EMT Practice Test

1. Question Content...


Question List

Question1: A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?

Question2: Which of the following will increase cryptographic security?

Question3: A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which of the following is BEST to use to complete the configuration?

Question4: A security analyst is designing the appropnate controls to limit unauthorized access to a physical site The analyst has a directive to utilize the lowest possible budget Which of the following would BEST meet the requirements?

Question5: A security analyst in a SOC has been tasked with onboarding a new network into the SIEM. Which of the following BEST describes the information that should feed into a SIEM solution in order to adequately support an investigation?

Question6: A technician enables full disk encryption on a laptop that will be taken on a business tnp. Which of the following does this process BEST protect?

Question7: As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?

Question8: To reduce and limit software and infrastructure costs, the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have security controls to protect sensitive dat a. Which of the following cloud services would BEST accommodate the request?

Question9: A security policy states that common words should not be used as passwords. A security auditor was able to perform a dictionary attack against corporate credentials Which of the following controls was being violated?

Question10: An organization is building backup server rooms in geographically diverse locations The Chief Information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room Which of the following should the systems engineer consider?

Question11: Which of the following terms describes a broad range of information that is sensitive to a specific organization?

Question12: Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?

Question13: An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

Question14: Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production?

Question15: Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a secunty analyst for further review The security analyst reviews the following metrics:

Which of the following is MOST likely the result of the security analyst's review?

Question16: A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company's cloud environment Which of the following is an immediate consequence of these integrations?

Question17: An organization has hired a ted team to simulate attacks on its security posture Which of the following will the blue team do after detecting an loC?

Question18: Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

Question19: The Chief Information Secunty Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?

Question20: Which of the following is an example of transference of risk?

Question21: A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found. Which of the following attacks was MOST likely used to cause the data toss?

Question22: Which of the following is the MOST relevant security check to be performed before embedding third-parry libraries in developed code?

Question23: Which of the following is a benefit of including a risk management framework into an organization's security approach?

Question24: A company is receiving emails with links to phishing sites that look very similar to the company's own website address and content. Which of the following is the BEST way for the company to mitigate this attack?

Question25: Which of the following is the MOST effective control against zero-day vulnerabilities?

Question26: An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps Which of the following control types has the organization implemented?

Question27: During an incident response process involving a laptop, a host was identified as the entry point for malware. The management team would like to have the laptop restored and given back to the user. The cybersecurity analyst would like to continue investigating the intrusion on the host. Which of the following would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible?

Question28: A software company adopted the following processes before releasing software to production;
* Peer review
* Static code scanning
* Signing
A considerable number of vulnerabilities are still being detected when code is executed on production Which of the following security tools can improve vulnerability detection on this environment?

Question29: A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gain access?

Question30: A security engineer is deploying a new wireless for a company. The company shares office space with multiple tenants. Which of the following should the engineer configured on the wireless network to ensure that confidential data is not exposed to unauthorized users?

Question31: Which of the following control types is focused primarily on reducing risk before an incident occurs?

Question32: Which of the following components can be used to consolidate and forward inbound Internet traffic to multiple cloud environments though a single firewall?

Question33: An organization maintains several environments in which patches are developed and tested before deployed to an operation status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?

Question34: Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

Question35: Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question36: A junior security analyst iss conducting an analysis after passwords were changed on multiple accounts without users' interaction. The SIEM have multiple logtn entnes with the following text:

Which of Ihe following is the MOST likely attack conducted on the environment?

Question37: DRAG DROP
An attack has occurred against a company.
INSTRUCTIONS
You have been tasked to do the following:
Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output. (Answer Area 1).
Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.
(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question38: During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings Which of the following should be the client's NEXT step to mitigate the issue''

Question39: Several attempts have been made lo pick the door lock of a secure facility As a result the security engineer has been assigned to implement a stronger preventative access control Which of the following would BEST complete the engineer's assignment?

Question40: A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity modem response team The caller asks the technician to verify the network's internal firewall IP address Which of the following 15 the technician's BEST course of action?

