EMT Practice Test

1. Question Content...


Question List

Question1: A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?

Question2: Which of the following measurements of a disaster recovery plan are aimed at avoiding an event from occurring?

Question3: Which of the following BCP teams deals with the key decision making and guides recovery teams and business personnel?

Question4: Which of the following documents is necessary to continue the business in the event of disaster or emergency?

Question5: Which of the following are some of the parts of a project plan?
Each correct answer represents a complete solution. Choose all that apply.

Question6: Organizations must assess the safety of their workplaces and consider the ability of a business to continue despite risk impact. When assessing business continuity risks, the HR Professional must consider several different types of disasters, their probability, and impact on an organization.
What category of disaster is best described as acts of terrorism, major thefts, sabotage, or labor disputes?

Question7: Which of the following TCB techniques involves viewing system components at a high level and ignoring or segregating its specific details?

Question8: Which of the following roles is responsible for the review and risk analysis of all the contracts on regular basis?

Question9: Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in implementing efficient FCIP-based business-continuity and disaster-recovery solutions?
Each correct answer represents a complete solution. Choose all that apply.

Question10: Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

Question11: An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

Question12: Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery?

Question13: Which of the following types of attacks occurs when an attacker successfully inserts an intermediary software or program between two communicating hosts?

Question14: Fill the measurement of SFX form factor style power supply in the blank space.
The SFX form factor style power supply is ___________mm wide, mm deep, and mm in height.

Question15: Which of the following acts affects all public companies subject to US security laws?

Question16: Which of the following tests activates the total disaster recovery plan?

Question17: Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?

Question18: Which of the following processes identifies the threats that can impact the business continuity of operations?

Question19: You work as a project manager for TYU project. You are planning for risk mitigation. You need to identify the risks that will need a more in-depth analysis. Which of the following activities will help you in this?

Question20: In which of the following prototyping, a version of the system is built to check the requirements and is then discarded?

Question21: Which of the following BCP teams assesses the damage of the disaster in order to provide the estimate of the time required to recover?

Question22: Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a computer, which is used by the suspect to sexually harass the victim using instant messenger program. Suspect's computer runs on Windows operating system.
Allen wants to recover password from instant messenger program, which suspect is using, to collect the evidence of the crime. Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he use to accomplish the task?

Question23: Which of the following statements are true about classless routing protocols?
Each correct answer represents a complete solution. Choose two.

Question24: Which of the following plans provides procedures for disseminating status reports to personnel and the public?

Question25: Fill in the blank with the appropriate number:
RAID-________ is a combination of RAID-1 and RAID-0.

Question26: Which of the following types of controls focuses on stopping a security breach from taking place in the ?rst place?

Question27: Which of the following measurements of a disaster recovery plan are aimed at detecting unwanted events?

Question28: Fill in the blank:
A ___________plan is a plan devised for a specific situation when things could go wrong.

Question29: Which of the following should the administrator ensure during the test of a disaster recovery plan?

Question30: Drag and Drop Question
Drag and drop the appropriate team names in front of their respective responsibilities.

Question31: Which of the following is a duplicate of the original site of an organization, with fully working systems as well as near-complete backups of user data?

Question32: Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?

Question33: Which of the following parts of BS 7799 covers risk analysis and management?

Question34: A project plan includes the Work Breakdown Structure (WBS) and cost estimates. Which of the following are the parts of a project plan?
Each correct answer represents a complete solution. Choose all that apply.

Question35: In risk analysis, which of the following can be identified as a consequence of a disaster?

Question36: Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in implementing efficient FCIP-based business-continuity and disaster-recovery solutions?
Each correct answer represents a complete solution. Choose all that apply.

Question37: You work as a security manager for SoftTech Inc. You along with your team are doing the disaster recovery for your project. Which of the following steps are performed by you for secure recovery based on the extent of the disaster and the organization's recovery ability?
Each correct answer represents a part of the solution. Choose three.

Question38: Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic.
The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of the following techniques will he use to fulfill this requirement?

Question39: Which of the following parts of BS 7799 covers risk analysis and management?

Question40: Fill in the blank:
An ___________________ (AS) is a group of networks under a single administration and with single routing policies.

Question41: Mark is the project manager of the HAR Project. The project is scheduled to last for eighteen months and six months already passed. Management asks Mark that how often the project team is participating in the risk reassessment of this project. What should Mark tell management if he is following the best practices for risk management?

Question42: Which of the following DRP tests is plan distributed, and reviewed by the business units for its thoroughness and effectiveness?

Question43: A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?

Question44: Which of the following is a duplicate of the original site of an organization, with fully working systems as well as near-complete backups of user data?

Question45: Which of the following steps has the goal to reduce the level of risk to the IT system and its data to an acceptable level?

Question46: Which of the following global (Tier 1) policies de?nes what speci?cally the policy is going to address?

Question47: Which of the following documents provides a high-level view of the entire organization's disaster recovery efforts?

