EMT Practice Test

1. Question Content...


Question List

Question1: Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company dat a. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Question2: Which of the following is the best reason to complete an audit in a banking environment?

Question3: Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Question4: Which of the following is required for an organization to properly manage its restore process in the event of system failure?

Question5: Which of the following would be best suited for constantly changing environments?

Question6: Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Question7: A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Question8: A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Question9: An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

Question10: A systems administrator is working on a solution with the following requirements:
* Provide a secure zone.
* Enforce a company-wide access control policy.
* Reduce the scope of threats.
Which of the following is the systems administrator setting up?

Question11: Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

Question12: A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:
. Something you know
. Something you have
. Something you are
Which of the following would accomplish the manager's goal?

Question13: A company prevented direct access from the database administrators' workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

Question14: Which of the following enables the use of an input field to run commands that can view or manipulate data?

Question15: A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Question16: Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Question17: An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

Question18: An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Question19: Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

Question20: An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

Question21: A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.
Which of the following is the most important consideration during development?

Question22: A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Question23: After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Question24: After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Question25: Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

Question26: An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

Question27: An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

Question28: A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?

Question29: A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Question30: A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?

Question31: An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user's activity?

Question32: A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Question33: Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Question34: A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

Question35: The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening'?

Question36: Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

Question37: A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Question38: Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question39: The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?

Question40: An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a "page not found" error message. Which of the following types of social engineering attacks occurred?

Question41: After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

Question42: Which of the following describes the maximum allowance of accepted risk?

Question43: While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?

Question44: A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Question45: Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Question46: An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

Question47: Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

Question48: Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

Question49: Which of the following is a hardware-specific vulnerability?

Question50: A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Question51: A company's web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Question52: Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?

Question53: Which of the following incident response activities ensures evidence is properly handied?

Question54: Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

Question55: You are security administrator investigating a potential infection on a network.
Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.






Question56: An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Question57: An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making this addition to the policy?

Question58: An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

Question59: An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

Question60: A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

Question61: A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Question62: Which of the following describes the process of concealing code or text inside a graphical image?

Question63: A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

Question64: A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?

Question65: A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

Question66: Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

Question67: Which of the following involves an attempt to take advantage of database misconfigurations?

Question68: Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

Question69: A security practitioner completes a vulnerability assessment on a company's network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

Question70: After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Question71: A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

Question72: An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Question73: A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?