EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Question2: An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

Question3: Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

Question4: Which of the following is a benefit of an RTO when conducting a business impact analysis?

Question5: A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

Question6: An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

Question7: A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?

Question8: Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

Question9: Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?

Question10: An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?

Question11: A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Question12: A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Question13: A company's marketing department collects, modifies, and stores sensitive customer dat a. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

Question14: Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?

Question15: Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?

Question16: Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Question17: Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?

Question18: Which of the following is a hardware-specific vulnerability?

Question19: Which of the following should be used to ensure a device is inaccessible to a network-connected resource?

Question20: After reviewing the following vulnerability scanning report:
Server:192.168.14.6
Service: Telnet
Port: 23 Protocol: TCP
Status: Open Severity: High
Vulnerability: Use of an insecure network protocol
A security analyst performs the following test:
nmap -p 23 192.168.14.6 -script telnet-encryption
PORT STATE SERVICE REASON
23/tcp open telnet syn-ack
I telnet encryption:
| _ Telnet server supports encryption
Which of the following would the security analyst conclude for this reported vulnerability?

Question21: A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

Question22: A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

Question23: Which of the following would be the best way to test resiliency in the event of a primary power failure?

Question24: A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added. Which of the following would be the best solution to meet these objectives?

Question25: Which of the following is required for an organization to properly manage its restore process in the event of system failure?

Question26: Which of the following is a primary security concern for a company setting up a BYOD program?

Question27: While a user reviews their email, a host gets infected by malware from an external hard drive plugged into the host. The malware steals all the user's credentials stored in the browser. Which of the following training topics should the user review to prevent this situation from reoccurring?

Question28: After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

Question29: Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

Question30: Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

Question31: Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

Question32: An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

Question33: The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

Question34: The security team at a large global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?

Question35: The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening'?

Question36: Which of the following describes the process of concealing code or text inside a graphical image?

Question37: Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Question38: While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator fails during failover. Which of the following is the team most likely to consider in regard to risk management activities?

Question39: A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

Question40: Which of the following phases of an incident response involves generating reports?

Question41: After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

Question42: An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

Question43: After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Question44: During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?

Question45: A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset. Which of the following threat vectors is being used?

Question46: A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

Question47: Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

Question48: An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making this addition to the policy?

Question49: A security administrator needs to reduce the attack surface in the company's data centers. Which of the following should the security administrator do to complete this task?

Question50: Which of the following is the best reason to complete an audit in a banking environment?

Question51: An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?

Question52: Which of the following activities should a systems administrator perform to quarantine a potentially infected system?

Question53: Which of the following is the primary purpose of a service that tracks log-ins and time spent using the service?

Question54: Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

Question55: Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

Question56: A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

Question57: A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Question58: A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?

Question59: Which of the following is die most important security concern when using legacy systems to provide production service?

Question60: A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Question61: A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

Question62: A security team created a document that details the order in which critical systems should be through back online after a major outage. Which of the following documents did the team create?

Question63: Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

Question64: A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

Question65: A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

Question66: Which of the following describes the maximum allowance of accepted risk?

Question67: Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's PII?

Question68: Which of the following best describe why a process would require a two-person integrity security control?

Question69: Which of the following allows a systems administrator to tune permissions for a file?

Question70: An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

Question71: Which of the following best describe a penetration test that resembles an actual external attach?

Question72: Which of the following security control types does an acceptable use policy best represent?

Question73: A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

Question74: Which of the following topics would most likely be included within an organization's SDLC?

Question75: A company wants to track modifications to the code used to build new virtual servers. Which of the following will the company most likely deploy?

Question76: The physical security team at a company receives reports that employees are not displaying their badges. The team also observes employees tailgating at controlled entrances. Which of the following topics will the security team most likely emphasize in upcoming security training?

Question77: A software developer would like to ensure. The source code cannot be reverse engineered or debugged. Which of the following should the developer consider?

Question78: A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.
Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.
Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following Is the most likely reason for this compromise?

Question79: During a security incident, the security operations team identified sustained network traffic from a malicious IP address:
10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Question80: A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Question81: An administrator is reviewing a single server's security logs and discovers the following; Which of the following best describes the action captured in this log file?