Question48: Mark works as a Network Administrator for NetTech Inc. Mark is testing the disaster recovery plan of the company. During the testing of the recovery plan, he finds that some servers have been restored with another server's data. What will Mark do to improve the disaster recovery plan?

Question49: You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?

Question50: Which of the following processes involves reducing the risk until it reaches a level acceptable to an organization?

Question51: Which of the following roles is responsible for the review and risk analysis of all the contracts on regular basis?

Question52: You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?

Question53: Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in implementing efficient FCIP-based business-continuity and disaster-recovery solutions?
Each correct answer represents a complete solution. Choose all that apply.

Question54: Which of the following techniques is an encryption method that uses public-key encryption to encrypt and digitally sign e-mail messages during communication between e-mail clients?

Question55: Which of the following classification schemes is considered to be of a personal nature and is intended for company use only?

Question56: Which of the following methods is a means of ensuring that system changes are approved before being implemented, and the implementation is complete and accurate?

Question57: Which of the following cryptographic system services assures the receiver that the received message has not been altered?

Question58: Which of the following statements are true about classless routing protocols?
Each correct answer represents a complete solution. Choose two.

Question59: Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

Question60: Which of the following cryptographic system services ensures that the information will not be disclosed to any unauthorized person on a local network?

Question61: Which of the following values specifies the acceptable latency of data that will be recovered?

Question62: Which of the following systems monitors the operating system detecting inappropriate activity, writing to log files, and triggering alarms?

Question63: Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?

Question64: Which of the following Tier 1 policies will identify who is responsible for what?

Question65: Which of the following processes helps the business units to understand the impact of a disruptive event?

Question66: Which of the following best describes the identification, analysis, and ranking of risks?

Question67: A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?

Question68: Which of the following processes is NOT included in the risk mitigation?

Question69: Which of the following statements are true about security risks?
Each correct answer represents a complete solution. Choose three.

Question70: Which of the following types of controls focuses on stopping a security breach from taking place in the ?rst place?

Question71: Which of the following subphases are defined in the maintenance phase of the life cycle models?
Each correct answer represents a part of the solution. Choose all that apply.

Question72: Which of the following TCB techniques involves viewing system components at a high level and ignoring or segregating its specific details?

Question73: You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?

Question74: Who among the following has the ultimate responsibility for the protection of the organization's information?

Question75: You are responsible for network and information security at a large hospital. It is a significant concern that any change to any patient record can be easily traced back to the person who made that change. What is this called?

Question76: Availability Management deals with the day-to-day availability of services. Which of the following takes over when a 'disaster' situation occurs?

Question77: In which of the following DRP tests does a business unit management meet to review the plan?

Question78: Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in implementing efficient FCIP-based business-continuity and disaster-recovery solutions?
Each correct answer represents a complete solution. Choose all that apply.

Question79: Which of the following statements is related to residual risks?

Question80: Which of the following phases involves getting the final senior management signoff and creating enterprise-wide awareness of the plan?

Question81: Which of the following workforces works to handle the incidents in an enterprise?

Question82: You work as a project manager for TYU project. You are planning for risk mitigation. You need to identify the risks that will need a more in-depth analysis. Which of the following activities will help you in this?

Question83: Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity?

Question84: You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

Question85: Which of the following components in a TCB acts as the boundary that separates the TCB from the remainder of the system?

Question86: Which of the following scripts is included as a part of disaster recovery plan to confirm that everything is working as intended?

Question87: Fill in the blank with the appropriate number:
RAID-________ is a combination of RAID-1 and RAID-0.

Question88: Which of the following is a duplicate of the original site of an organization, with fully working systems as well as near-complete backups of user data?

Question89: Which of the following options is an intellectual property right to protect inventions?

Question90: Which of the following security procedures is related to the SDLC's implementation?

Question91: Which of the following maturity levels of the software CMM focuses on competent people and heroics?

Question92: You work as a project manager for BlueWell Inc. You are working with your team members on the risk responses in the project. Which risk response will likely cause a project to use the procurement processes?

Question93: Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large?

Question94: Which of the following procedures is to reduce the risk to personnel, property, and other assets while minimizing work disorders in the event of an emergency?

Question95: Mark works as a Network Administrator for NetTech Inc. Mark is testing the disaster recovery plan of the company. During the testing of the recovery plan, he finds that some servers have been restored with another server's data. What will Mark do to improve the disaster recovery plan?

Question96: Which of the following procedures is to reduce the risk to personnel, property, and other assets while minimizing work disorders in the event of an emergency?

Question97: You want to use PGP files for steganography. Which of the following tools will you use to accomplish the task?

Question98: Software Development Life Cycle (SDLC) is a logical process used by the programmers to develop software. Which SDLC phase meets the following audit objectives?
System and data are validated.
System meets all user requirements.
System meets all control requirements.

Question99: Which of the following sites is a non-mainstream alternative to a traditional recovery site?

