EMT Practice Test

1. Question Content...


Question List

Question1: The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?

Question2: The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Question3: Which of the following is used to validate a certificate when it is presented to a user?

Question4: A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

Question5: An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Question6: A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

Question7: A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

Question8: After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?

Question9: Which of the following security concepts is accomplished with the installation of a RADIUS server?

Question10: An organization wants to ensure the integrity of compiled binaries in the production environment. Which of the following security measures would best support this objective?

Question11: A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Question12: A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

Question13: Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

Question14: Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Question15: A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Question16: An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

Question17: Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

Question18: Which of the following would be best suited for constantly changing environments?

Question19: Which of the following can be used to identify potential attacker activities without affecting production servers?

Question20: A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

Question21: A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

Question22: A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?

Question23: Which of the following is required for an organization to properly manage its restore process in the event of system failure?

Question24: After performing an assessment, an analyst wants to provide a risk rating for the findings. Which of the following concepts should most likely be considered when calculating the ratings?

Question25: An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

Question26: An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Question27: Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Question28: Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question29: An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a "page not found" error message. Which of the following types of social engineering attacks occurred?

Question30: A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

Question31: A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Question32: Which of the following describes the category of data that is most impacted when it is lost?

Question33: The CIRT is reviewing an incident that involved a human resources recruiter exfiltration sensitive company dat a. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

Question34: A systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration:
* Most secure algorithms should be selected
* All traffic should be encrypted over the VPN
* A secret password will be used to authenticate the two VPN concentrators




Question35: An organization is required to maintain financial data records for three years and customer data for five years. Which of the following data management policies should the organization implement?

Question36: Which of the following describes the process of concealing code or text inside a graphical image?

Question37: A security administrator identifies an application that is storing data using MD5. Which of the following best identifies the vulnerability likely present in the application?

Question38: A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Question39: A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Question40: A company's web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Question41: A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.
Which of the following teams will conduct this assessment activity?

Question42: A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.
Which of the following analysis elements did the company most likely use in making this decision?

Question43: A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

Question44: A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?

Question45: A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain's URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

Question46: Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

Question47: After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Question48: An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

Question49: A systems administrator is working on a defense-in-depth strategy and needs to restrict activity from employees after hours. Which of the following should the systems administrator implement?

Question50: A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?

Question51: A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Question52: A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?

Question53: Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

Question54: A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

Question55: An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Question56: After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Question57: An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

Question58: During a recent breach, employee credentials were compromised when a service desk employee issued an MFA bypass code to an attacker who called and posed as an employee. Which of the following should be used to prevent this type of incident in the future?

Question59: An administrator is reviewing a single server's security logs and discovers the following;

Which of the following best describes the action captured in this log file?

Question60: A security engineer needs to configure an NGFW to minimize the impact of the increasing number of various traffic types during attacks. Which of the following types of rules is the engineer the most likely to configure?

Question61: A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

Question62: A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?

Question63: Which of the following involves an attempt to take advantage of database misconfigurations?

Question64: A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Question65: Which of the following is most likely to be deployed to obtain and analyze attacker activity and techniques?

Question66: A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

Question67: After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Question68: Which of the following is a hardware-specific vulnerability?

Question69: Which of the following incident response activities ensures evidence is properly handied?

Question70: Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

Question71: An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user's activity?

Question72: Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Question73: Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

Question74: Which of the following is the most common data loss path for an air-gapped network?

Question75: Which of the following would be the best way to block unknown programs from executing?

Question76: Which of the following best describes configuring devices to log to an off-site location for possible future reference?

Question77: Which of the following would be used to detect an employee who is emailing a customer list to a personal account before leaving the company?

Question78: A company tested and validated the effectiveness of network security appliances within the corporate network. The IDS detected a high rate of SQL injection attacks against the company's servers, and the company's perimeter firewall is at capacity. Which of the following would be the best action to maintain security and reduce the traffic to the perimeter firewall?

Question79: A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Question80: Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

Question81: The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Question82: A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

Question83: Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

Question84: Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

Question85: A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.
Which of the following is the most important consideration during development?

Question86: After reviewing the following vulnerability scanning report:
Server:192.168.14.6
Service: Telnet
Port: 23 Protocol: TCP
Status: Open Severity: High
Vulnerability: Use of an insecure network protocol
A security analyst performs the following test:
nmap -p 23 192.168.14.6 -script telnet-encryption
PORT STATE SERVICE REASON
23/tcp open telnet syn-ack
I telnet encryption:
| _ Telnet server supports encryption
Which of the following would the security analyst conclude for this reported vulnerability?