EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?

Question2: John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?

Question3: Which of the following is a Threat Intelligence Platform?

Question4: Which of the following tool is used to recover from web application incident?

Question5: Identify the HTTP status codes that represents the server error.

Question6: According to the forensics investigation process, what is the next step carried out right after collecting the evidence?

Question7: Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers.
What is Ray and his team doing?

Question8: Identify the event severity level in Windows logs for the events that are not necessarily significant, but may indicate a possible future problem.

Question9: If the SIEM generates the following four alerts at the same time:
I.Firewall blocking traffic from getting into the network alerts
II.SQL injection attempt alerts
III.Data deletion attempt alerts
IV.Brute-force attempt alerts
Which alert should be given least priority as per effective alert triaging?

Question10: Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp.
What Chloe is looking at?

Question11: Which of the following can help you eliminate the burden of investigating false positives?

Question12: Which of the following framework describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering?

Question13: In which phase of Lockheed Martin's - Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?

Question14: Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

Question15: Which of the following Windows event is logged every time when a user tries to access the "Registry" key?

Question16: Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs.
What does these TTPs refer to?

Question17: Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?

Question18: Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

Question19: Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the 'show logging' command to get the required output?

Question20: Which of the following formula is used to calculate the EPS of the organization?

Question21: Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry:
May 06 2018 21:27:27 asa 1: %ASA -5 - 11008: User 'enable_15' executed the 'configure term' command What does the security level in the above log indicates?

Question22: What type of event is recorded when an application driver loads successfully in Windows?

Question23: Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.
Identify the stage in which he is currently in.

Question24: Which of the following formula represents the risk?

Question25: Which of the following command is used to enable logging in iptables?

Question26: A type of threat intelligent that find out the information about the attacker by misleading them is known as
.

Question27: Which of the following is a default directory in a Mac OS X that stores security-related logs?

Question28: In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

Question29: Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

Question30: Which of the following are the responsibilities of SIEM Agents?
1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.
2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.
3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.
4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.

Question31: Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.
What among the following should Wesley avoid from considering?

Question32: John, a threat analyst at GreenTech Solutions, wants to gather information about specific threats against the organization. He started collecting information from various sources, such as humans, social media, chat room, and so on, and created a report that contains malicious activity.
Which of the following types of threat intelligence did he use?