Question100: Which of the following terms describes the annually expected financial loss to an organization from a threat?

Question101: Which of the following statements is related to residual risks?

Question102: Which of the following procedures is designed to contain data, hardware, and software that can be critical for a business?

Question103: John, a novice web user, makes a new e-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?
Each correct answer represents a complete solution. Choose all that apply.

Question104: Which of the following is a duplicate of the original site of an organization, with fully working systems as well as near-complete backups of user data?

Question105: Which of the following terms describes the determination of the effect of changes to the information system on the security of the information system?

Question106: Which of the following is the simulation of the disaster recovery plans?

Question107: Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

Question108: Fill in the blank with the appropriate phrase.
____________ privilege escalation is the process of attempting to access sources with a higher access, such as a user account trying to access admin privileges.

Question109: Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

Question110: Which of the following control measures are considered while creating a disaster recovery plan?
Each correct answer represents a part of the solution. Choose three.

Question111: Which of the following are some of the parts of a project plan?
Each correct answer represents a complete solution. Choose all that apply.

Question112: Which of the following tools in Helix Windows Live is used to reveal the database password of password protected MDB files created using Microsoft Access or with Jet Database Engine?

Question113: Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following?
Each correct answer represents a part of the solution. Choose all that apply.

Question114: The Incident handling process implemented in an enterprise is responsible to deal with all the incidents regarding the enterprise. Which of the following procedures will be involved by the preparation phase of the Incident handling process?

Question115: You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

Question116: Which of the following Tier 1 policies will identify who is responsible for what?

Question117: Which of the following is a compromise between hot and cold sites?

Question118: Which of the following is a duplicate of the original site of an organization, with fully working systems as well as near-complete backups of user data?

Question119: You work as a Network administrator for Infonet Inc. The company has 135 Windows XP Professional computers and twenty Windows 2003 Server computers. You want to specify the number of invalid logon attempts allowed before a user account is locked out. What will you do to accomplish the task?

Question120: Which of the following cryptographic system services assures the receiver that the received message has not been altered?

Question121: Which of the following statements about disaster recovery plan documentation are true? Each correct answer represents a complete solution. Choose all that apply.

Question122: Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?

Question123: Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in implementing efficient FCIP-based business-continuity and disaster-recovery solutions?
Each correct answer represents a complete solution. Choose all that apply.

Question124: Fill the appropriate power supply form factor in the blank space.
_________form factor is similar to LPX form factor in physical dimensions.

Question125: Which of the following modes of operation supports users with different clearances and data at various classification levels?

Question126: Which of the following systems helps to detect the "abuse of privileges" attack that does not actually involve exploiting any security vulnerability?

Question127: Fill in the blank with the appropriate phrase.
__________________ is the process of obtaining access using legitimate credentials, and then attempting to leverage that into access to unauthorized system resources.

Question128: Which of the following tasks is prioritized the most by the information security strategy?

Question129: BS 7799 is an internationally recognized ISM standard that provides high level, conceptual recommendations on enterprise security. BS 7799 is basically divided into three parts. Which of the following statements are true about BS 7799?
Each correct answer represents a complete solution. Choose all that apply.

Question130: Which of the following processes hides one set of IP addresses used for internal traffic only while exposing a second set of addresses to external traffic?

Question131: Which of the following are some of the parts of a project plan?
Each correct answer represents a complete solution. Choose all that apply.

Question132: You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

Question133: Which of the following cryptographic system services proves a user's identity?

Question134: Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?

Question135: Which of the following governance bodies provides management, operational, and technical controls to satisfy the security requirements?

Question136: Which of the following actions can be performed by using the principle of separation of duties?

Question137: Which of the following are common applications that help in replicating and protecting critical information at the time of disaster?
Each correct answer represents a complete solution. Choose all that apply.

Question138: Which of the following statements about a certification authority (CA) is true?

Question139: Which of the following processes measures the maturity level of the security program?

Question140: Which of the following SSE-CMM security engineering Process Areas (PA) specifies the security needs?

Question141: Which of the following administrative policy controls requires individuals or organizations to be engaged in good business practices relative to the organization's industry?

Question142: Which of the following backup sites is a replica of the original site of an organization with full computer systems as well as near-complete backups of user data?

Question143: Which of the following activities includes initiation, development and acquisition, implementation and installation, operational maintenance, and disposal?

Question144: Which of the following maturity levels of the software CMM focuses on competent people and heroics?

Question145: Which of the following backup sites takes the longest recovery time?

Question146: Which of the following system security policies is used to address specific issues of concern to the organization?

Question147: ISO 17799 has two parts. The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an auditing guide based on requirements that must be met for an organization to be deemed compliant with ISO
17799. What are the ISO 17799 domains?
Each correct answer represents a complete solution. Choose all that apply.

Question148: Which of the following types of control gives an instance of the audit log?

Question149: Fill in the blank with the appropriate number:
RAID-______is a combination of RAID-1 and RAID-0.