EMT Practice Test

1. Question Content...


Question List

Question1: Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of the following techniques will he use to fulfill this requirement?

Question2: Which of the following methods is a means of ensuring that system changes are approved before being implemented, and the implementation is complete and accurate?

Question3: Which of the following policies is related to the backup of data?

Question4: You work as a Network administrator for Infonet Inc. The company has 135 Windows XP Professional computers and twenty Windows 2003 Server computers. You want to specify the number of invalid logon attempts allowed before a user account is locked out. What will you do to accomplish the task?

Question5: You work as a senior project manager in SoftTech Inc. You are working on a software project using configuration management. Through configuration management, you are decomposing the verification system into identifiable, understandable, manageable, traceable units that are known as Configuration Items (CIs). According to you, which of the following processes is known as the decomposition process of a verification system into Configuration Items?

Question6: Which of the following backup sites takes the longest recovery time?

Question7: You are the project manager for a construction project. The project involves casting of a column in a very narrow space. Because of the lack of space, casting is highly dangerous. High technical skill will be required for casting that column. You decide to hire a local expert team for casting that column. Which of the following types of risk response are you following?

Question8: Which of the following RAID levels provides fault tolerance?

Question9: Which of the following ensures that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

Question10: Which of the following should the administrator ensure during the test of a disaster recovery plan?

Question11: A project plan includes the Work Breakdown Structure (WBS) and cost estimates. Which of the following are the parts of a project plan?
Each correct answer represents a complete solution. Choose all that apply.

Question12: John, a novice web user, makes a new e-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?
Each correct answer represents a complete solution. Choose all that apply.

Question13: Which of the following types of agreement can be a legally binding formal or informal "contract"?

Question14: SIMULATION
Fill in the blank:
An ___________________ (AS) is a group of networks under a single administration and with single routing policies.

Question15: Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis.
Which of the following is the correct order for searching data on a Windows based system?

Question16: Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denial-of- service attacks, or unauthorized changes to system hardware, software, or data?

Question17: Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

Question18: Which of the following statements about a certification authority (CA) is true?

Question19: An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

Question20: Which of the following parts of BS 7799 covers risk analysis and management?

Question21: Which of the following backup sites is a replica of the original site of an organization with full computer systems as well as near-complete backups of user data?

Question22: Which of the following is the simulation of the disaster recovery plans?

Question23: Which of the following statements is related to residual risks?

Question24: Which of the following processes identifies the threats that can impact the business continuity of operations?

Question25: Which of the following subphases are defined in the maintenance phase of the life cycle models?
Each correct answer represents a part of the solution. Choose all that apply.

Question26: Which of the following are common applications that help in replicating and protecting critical information at the time of disaster?
Each correct answer represents a complete solution. Choose all that apply.

Question27: Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following?
Each correct answer represents a part of the solution. Choose all that apply.

Question28: Which of the following cryptographic system services ensures that the information will not be disclosed to any unauthorized person on a local network?

Question29: Joseph is a merchant. He lives in an area that is prone to natural disasters. What will he do to save his data from a disaster?

Question30: Which of the following are some of the parts of a project plan?
Each correct answer represents a complete solution. Choose all that apply.

Question31: The Incident handling process implemented in an enterprise is responsible to deal with all the incidents regarding the enterprise. Which of the following procedures will be involved by the preparation phase of the Incident handling process?

Question32: Which of the following BCP teams assesses the damage of the disaster in order to provide the estimate of the time required to recover?

Question33: You work as a project manager for BlueWell Inc. You are working with your team members on the risk responses in the project. Which risk response will likely cause a project to use the procurement processes?

Question34: Which of the following governance bodies provides management, operational, and technical controls to satisfy the security requirements?

Question35: Which of the following types of control gives an instance of the audit log?

Question36: Which of the following procedures can be broadly defined as the plan for the exchange of information before, during, or after a crisis event?

Question37: Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a computer, which is used by the suspect to sexually harass the victim using instant messenger program. Suspect's computer runs on Windows operating system. Allen wants to recover password from instant messenger program, which suspect is using, to collect the evidence of the crime.
Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he use to accomplish the task?

