EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is a possible consequence of a VM escape?

Question2: Which of the following is the best reason to complete an audit in a banking environment?

Question3: Which of the following is the first step to take when creating an anomaly detection process?

Question4: An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible. Which of the following models offers the highest level of security?

Question5: A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?

Question6: Which of the following is the most likely to be included as an element of communication in a security awareness program?

Question7: The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Which of the following most likely describes attack that took place?

Question8: Which of the following would be the best way to handle a critical business application that is running on a legacy server?

Question9: While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?

Question10: Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Question11: A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Question12: The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Question13: Which of the following security control types does an acceptable use policy best represent?

Question14: Which of the following would be the best way to block unknown programs from executing?

Question15: An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

Question16: After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network.
Which of the following is the most appropriate to disable?

Question17: An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Question18: A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

Question19: A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

Question20: Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Question21: During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Question22: Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

Question23: A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?

Question24: A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

Question25: Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser?

Question26: A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Question27: Which of the following is best used to detect fraud by assigning employees to different roles?

Question28: Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Question29: Which of the following would a security administrator use to comply with a secure baseline during a patch update?

Question30: A security analyst receives an alert from a corporate endpoint used by employees to issue visitor badges. The alert contains the following details:

Which of the following best describes the indicator that triggered the alert?

Question31: A user would like to install software and features that are not available with a smartphone's default software.
Which of the following would allow the user to install unauthorized software and enable new features?

Question32: Which of the following is an example of a data protection strategy that uses tokenization?

Question33: Which of the following is the final step of the modem response process?

Question34: A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system.
Which of the following would detect this behavior?

Question35: Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

Question36: Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

Question37: A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

Question38: Which of the following allows for the attribution of messages to individuals?

Question39: An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

Question40: Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?

Question41: A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

Question42: An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

Question43: Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

Question44: Which of the following threat actors would most likely deface the website of a high-profile music group?

Question45: The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Which of the following most likely describes attack that took place?

Question46: A bank set up a new server that contains customers' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?

Question47: An organization needs to monitor its users' activities to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

Question48: After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Question49: Which of the following best describe a penetration test that resembles an actual external attach?

Question50: Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

Question51: An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

Question52: Which of the following is the best way to validate the integrity and availability of a disaster recovery site?

Question53: A company prevented direct access from the database administrators' workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

Question54: A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

Question55: An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service. Which of the following is the engineer most likely to deploy?

Question56: Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

Question57: Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

Question58: Which of the following can best protect against an employee inadvertently installing malware on a company system?

Question59: A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?

Question60: An external vendor recently visited a company's headquarters tor a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

Question61: An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making this addition to the policy?

Question62: A security administrator would like to protect data on employees' laptops. Which of the following encryption techniques should the security administrator use?

Question63: Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

Question64: A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

Question65: A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

Question66: Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Question67: A security practitioner completes a vulnerability assessment on a company's network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

Question68: Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?

Question69: Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

Question70: A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added. Which of the following would be the best solution to meet these objectives?

Question71: Which of the following describes the procedures a penetration tester must follow while conducting a test?

Question72: A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

Question73: A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Question74: An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Question75: A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Question76: A recent penetration test identified that an attacker could flood the MAC address table of network switches.
Which of the following would best mitigate this type of attack?

Question77: Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

Question78: A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Question79: An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

Question80: An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

Question81: A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

Question82: Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

Question83: An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas.
The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

Question84: Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company's internal network?

Question85: Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

Question86: A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:
. Something you know
. Something you have
. Something you are
Which of the following would accomplish the manager's goal?

Question87: During a security incident, the security operations team identified sustained network traffic from a malicious IP address:
10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Question88: An administrator is reviewing a single server's security logs and discovers the following;

Which of the following best describes the action captured in this log file?

Question89: Which of the following describes the process of concealing code or text inside a graphical image?

Question90: A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Question91: A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

Question92: A security analyst needs to propose a remediation plan 'or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

Question93: A security engineer at a large company needs to enhance IAM to ensure that employees can only access corporate systems during their shifts. Which of the following access controls should the security engineer implement?

Question94: Which of the following best describe why a process would require a two-person integrity security control?

Question95: Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

Question96: An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Question97: A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

Question98: A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

Question99: Which of the following would be the most appropriate way to protect data in transit?

Question100: An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations?

Question101: After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Question102: Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

Question103: A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

Question104: Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Question105: Which of the following is used to validate a certificate when it is presented to a user?

Question106: A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

Question107: A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Question108: Which of the following can be used to identify potential attacker activities without affecting production servers?

Question109: Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Question110: A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

Question111: Which of the following alert types is the most likely to be ignored over time?

Question112: You are security administrator investigating a potential infection on a network.
Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.






Question113: An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

Question114: Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

Question115: The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?

Question116: Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?

Question117: An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?

Question118: A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

Question119: Which of the following phases of an incident response involves generating reports?

Question120: A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered.
Which of the following best describes the program the company is setting up?

Question121: A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

Question122: Which of the following is used to quantitatively measure the criticality of a vulnerability?

Question123: Which of the following would be best suited for constantly changing environments?

Question124: A company requires hard drives to be securely wiped before sending decommissioned systems to recycling.
Which of the following best describes this policy?

Question125: Which of the following examples would be best mitigated by input sanitization?

Question126: A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.
Which of the following teams will conduct this assessment activity?

Question127: Which of the following would be the best way to test resiliency in the event of a primary power failure?

Question128: A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy?

Question129: A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.
SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

Question130: Which of the following should be used to ensure a device is inaccessible to a network-connected resource?

Question131: While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Question132: A security team created a document that details the order in which critical systems should be through back online after a major outage. Which of the following documents did the team create?

Question133: A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?

Question134: Which of the following scenarios describes a possible business email compromise attack?

Question135: A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Question136: Which of the following is a primary security concern for a company setting up a BYOD program?

Question137: Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.
Which of the following changes would allow users to access the site?

Question138: Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Question139: In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer's response?

Question140: Which of the following agreement types defines the time frame in which a vendor needs to respond?

Question141: Which of the following allows a systems administrator to tune permissions for a file?

Question142: An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?

Question143: Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

Question144: A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Question145: Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee's phone network port and then using tools to scan for database servers?

Question146: The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening'?

Question147: A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months.
Which of the following most likely occurred?

Question148: A company is changing its mobile device policy. The company has the following requirements:
Company-owned devices
Ability to harden the devices
Reduced security risk
Compatibility with company resources
Which of the following would best meet these requirements?

Question149: Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's PII?

Question150: Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Question151: Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?

Question152: Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?