EMT Practice Test

1. Question Content...


Question List

Question1: A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Question2: A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Question3: Which of the following risks can be mitigated by HTTP headers?

Question4: A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

Question5: A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

Question6: A network administrator is working on a project to deploy a load balancer in the company's cloud environment. Which of the following fundamental security requirements does this project fulfil?

Question7: Which of the following is the best way to secure an on-site data center against intrusion from an insider?

Question8: Which of the following is the best reason to complete an audit in a banking environment?

Question9: A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?

Question10: A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain's URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

Question11: An engineer moved to another team and is unable to access the new team's shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access?

Question12: A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Question13: An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Question14: Which of the following describes the maximum allowance of accepted risk?

Question15: A systems administrator would like to deploy a change to a production system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue?

Question16: Which of the following is classified as high availability in a cloud environment?

Question17: Which of the following incident response activities ensures evidence is properly handied?

Question18: Which of the following is the most common data loss path for an air-gapped network?

Question19: Which of the following penetration testing teams is focused only on trying to compromise an organization using an attacker's tactics?

Question20: Which of the following can best protect against an employee inadvertently installing malware on a company system?

Question21: A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.
Which of the following is the most important consideration during development?

Question22: While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?

Question23: Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Question24: A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.
SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

Question25: An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

Question26: An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

Question27: A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Question28: Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

Question29: Which of the following security control types does an acceptable use policy best represent?

Question30: A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours.
Which of the following is most likely occurring?

Question31: A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation.
Which of the following logs should the analyst use as a data source?

Question32: A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Question33: Which of the following most impacts an administrator's ability to address CVEs discovered on a server?

Question34: A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

Question35: Which of the following allows for the attribution of messages to individuals?

Question36: Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

Question37: An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

Question38: A technician is deploying a new security camera. Which of the following should the technician do?

Question39: Which of the following should a systems administrator set up to increase the resilience of an application by splitting the traffic between two identical sites?

Question40: Which of the following security controls is most likely being used when a critical legacy server is segmented into a private network?

Question41: The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?

Question42: A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Question43: A newly identified network access vulnerability has been found in the OS of legacy IoT devices.
Which of the following would best mitigate this vulnerability quickly?

Question44: An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

Question45: During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Question46: Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Question47: A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

Question48: Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

Question49: A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.
Which of the following teams will conduct this assessment activity?

Question50: A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Question51: A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

Question52: A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

Question53: An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Question54: An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company's security awareness training program?

Question55: Which of the following threat actors is the most likely to be motivated by profit?

Question56: A systems administrator is working on a defense-in-depth strategy and needs to restrict activity from employees after hours. Which of the following should the systems administrator implement?

Question57: Which of the following would be best suited for constantly changing environments?

Question58: A security administrator would like to protect data on employees' laptops. Which of the following encryption techniques should the security administrator use?

Question59: Which of the following is most likely to be deployed to obtain and analyze attacker activity and techniques?

Question60: Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Question61: A security administrator identifies an application that is storing data using MD5. Which of the following best identifies the vulnerability likely present in the application?

Question62: An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user's activity?

Question63: A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

Question64: A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?

Question65: Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Question66: After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

Question67: An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

Question68: Which of the following would be the best way to block unknown programs from executing?

Question69: A security engineer needs to configure an NGFW to minimize the impact of the increasing number of various traffic types during attacks. Which of the following types of rules is the engineer the most likely to configure?

Question70: After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?

Question71: An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

Question72: A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Question73: Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's PII?

Question74: A company is concerned about weather events causing damage to the server room and downtime.
Which of the following should the company consider?

Question75: The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening?

Question76: Which of the following security concepts is accomplished with the installation of a RADIUS server?

Question77: One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update.
Which of the following vulnerability types is being addressed by the patch?

Question78: After reviewing the following vulnerability scanning report:

A security analyst performs the following test:

Which of the following would the security analyst conclude for this reported vulnerability?

Question79: A security operations center determines that the malicious activity detected on a server is normal.
Which of the following activities describes the act of ignoring detected activity in the future?

Question80: A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?

Question81: During a penetration test, a vendor attempts to enter an unauthorized area using an access badge. Which of the following types of tests does this represent?

Question82: Which of the following scenarios describes a possible business email compromise attack?

Question83: An enterprise is working with a third party and needs to allow access between the internal networks of both parties for a secure file migration. The solution needs to ensure encryption is applied to all traffic that is traversing the networks. Which of the following solutions should most likely be implemented?

Question84: A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Question85: A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

Question86: A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis Which of the following types of controls is the company setting up?

Question87: A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Question88: A software developer released a new application and is distributing application files via the developer's website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

Question89: A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?

Question90: An organization wants to ensure the integrity of compiled binaries in the production environment.
Which of the following security measures would best support this objective?

Question91: Which of the following exercises should an organization use to improve its incident response process?

Question92: Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

Question93: A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Question94: Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Question95: After a security incident, a systems administrator asks the company to buy a NAC platform.
Which of the following attack surfaces is the systems administrator trying to protect?

Question96: A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

Question97: A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Question98: An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

Question99: Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

Question100: A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.
Which of the following analysis elements did the company most likely use in making this decision?

Question101: An administrator is reviewing a single server's security logs and discovers the following;

Which of the following best describes the action captured in this log file?

Question102: Which of the following is required for an organization to properly manage its restore process in the event of system failure?

Question103: A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

Question104: An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user.
Which of the following best describes the type of attack that occurred?

Question105: An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Question106: A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?

Question107: Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

Question108: A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated?

Question109: A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

Question110: Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

Question111: A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

Question112: Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.
Which of the following changes would allow users to access the site?

Question113: An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

Question114: Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Question115: A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?