Question38: Which of the following types of controls focuses on stopping a security breach from taking place in the first place?

Question39: SIMULATION
Fill in the blank:
A ______ plan is a plan devised for a specific situation when things could go wrong.

Question40: Organizations must assess the safety of their workplaces and consider the ability of a business to continue despite risk impact. When assessing business continuity risks, the HR Professional must consider several different types of disasters, their probability, and impact on an organization. What category of disaster is best described as acts of terrorism, major thefts, sabotage, or labor disputes?

Question41: Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

Question42: Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

Question43: SIMULATION
Fill in the blank with an appropriate phrase.
The ___________ is concerned with rebuilding production processing and determining the criticality of data.

Question44: Software Development Life Cycle (SDLC) is a logical process used by the programmers to develop software. Which SDLC phase meets the following audit objectives?
System and data are validated.
System meets all user requirements.
System meets all control requirements.

Question45: SIMULATION
Fill in the blank with the appropriate phrase.
__________________ is the process of obtaining access using legitimate credentials, and then attempting to leverage that into access to unauthorized system resources.

Question46: Which of the following options is an activity of observing the content that appears on a computer monitor or watching what a user is typing?

Question47: Which of the following procedures is to reduce the risk to personnel, property, and other assets while minimizing work disorders in the event of an emergency?

Question48: Which of the following processes helps the business units to understand the impact of a disruptive event?

Question49: Which of the following workforces works to handle the incidents in an enterprise?

Question50: Which of the following options is an intellectual property right to protect inventions?

Question51: You work as a security manager for SoftTech Inc. You along with your team are doing the disaster recovery for your project. Which of the following steps are performed by you for secure recovery based on the extent of the disaster and the organization's recovery ability?
Each correct answer represents a part of the solution. Choose three.

Question52: Which of the following tests activates the total disaster recovery plan?

Question53: Which of the following processes hides one set of IP addresses used for internal traffic only while exposing a second set of addresses to external traffic?

Question54: BS 7799 is an internationally recognized ISM standard that provides high level, conceptual recommendations on enterprise security. BS 7799 is basically divided into three parts. Which of the following statements are true about BS 7799?
Each correct answer represents a complete solution. Choose all that apply.

Question55: Which of the following documents provides a high-level view of the entire organization's disaster recovery efforts?

Question56: Which of the following measurements of a disaster recovery plan are aimed at detecting unwanted events?

Question57: DRAG DROP
Disaster recovery plan consists of various tiers for identifying the methods of recovering mission-critical computer systems that are necessary to support business continuity. All these tiers provide a simple method to define current service levels and associated risks. Choose and re-order the tiers of disaster recovery plan.
Select and Place:

Question58: Which of the following defines the communication link between a Web server and Web applications?

Question59: Which of the following is a category of an automated Incident detection process?

Question60: Which of the following sets of incident response practices is recommended by the CERT/CC?

Question61: Which of the following disaster recovery tests includes the operations that shut down at the primary site, and are shifted to the recovery site according to the disaster recovery plan?

Question62: Which of the following backup sites is the best way for rapid recovery if you do not need the full recovery temporarily?

Question63: Mark works as a Network Administrator for NetTech Inc. Mark is testing the disaster recovery plan of the company. During the testing of the recovery plan, he finds that some servers have been restored with another server's data. What will Mark do to improve the disaster recovery plan?

Question64: Which of the following command line tools are available in Helix Live acquisition tool on Windows?
Each correct answer represents a complete solution. Choose all that apply.

Question65: SIMULATION
Fill the appropriate power supply form factor in the blank space.
_________ form factor is similar to LPX form factor in physical dimensions.

Question66: Which of the following tests ensures that the organization complies with the requirements of the disaster recovery plan?

Question67: Which of the following BCP teams deals with the key decision making and guides recovery teams and business personnel?

Question68: You are analyzing accounting information of a company. Which of the following components of configuration management should you use that involves periodic checks to determine the consistency and completeness of accounting information, and to verify that all configuration management policies are being followed?

Question69: A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company.
Which of the following Internet laws has the credit card issuing company violated?