Question41: Which of the following would detect intrusions at the perimeter of an airport?

Question42: A security analyst is receiving several alerts per user and is trying to determine If various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?

Question43: A security analyst wants to fingerpnnt a web server Which of the following tools will the security analyst MOST likely use to accomplish this task?

Question44: Field workers in an organization are issued mobile phones on a daily basis All the work is performed within one city and the mobile phones are not used for any purpose other than work The organization does not want these pnones used for personal purposes. The organization would like to issue the phones to workers as permanent devices so the pnones do not need to be reissued every day Qven the conditions described, which of the following technologies would BEST meet these requirements'

Question45: A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution In order to reslnct PHI documents which of the following should be performed FIRST?

Question46: Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?

Question47: An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?

Question48: An organization is planning lo open other data centers to sustain operations in the event of a natural disaster. Which of the following considerations would BEST support the organization's resiliency?

Question49: Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities After further investigation, a security analyst notices the following
* All users share workstations throughout the day
* Endpoint protection was disabled on several workstations throughout the network.
* Travel times on logins from the affected users are impossible
* Sensitive data is being uploaded to external sites
* All usee account passwords were forced lo be reset and the issue continued Which of the following attacks is being used to compromise the user accounts?

Question50: While preparing a software Inventory report, a security analyst discovers an unauthorized program installed on most of the company's servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. Which of the following mitigations would BEST secure the server environment?

Question51: After a recent security breach, a security analyst reports that several administrative usernames and passwords are being sent via cleartext across the network to access network devices over port 23. Which of the following should be implemented so all credentials sent over the network are encrypted when remotely accessing and configuring network devices?

Question52: A company wants to improve end users experiences when they tog in to a trusted partner website The company does not want the users to be issued separate credentials for the partner website Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner's website?

Question53: A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity modem response team The caller asks the technician to verify the network's internal firewall IP address Which of the following 15 the technician's BEST course of action?

Question54: Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to connect network traffic between workstation throughout the network. The analysts review the following logs:

The layer 2 address table has hundred of entries similar to the ones above. Which of the following attacks has MOST likely occurred?

Question55: A company has a flat network in the cloud. The company needs to implement a solution to segment its production and non-production servers without migrating servers to a new network. Which of the following solutions should the company implement?

Question56: An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?

Question57: An organization discovered files with proprietary financial data have been deleted. The files have been recovered from backup but every time the Chief Financial Officer logs in to the file server, the same files are deleted again No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior?

Question58: An analyst receives multiple alerts for beaconing activity for a host on the network, After analyzing the activity, the analyst observes the following activity:
* A user enters comptia.org into a web browser.
* The website that appears is not the comptia.org site.
* The website is a malicious site from the attacker.
* Users in a different office are not having this issue.
Which of the following types of attacks was observed?

Question59: A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Question60: While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

Question61: An employee received a word processing file that was delivered as an email attachment The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware?

Question62: A company is considering transitioning to the cloud. The company employs individuals from various locations around the world The company does not want to increase its on-premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company?

Question63: An engineer wants to inspect traffic to a cluster of web servers in a cloud environment. Which of the following solutions should the engineer implement?

Question64: A user enters a username and a password at the login screen for a web portal. A few seconds later the following message appears on the screen: Please use a combination of numbers, special characters, and letters in the password field. Which of the following concepts does this message describe?

Question65: A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to find requested servers?

Question66: A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions BEST fits this use case?

Question67: Which of the following describes the exploitation of an interactive process to gain access to restncted areas?

Question68: Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

Question69: A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output:

Which of the following is MOST likely occurring?

Question70: After reluming from a conference, a user's laptop has been operating slower than normal and overheating and the fans have been running constantly Dunng the diagnosis process, an unknown piece of hardware is found connected to the laptop's motherboard Which of the following attack vectors was exploited to install the hardware?

Question71: After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset This technique is an example of:

Question72: During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this reasoning?