breach a security analyst reports that several admimstratrve usemames and passwords are being sent via cieartext across the network to access network devices over prot 23 Which of the following should be implemented so all credentials sent over the network are encrypted when remotely accessing and configunng network devices?

Question17: While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method.
Which of the following would BEST detect a malicious actor?

Question18: During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLs on each critical server Following an investigation, the company realizes it is still vulnerable because outbound traffic is not restricted and the adversary is able lo maintain a presence in the network. In which of the following stages of the Cyber Kill Chain is the adversary currently operating?

Question19: A business operations manager is concerned that a PC that is critical to business operations will have a costly hardware failure soon. The manager is looking for options to continue business operations without incurring large costs. Which of the following would mitigate the manager's concerns?

Question20: A forensics investigator is examining a number of unauthorized payments the were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:
<a href-"https://www.company.com/payto.do?routing=00001111&accc=22223334&amount-250">Click here to unsubscribe</a> Which of the following will the forensics investigator MOST likely determine has occurred?

Question21: An organization has developed an application that needs a patch to fix a critical vulnerability In which of the following environments should the patch be deployed LAST?

Question22: An organization is planning lo open other data centers to sustain operations in the event of a natural disaster.
Which of the following considerations would BEST support the organization's resiliency?

Question23: A security analyst is receiving several alerts per user and is trying to determine If various logins are malicious.
The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?

Question24: The Chief information Security Officer wants to prevent exfilitration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the Best solution to implement?

Question25: A junior security analyst iss conducting an analysis after passwords were changed on multiple accounts without users' interaction. The SIEM have multiple logtn entnes with the following text:

Which of Ihe following is the MOST likely attack conducted on the environment?

Question26: Which of the following describes the exploitation of an interactive process to gain access to restncted areas?

Question27: During a security incident investigation, an analyst consults the company's SIEM and sees an event concerning high traffic to a known, malicious command-and-control server. The analyst would like to determine the number of company workstations that may be impacted by this issue. Which of the following can provide the information?

Question28: A security analyst in a SOC has been tasked with onboarding a new network into the SIEM. Which of the following BEST describes the information that should feed into a SIEM solution in order to adequately support an investigation?

Question29: A company wants to improve end users experiences when they tog in to a trusted partner website The company does not want the users to be issued separate credentials for the partner website Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner's website?

Question30: Which of the following would BEST provide detective and corrective controls for thermal regulation?

Question31: Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?

Question32: A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity modem response team The caller asks the technician to verify the network's internal firewall IP address Which of the following 15 the technician's BEST course of action?

Question33: A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gain access?

Question34: Which of the following control Types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?

Question35: Which biometric error would allow an unauthorized user to access a system?

Question36: A tax organization is working on a solution to validate the online submission of documents The solution should be earned on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?

Question37: An organization is building backup server rooms in geographically diverse locations The Chief Information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room Which of the following should the systems engineer consider?

Question38: The Chief Compliance Officer from a bank has approved a background check policy for all new hires Which of the following is the policy MOST likely protecting against?

Question39: A security incident has been resolved Which of the following BEST describes the importance of the final phase of the incident response plan?

Question40: The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to Implement?

Question41: An amusement park is implementing a btomelnc system that validates customers' fingerpnnts to ensure they are not sharing tickets The park's owner values customers above all and would prefer customers' convenience over security For this reason which of the following features should the security team prioritize FIRST?

Question42: Which of the following is the MOST relevant security check to be performed before embedding third-parry libraries in developed code?

Question43: A company is implementing a DLP solution on the file server. The file server has Pll. financial information, and health information stored on it Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data Which of the following should the company do to help accomplish this goal?

Question44: An attack has occurred against a company.
INSTRUCTIONS
You have been tasked to do the following:
Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output. (Answer Area 1).
Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.
(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.


Select and Place:

Question45: Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention?

Question46: A security administrator is analyzing the corporate wireless network The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access ports Which of the following attacks in happening on the corporate network?

Question47: A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?

Question48: Which of the following terms describes a broad range of information that is sensitive to a specific organization?

Question49: An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

Question50: A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?

Question51: A security forensics analyst is examining a virtual server. The analyst wants to preserve the present state of the virtual server, including memory contents Which of the following backup types should be used?

Question52: An IT manager is estimating the mobile device budget for the upcoming year Over the last five years, the number of devices that were replaced due to loss damage or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

Question53: The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data at rest only in certain fields in the database schema. The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs Which of the following is the BEST solution to meet the requirement?

Question54: Which of the following actions would be recommended to improve an incident response process?

Question55: Which of the following organizations sets frameworks and controls for optimal security configuration on systems?

Question56: An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?

Question57: After a recent security incident, a security analyst discovered that unnecessary ports were open on a firewall policy for a web server. Which of the following firewall policies would be MOST secure for a web server?
A)

B)

C)

D)

Question58: While preparing a software Inventory report, a security analyst discovers an unauthorized program installed on most of the company's servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. Which of the following mitigations would BEST secure the server environment?

Question59: An incident has occurred in the production environment.
Analyze the command outputs and identify the type of compromise.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.