Question82: A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Question83: Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

Question84: Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Question85: A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer dat a. Which of the following should the administrator do first?

Question86: An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

Question87: An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

Question88: During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system. Which of the following best describes this type of vulnerability?

Question89: A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?

Question90: Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

Question91: Which of the following alert types is the most likely to be ignored over time?

Question92: A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Question93: A website user is locked out of an account after clicking an email link and visiting a different website Web server logs show the user's password was changed, even though the user did not change the password. Which of the following is the most likely cause?

Question94: A security professional discovers a folder containing an employee's personal information on the enterprise's shared drive. Which of the following best describes the data type the security professional should use to identify organizational policies and standards concerning the storage of employees' personal information?

Question95: A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Question96: A company with a high-availability website is looking to harden its controls at any cost. The company wants to ensure that the site is secure by finding any possible issues. Which of the following would most likely achieve this goal?

Question97: Which of the following is prevented by proper data sanitization?

Question98: Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

Question99: Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

Question100: A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

Question101: A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

Question102: A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Question103: Which of the following is the stage in an investigation when forensic images are obtained?

Question104: Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

Question105: An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

Question106: Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

Question107: Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

Question108: Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

Question109: After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Question110: Which of the following can best protect against an employee inadvertently installing malware on a company system?

Question111: An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Question112: A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?

Question113: Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device's drive if the device is lost?

Question114: An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Question115: Which of the following can be used to identify potential attacker activities without affecting production servers?

Question116: Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Question117: A company relies on open-source software libraries to build the software used by its customers. Which of the following vulnerability types would be the most difficult to remediate due to the company's reliance on open-source libraries?

Question118: An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems. Which of the following is the most likely reason for the new requirement?

Question119: Which of the following control types is AUP an example of?

Question120: An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

Question121: A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

Question122: A company is changing its mobile device policy. The company has the following requirements:
Company-owned devices
Ability to harden the devices
Reduced security risk
Compatibility with company resources
Which of the following would best meet these requirements?

Question123: Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Question124: A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

Question125: Which of the following is used to validate a certificate when it is presented to a user?

Question126: Cadets speaking a foreign language are using company phone numbers to make unsolicited phone calls lo a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed. Which of the following is the most likely explanation?

Question127: Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Question128: Which of the following is an algorithm performed to verify that data has not been modified?

Question129: A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?

Question130: An administrator is reviewing a single server's security logs and discovers the following; Which of the following best describes the action captured in this log file?

Question131: Which of the following is used to quantitatively measure the criticality of a vulnerability?

Question132: Which of the following would be best suited for constantly changing environments?

Question133: A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Question134: The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?

Question135: A systems administrator is redesigning now devices will perform network authentication. The following requirements need to be met:
* An existing Internal certificate must be used.
* Wired and wireless networks must be supported
* Any unapproved device should be Isolated in a quarantine subnet
* Approved devices should be updated before accessing resources
Which of the following would best meet the requirements?

Question136: After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Question137: A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

Question138: Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

Question139: A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

Question140: A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Question141: A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

Question142: A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?

Question143: Which of the following should a company use to provide proof of external network security testing?

Question144: Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

Question145: A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts. Which of the following would best enable the reduction in manual work?

Question146: A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Question147: Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee's phone network port and then using tools to scan for database servers?

Question148: Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

Question149: A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

Question150: Which of the following should a security operations center use to improve its incident response procedure?

Question151: Which of the following is best used to detect fraud by assigning employees to different roles?

Question152: Which of the following involves an attempt to take advantage of database misconfigurations?

Question153: Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

Question154: Which of the following describes the procedures a penetration tester must follow while conducting a test?

Question155: An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations?

Question156: Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser?

Question157: A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

Question158: A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

Question159: Which of the following scenarios describes a possible business email compromise attack?

Question160: An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

Question161: Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Question162: An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

Question163: Which of the following is a reason environmental variables are a concern when reviewing potential system vulnerabilities?

Question164: Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Question165: Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Question166: You are security administrator investigating a potential infection on a network.
Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.



Question167: A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

Question168: A user needs to complete training at https://comptiatraining.com. After manually entering the URL, the user sees that the accessed website is noticeably different from the standard company website. Which of the following is the most likely explanation for the difference?