EMT Practice Test

1. Question Content...


Question List

Question1: John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(\.|(%|%25)2E)(\.|(%|%25)2E)(\/|(%|%25)2F|\\|(%|%25)5C)/i.
What does this event log indicate?

Question2: What is the process of monitoring and capturing all data packets passing through a given network using different tools?

Question3: What does HTTPS Status code 403 represents?

Question4: Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.
What does this event log indicate?

Question5: Which of the following directory will contain logs related to printer access?

Question6: An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.
Which SIEM deployment architecture will the organization adopt?

Question7: Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?

Question8: Shawn is a security manager working at Lee Inc Solution. His organization wants to develop threat intelligent strategy plan. As a part of threat intelligent strategy plan, he suggested various components, such as threat intelligence requirement analysis, intelligence and collection planning, asset identification, threat reports, and intelligence buy-in.
Which one of the following components he should include in the above threat intelligent strategy plan to make it effective?

Question9: An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted code at the end of the company's URL as follows:
http://technosoft.com.com/<script>alert("WARNING: The application has encountered an error");</script>.
Identify the attack demonstrated in the above scenario.

Question10: Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.
What among the following should Wesley avoid from considering?

Question11: Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?

Question12: Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

Question13: Daniel is a member of an IRT, which was started recently in a company named Mesh Tech. He wanted to find the purpose and scope of the planned incident response capabilities.
What is he looking for?

Question14: Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?

Question15: Which of the following framework describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering?

Question16: Which of the following Windows features is used to enable Security Auditing in Windows?

Question17: Identify the type of attack, an attacker is attempting on www.example.com website.

Question18: Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?

Question19: Which of the following are the responsibilities of SIEM Agents?
1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.
2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.
3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.
4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.

Question20: Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT.
What is the first step that the IRT will do to the incident escalated by Emmanuel?

Question21: Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers.
What is Ray and his team doing?

Question22: An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original
URL: http://www.buyonline.com/product.aspx?profile=12
&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12
&debit=10
Identify the attack depicted in the above scenario.

Question23: Which of the following service provides phishing protection and content filtering to manage the Internet experience on and off your network with the acceptable use or compliance policies?

Question24: Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs.
What does these TTPs refer to?

Question25: Which of the following Windows event is logged every time when a user tries to access the "Registry" key?

Question26: Identify the HTTP status codes that represents the server error.

Question27: Which of the following Windows Event Id will help you monitors file sharing across the network?

Question28: Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?

Question29: Which of the following attack can be eradicated by filtering improper XML syntax?

Question30: What is the correct sequence of SOC Workflow?

Question31: Which of the following is a default directory in a Mac OS X that stores security-related logs?

Question32: Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?

Question33: According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?

Question34: Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?

Question35: Which of the following tool is used to recover from web application incident?