EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following scenarios describes a possible business email compromise attack?

Question2: An administrator is Investigating an incident and discovers several users' computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks Is most likely the cause of the malware?

Question3: The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Question4: A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Question5: Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Question6: A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis.
Which of the following types of controls is the company setting up?

Question7: Which of the following security concepts is accomplished with the installation of a RADIUS server?

Question8: A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?

Question9: A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts. Which of the following would best enable the reduction in manual work?

Question10: A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Question11: An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system.
Which of the following best describes the actions taken by the organization?

Question12: A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Question13: After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Question14: An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Question15: Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Question16: Which of the following can best protect against an employee inadvertently installing malware on a company system?

Question17: Which of the following agreement types defines the time frame in which a vendor needs to respond?

Question18: An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

Question19: Which of the following is a hardware-specific vulnerability?

Question20: A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

Question21: You are security administrator investigating a potential infection on a network.
Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Question22: A systems administrate wants to implement a backup solution. the solution needs to allow recovery of the entire system, including the operating system, in case of a disaster. Which of the following backup types should the administrator consider?

Question23: Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

Question24: After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Question25: A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

Question26: Which of the following data roles is responsible for identifying risks and appropriate access to data?

Question27: An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

Question28: Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

Question29: After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Question30: A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

Question31: Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

Question32: Which of the following best describe a penetration test that resembles an actual external attach?

Question33: An engineer moved to another team and is unable to access the new team's shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access?

Question34: An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company's security awareness training program?

Question35: A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Question36: An employee in the accounting department receives an email containing a demand for payment tot services performed by a vendor However, the vendor is not in the vendor management database. Which of the following in this scenario an example of?

Question37: A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

Question38: Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.
Which of the following changes would allow users to access the site?

Question39: An organization wants to ensure the integrity of compiled binaries in the production environment. Which of the following security measures would best support this objective?

Question40: Which of the following is a primary security concern for a company setting up a BYOD program?

Question41: Which of the following is used to quantitatively measure the criticality of a vulnerability?

Question42: A security analyst reviews domain activity logs and notices the following:
Which of the following is the best explanation for what the security analyst has discovered?

Question43: After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?

Question44: A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

Question45: The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening'?

Question46: A systems administrator wants to prevent users from being able to access data based on their responsibilities.
The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

Question47: An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Question48: A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:
. Something you know
. Something you have
. Something you are
Which of the following would accomplish the manager's goal?

Question49: Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Question50: An organization's internet-facing website was compromised when an attacker exploited a buffer overflow.
Which of the following should the organization deploy to best protect against similar attacks in the future?

Question51: A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Question52: While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?

Question53: An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas.
The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

Question54: department is not using the company VPN when accessing various company-related services and systems.
Which of the following scenarios describes this activity?

Question55: Which of the following would be best suited for constantly changing environments?

Question56: A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

Question57: A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

Question58: A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?

Question59: The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Question60: An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

Question61: The CIRT is reviewing an incident that involved a human resources recruiter exfiltration sensitive company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

Question62: A company that is located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to immediately continue operations. Which of the following is the best type of site for this company?

Question63: An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user's activity?

Question64: An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

Question65: A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

Question66: Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Question67: Which of the following exercises should an organization use to improve its incident response process?

Question68: An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

Question69: A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

Question70: A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?

Question71: A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Question72: A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Question73: Which of the following is used to validate a certificate when it is presented to a user?

Question74: Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Question75: A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

Question76: Which of the following most impacts an administrator's ability to address CVEs discovered on a server?

Question77: A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.
Which of the following teams will conduct this assessment activity?

Question78: Which of the following would most likely mitigate the impact of an extended power outage on a company's environment?

Question79: An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

Question80: Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Question81: A website user is locked out of an account after clicking an email link and visiting a different website Web server logs show the user's password was changed, even though the user did not change the password. Which of the following is the most likely cause?

Question82: Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

Question83: The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization's agreed-upon RPOs end RTOs. Which of the following backup scenarios would best ensure recovery?

Question84: During a security incident, the security operations team identified sustained network traffic from a malicious IP address:
10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Question85: A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Question86: Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Question87: An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

Question88: Which of the following tasks is typically included in the BIA process?

Question89: A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

Question90: Which of the following allows for the attribution of messages to individuals?

Question91: Which of the following is the most common data loss path for an air-gapped network?

Question92: A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Question93: Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

Question94: Which of the following is the most likely to be included as an element of communication in a security awareness program?

Question95: An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

Question96: A company requires hard drives to be securely wiped before sending decommissioned systems to recycling.
Which of the following best describes this policy?

Question97: The application development teams have been asked to answer the following questions:
* Does this application receive patches from an external source?
* Does this application contain open-source code?
* is this application accessible by external users?
* Does this application meet the corporate password standard?
Which of the following are these questions port of?

Question98: A security administrator identifies an application that is storing data using MD5. Which of the following best identifies the vulnerability likely present in the application?

Question99: A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

Question100: A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data.
Which of the following should the administrator do first?

Question101: A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

Question102: Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?

Question103: An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users' passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Question104: Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

Question105: Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Question106: An organization is required to maintain financial data records for three years and customer data for five years.
Which of the following data management policies should the organization implement?

Question107: A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Question108: Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Question109: Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?

Question110: A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Question111: An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Question112: A company would like to provide employees with computers that do not have access to the internet in order to prevent information from being leaked to an online forum. Which of the following would be best for the systems administrator to implement?

Question113: After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

Question114: Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

Question115: A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?

Question116: A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered.
Which of the following best describes the program the company is setting up?

Question117: Sine a recent upgrade (o a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

Question118: An administrator is reviewing a single server's security logs and discovers the following; Which of the following best describes the action captured in this log file?

Question119: During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Question120: Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's PII?

Question121: A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?