EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?

Question2: Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol?

Question3: Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.
Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

Question4: What type of vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?

Question5: Which of these is capable of searching for and locating rogue access points?

Question6: You are doing an internal security audit and intend to find out what ports are open on all the servers. What is the best way to find out?

Question7: Which of the following statements is TRUE?

Question8: You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

Question9: Which of the following provides a security professional with most information about the system's security posture?

Question10: Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy.
What is the main theme of the sub-policies for Information Technologies?

Question11: If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?

Question12: Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.
Which type of virus detection method did Chandler use in this context?

Question13: Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

Question14: When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Question15: What is not a PCI compliance recommendation?

Question16: You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts?

Question17: Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

Question18: A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

Question19: In Risk Management, how is the term "likelihood" related to the concept of "threat?"

Question20: What is the least important information when you analyze a public IP address in a security alert?

Question21: In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

Question22: You are the Network Admin, and you get a compliant that some of the websites are no longer accessible.
You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.
What may be the problem?

Question23: Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user's browser to send malicious requests they did not intend?

Question24: What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Question25: The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

Question26: What is the most common method to exploit the "Bash Bug" or "ShellShock" vulnerability?

Question27: Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning.
What should Bob recommend to deal with such a threat?

Question28: Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

Question29: To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?

Question30: What is attempting an injection attack on a web server based on responses to True/False questions called?

Question31: Which protocol is used for setting up secure channels between two devices, typically in VPNs?

Question32: Code injection is a form of attack in which a malicious user:

Question33: You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

Question34: Which of the following Secure Hashing Algorithm (SHA) produces a 160-bit digest from a message with a maximum length of (264-1) bits and resembles the MD5 algorithm?

Question35: Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer's activity on the site. These tools are located on the servers of the marketing company.
What is the main security risk associated with this scenario?

Question36: On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service. What is the name of the process by which you can determine those critical business?

Question37: Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.

Question38: The collection of potentially actionable, overt, and publicly available information is known as

Question39: The following is part of a log file taken from the machine on the network with the IP address of
192.168.0.110:

What type of activity has been logged?

Question40: Which of the following will perform an Xmas scan using NMAP?

Question41: Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library?
This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

Question42: A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer's software and hardware without the owner's permission. Their intention can either be to simply gain knowledge or to illegally make changes.
Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

Question43: What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Question44: If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which tool could the tester use to get a response from a host using TCP?

Question45: An attacker scans a host with the below command. Which three flags are set? (Choose three.)
#nmap -sX host.domain.com

Question46: Why should the security analyst disable/remove unnecessary ISAPI filters?

Question47: A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the
192.168.1.0/24. Which of the following has occurred?

Question48: Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

Question49: Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra security and is ideal for observing sensitive network segments?

Question50: A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?

Question51: What would you enter, if you wanted to perform a stealth scan using Nmap?

Question52: An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines.
Which one of the following tools the hacker probably used to inject HTML code?

Question53: Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

Question54: Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?

Question55: From the following table, identify the wrong answer in terms of Range (ft).

Question56: Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.
A camera captures people walking and identifies the individuals using Steve's approach.
After that, people must approximate their RFID badges. Both the identifications are required to open the door.
In this case, we can say:

Question57: You are monitoring the network of your organizations. You notice that:
There are huge outbound connections from your Internal Network to External IPs

On further investigation, you see that the external IPs are blacklisted

Some connections are accepted, and some are dropped

You find that it is a CnC communication

Which of the following solution will you suggest?

Question58: This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.
Which of the following tools is being described?

Question59: Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?

Question60: This asymmetry cipher is based on factoring the product of two large prime numbers.
What cipher is described above?

Question61: Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

Question62: In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

Question63: During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.
What is this type of DNS configuration commonly called?

Question64: Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?

Question65: Bob, your senior colleague, has sent you a mail regarding aa deal with one of the clients. You are requested to accept the offer and you oblige.
After 2 days, Bob denies that he had ever sent a mail.
What do you want to "know" to prove yourself that it was Bob who had send a mail?