EMT Practice Test

1. Question Content...


Question List

Question1: A company relies on open-source software libraries to build the software used by its customers. Which of the following vulnerability types would be the most difficult to remediate due to the company's reliance on open-source libraries?

Question2: Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question3: A malicious update was distributed to a common software platform and disabled services at many organizations. Which of the following best describes this type of vulnerability?

Question4: An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

Question5: Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Question6: A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

Question7: Which of the following is a feature of a next-generation SIEM system?

Question8: Which of the following is used to quantitatively measure the criticality of a vulnerability?

Question9: Which of the following should a security operations center use to improve its incident response procedure?

Question10: Which of the following data states applies to data that is being actively processed by a database server?

Question11: A company wants to ensure employees are allowed to copy files from a virtual desktop during the workday but are restricted during non-working hours. Which of the following security measures should the company set up?

Question12: Which of the following topics would most likely be included within an organization's SDLC?

Question13: During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Question14: An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

Question15: Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

Question16: Which of the following definitions best describes the concept of log co-relation?

Question17: An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems. Which of the following is the most likely reason for the new requirement?

Question18: Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Question19: A network administrator wants to ensure that network traffic is highly secure while in transit. Which of the following actions best describes the actions the network administrator should take?

Question20: An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

Question21: Which of the following would most likely be used by attackers to perform credential harvesting?

Question22: A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Question23: A company's web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Question24: The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Which of the following most likely describes attack that took place?

Question25: A systems administrator is concerned about vulnerabilities within cloud computing instances Which of the following is most important for the administrator to consider when architecting a cloud computing environment?

Question26: Which of the following best describe a penetration test that resembles an actual external attach?

Question27: Which of the following allows an exploit to go undetected by the operating system?

Question28: A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network. Which of the following is the best log to review?

Question29: Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

Question30: A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

Question31: A security administrator observed the following in a web server log while investigating an incident:
Which of the following attacks did the security administrator most likely see?

Question32: After reviewing the following vulnerability scanning report:
Server:192.168.14.6
Service: Telnet
Port: 23 Protocol: TCP
Status: Open Severity: High
Vulnerability: Use of an insecure network protocol
A security analyst performs the following test:
nmap -p 23 192.168.14.6 -script telnet-encryption
PORT STATE SERVICE REASON
23/tcp open telnet syn-ack
I telnet encryption:
| _ Telnet server supports encryption
Which of the following would the security analyst conclude for this reported vulnerability?

Question33: Which of the following would be the most appropriate way to protect data in transit?

Question34: In which of the following scenarios is tokenization the best privacy technique 10 use?

Question35: Which of the following consequences would a retail chain most likely face from customers in the event the retailer is non-compliant with PCI DSS?

Question36: Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

Question37: An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

Question38: Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Question39: Which of the following is the most common data loss path for an air-gapped network?

Question40: A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

Question41: A company prevented direct access from the database administrators' workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

Question42: An employee used a company's billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?

Question43: A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

Question44: Which of the following incident response activities ensures evidence is properly handied?

Question45: A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

Question46: A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Question47: A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

Question48: The security team at a large global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?

Question49: Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

Question50: Which of the following security measures is required when using a cloud-based platform for loT management?

Question51: Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?

Question52: A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Question53: Which of the following would most likely be deployed to obtain and analyze attacker activity and techniques?

Question54: A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Question55: A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Question56: A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this requirement?

Question57: A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?

Question58: An organization needs to monitor its users' activities to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

Question59: Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry?

Question60: Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Question61: Which of the following methods would most likely be used to identify legacy systems?

Question62: Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?

Question63: A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

Question64: A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset. Which of the following threat vectors is being used?

Question65: An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?

Question66: A security analyst is reviewing logs and discovers the following:
Which of the following should be used lo best mitigate this type of attack?

Question67: Which of the following is a preventive physical security control?

Question68: An enterprise security team is researching a new security architecture to better protect the company's networks and applications against the latest cyberthreats. The company has a fully remote workforce. The solution should be highly redundant and enable users to connect to a VPN with an integrated, software-based firewall. Which of the following solutions meets these requirements?

Question69: A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

Question70: A security professional discovers a folder containing an employee's personal information on the enterprise's shared drive. Which of the following best describes the data type the security professional should use to identify organizational policies and standards concerning the storage of employees' personal information?

Question71: During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

Question72: A systems administrator is redesigning now devices will perform network authentication. The following requirements need to be met:
* An existing Internal certificate must be used.
* Wired and wireless networks must be supported
* Any unapproved device should be Isolated in a quarantine subnet
* Approved devices should be updated before accessing resources
Which of the following would best meet the requirements?

Question73: An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making this addition to the policy?

Question74: An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Question75: A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup dat a. Which of the following should the company consider?

Question76: A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

Question77: Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?

Question78: An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Question79: Which of the following would be best suited for constantly changing environments?

Question80: An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

Question81: An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Question82: A company wants to track modifications to the code used to build new virtual servers. Which of the following will the company most likely deploy?

Question83: During a security incident, the security operations team identified sustained network traffic from a malicious IP address:
10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Question84: An employee who was working remotely lost a mobile device containing company dat a. Which of the following provides the best solution to prevent future data loss?

Question85: A security engineer would like to enhance the use of automation and orchestration within the SIEM. Which of the following would be the primary benefit of this enhancement?

Question86: Which of the following activities is the first stage in the incident response process?