Question70: Against which of the following does SSH provide protection?
Each correct answer represents a complete solution. Choose two.

Question71: DRAG DROP
Drag and drop the appropriate team names in front of their respective responsibilities.
Select and Place:

Question72: Which of the following stages of the business continuity planning life cycle focuses on the execution and testing of the individual solution designs developed?

Question73: Which of the following procedures is designed to contain data, hardware, and software that can be critical for a business?

Question74: Availability Management deals with the day-to-day availability of services. Which of the following takes over when a 'disaster' situation occurs?

Question75: You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and you want to discuss it with your team members for getting appropriate responses of the disaster. In which of the following disaster recovery tests can this task be performed?

Question76: Which of the following plans provides procedures for recovering business operations immediately following a disaster?

Question77: Which of the following functions is performed by change control?

Question78: Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?

Question79: Which of the following refers to the ability to ensure that the data is not modified or tampered with?

Question80: You want to use PGP files for steganography. Which of the following tools will you use to accomplish the task?

Question81: Which of the following levels of RAID provides security features that are availability, enhanced performance, and fault tolerance?

Question82: DRAG DROP
Choose the steps involved in the general disaster recovery procedure.
Select and Place:

Question83: Which of the following is established during the Business Impact Analysis by the owner of a process in accepted business continuity planning methodology?

Question84: You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

Question85: You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

Question86: You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires different types of cables and an appropriate policy that will be decided by you. Which of the following stages in the Incident handling process involves your decision making?

Question87: Which of the following measurements of a disaster recovery plan are aimed at avoiding an event from occurring?

Question88: Which of the following concepts represent the three fundamental principles of information security?
Each correct answer represents a complete solution. Choose three.

Question89: Which of the following processes is required for effective business continuity and disaster-recovery planning?

Question90: Which of the following control measures are considered while creating a disaster recovery plan?
Each correct answer represents a part of the solution. Choose three.

Question91: Which of the following scripts is included as a part of disaster recovery plan to confirm that everything is working as intended?

Question92: IT Service Continuity Management (ITSCM) is used to support the overall Business Continuity Management (BCM) in order to ensure that the required IT infrastructure and the IT service provision are recovered within an agreed business time scales. Which of the following are the benefits of implementing IT Service Continuity Management?
Each correct answer represents a complete solution. Choose all that apply.

Question93: Which of the following actions can be performed by using the principle of separation of duties?

Question94: ISO 17799 has two parts. The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an auditing guide based on requirements that must be met for an organization to be deemed compliant with ISO 17799. What are the ISO 17799 domains?
Each correct answer represents a complete solution. Choose all that apply.

Question95: Which of the following BCP teams handles financial arrangement, public relations, and media inquiries at the time of disaster recovery?

Question96: Which of the following documents is necessary to continue the business in the event of disaster or emergency?

Question97: Which of the following authorizes and documents all the changes in the IT Infrastructure and its components (Configuration Items) in order to maintain a minimum amount of interruptive effects upon the running operation?

Question98: Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?

Question99: Which of the following contract types is described in the statement below?
"The seller is reimbursed for all allowable costs for performing the contract work, and receives a fixed payment calculated as a percentage for the initial estimated project costs."

Question100: Which methodology is a method to analyze the involved tasks in completing a given project, especially the time needed to complete each task, and identifying the minimum time needed to complete the total project?

Question101: Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in implementing efficient FCIP-based business-continuity and disaster-recovery solutions?
Each correct answer represents a complete solution. Choose all that apply.

Question102: Which of the following documents helps disaster recovery team members in getting the alternate sites up and running?

Question103: Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?

Question104: Which of the following best describes the identification, analysis, and ranking of risks?

Question105: SIMULATION
Fill in the blank with the appropriate phrase.
____________ privilege escalation is the process of attempting to access sources with a higher access, such as a user account trying to access admin privileges.

Question106: Which of the following statements are true about classless routing protocols?
Each correct answer represents a complete solution. Choose two.

Question107: Which of the following sources is the best for developing Recovery Time Objectives (RTO)?

Question108: Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?

Question109: Which of the following cryptographic system services proves a user's identity?