EMT Practice Test

1. Question Content...


Question List

Question1: An organization is implementing and deploying the SIEM with following capabilities.

What kind of SIEM deployment architecture the organization is planning to implement?

Question2: Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?

Question3: Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.

What does this event log indicate?

Question4: Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

Question5: Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

Question6: In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

Question7: Which of the following command is used to enable logging in iptables?

Question8: Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

Question9: Which of the following factors determine the choice of SIEM architecture?

Question10: Which of the following contains the performance measures, and proper project and time management details?

Question11: Which of the following Windows event is logged every time when a user tries to access the "Registry" key?

Question12: Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.
What does this event log indicate?

Question13: The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk.
What kind of threat intelligence described above?

Question14: Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?

Question15: A type of threat intelligent that find out the information about the attacker by misleading them is known as
.

Question16: Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?

Question17: Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads.
What does this indicate?

Question18: Which of the following directory will contain logs related to printer access?

Question19: Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

Question20: Which of the following service provides phishing protection and content filtering to manage the Internet experience on and off your network with the acceptable use or compliance policies?

Question21: David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events.
This type of incident is categorized into?

Question22: InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.
Identify the job role of John.

Question23: What is the process of monitoring and capturing all data packets passing through a given network using different tools?

Question24: Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and forums?

Question25: John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.
Which of following Splunk query will help him to fetch related logs associated with process creation?

Question26: An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.
Which SIEM deployment architecture will the organization adopt?

Question27: What does HTTPS Status code 403 represents?

Question28: Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT.
What is the first step that the IRT will do to the incident escalated by Emmanuel?

Question29: Identify the HTTP status codes that represents the server error.

Question30: Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry:
May 06 2018 21:27:27 asa 1: %ASA -5 - 11008: User 'enable_15' executed the 'configure term' command What does the security level in the above log indicates?

Question31: Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers.
What is Ray and his team doing?

Question32: Which of the following Windows Event Id will help you monitors file sharing across the network?

Question33: What does Windows event ID 4740 indicate?

Question34: Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

Question35: Which of the following is a Threat Intelligence Platform?