Question87: An organization wants to improve the company's security authentication method for remote employees. Given the following requirements:
* Must work across SaaS and internal network applications
* Must be device manufacturer agnostic
* Must have offline capabilities
Which of the following would be the most appropriate authentication method?

Question88: Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

Question89: A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

Question90: During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system. Which of the following best describes this type of vulnerability?

Question91: Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access?

Question92: While reviewing logs, a security administrator identifies the following code:
<script>function(send_info)</script>
Which of the following best describes the vulnerability being exploited?

Question93: Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

Question94: Which of the following control types is AUP an example of?

Question95: A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Question96: A security officer is implementing a security awareness program and is placing security-themed posters around the building and is assigning online user training. Which of the following would the security officer most likely implement?

Question97: A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

Question98: Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

Question99: Which of the following aspects of the data management life cycle is most directly impacted by local and international regulations?

Question100: Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

Question101: The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening'?

Question102: Which of the following is the first step to take when creating an anomaly detection process?

Question103: Which of the following activities should be performed first to compile a list of vulnerabilities in an environment?

Question104: Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

Question105: An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

Question106: An employee emailed a new systems administrator a malicious web link and convinced the administrator to change the email server's password. The employee used this access to remove the mailboxes of key personnel. Which of the following security awareness concepts would help prevent this threat in the future?

Question107: While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator fails during failover. Which of the following is the team most likely to consider in regard to risk management activities?

Question108: A growing organization, which hosts an externally accessible application, adds multiple virtual servers to improve application performance and decrease the resource usage on individual servers Which of the following solutions is the organization most likely to employ to further increase performance and availability?

Question109: Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

Question110: An administrator is installing an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?

Question111: After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

Question112: Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Question113: An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Question114: A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

Question115: Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

Question116: A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Question117: A company is concerned about the theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?

Question118: A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:
. Something you know
. Something you have
. Something you are
Which of the following would accomplish the manager's goal?

Question119: Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

Question120: A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

Question121: Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

Question122: An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?

Question123: Which of the following can best protect against an employee inadvertently installing malware on a company system?

Question124: A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

Question125: Which of the following involves an attempt to take advantage of database misconfigurations?

Question126: Which of the following activities should a systems administrator perform to quarantine a potentially infected system?

Question127: A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

Question128: An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations?

Question129: Which of the following is the best way to securely store an encryption key for a data set in a manner that allows multiple entities to access the key when needed?

Question130: Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

Question131: A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.
Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.
Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following Is the most likely reason for this compromise?

Question132: Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

Question133: An unexpected and out-of-character email message from a Chief Executive Officer's corporate account asked an employee to provide financial information and to change the recipient's contact number. Which of the following attack vectors is most likely being used?

Question134: A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?

Question135: An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user's activity?

Question136: While investigating a possible incident, a security analyst discovers the following log entries:
67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] "GET /query.php?q-wireless%20headphones / HTTP/1.0" 200 12737
132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] "GET /query.php?q=123 INSERT INTO users VALUES('temp', 'pass123')# / HTTP/1.0" 200 935
12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] "GET /query.php?q=mp3%20players I HTTP/1.0" 200 14650 Which of the following should the analyst do first?

Question137: Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company's internal network?

Question138: Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

Question139: Which of the following is the main consideration when a legacy system that is a critical part of a company's infrastructure cannot be replaced?

Question140: Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

Question141: A company is in the process of migrating to cloud-based services. The company's IT department has limited resources for migration and ongoing support. Which of the following best meets the company's needs?

Question142: Which of the following exercises should an organization use to improve its incident response process?

Question143: Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Question144: One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?

Question145: A systems administrator needs to ensure the secure communication of sensitive data within the organization's private cloud. Which of the following is the best choice for the administrator to implement?

Question146: During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system. Which of the following best describes this type of vulnerability?

Question147: A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

Question148: An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Question149: A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Question150: A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

Question151: An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?

Question152: Which of the following provides the details about the terms of a test with a third-party penetration tester?

Question153: Which of the following is a reason environmental variables are a concern when reviewing potential system vulnerabilities?

Question154: A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

Question155: Which of the following would a security administrator use to comply with a secure baseline during a patch update?

Question156: A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Question157: Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

Question158: A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

Question159: Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?

Question160: Which of the following architectures is most suitable to provide redundancy for critical business processes?

Question161: The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

Question162: An external vendor recently visited a company's headquarters tor a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

Question163: Which of the following is the most relevant reason a DPO would develop a data inventory?

Question164: You are security administrator investigating a potential infection on a network.
Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.



Question165: A systems administrator is concerned users are accessing emails through a duplicate site that is not run by the company. Which of the following is used in this scenario?

Question166: A systems administrator receives an alert that a company's internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server:
Which of the following indicators most likely triggered this alert?

Question167: After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Question168: An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

Question169: Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?

Question170: Which of the following is a benefit of vendor diversity?

Question171: After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Question172: During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?

Question173: A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?

Question174: An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

Question175: An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

Question176: Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Question177: When trying to access an internal website, an employee reports that a prompt displays, stating that the site is insecure. Which of the following certificate types is the site most likely using?

Question178: A university employee logged on to the academic server and attempted to guess the system administrators' log-in credentials. Which of the following security measures should the university have implemented to detect the employee's attempts to gain access to the administrators' accounts?

Question179: The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

Question180: Which of the following tasks is typically included in the BIA process?

Question181: A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Question182: Which of the following is the stage in an investigation when forensic images are obtained?

Question183: Which of the following is die most important security concern when using legacy systems to provide production service?

Question184: Which of the following types of identification methods can be performed on a deployed application during runtime?