EMT Practice Test

1. Question Content...


Question List

Question1: Which of the options below will do the most to reduce an organization's attack surface on the internet?

Question2: What is an organization's goal in deploying a policy to encrypt all mobile devices?

Question3: Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed. Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps?

Question4: Which CIS Control includes storing system images on a hardened server, scanning production systems for out-of-date software, and using file integrity assessment tools like tripwire?

Question5: To effectively implement the Data Protection CIS Control, which task needs to be implemented first?

Question6: During a security audit which test should result in a source packet failing to reach its intended destination?

Question7: What is the list displaying?

Question8: Which of the following best describes the CIS Controls?

Question9: An organization is implementing a control for the Limitation and Control of Network Ports, Protocols, and Services CIS Control. Which action should they take when they discover that an application running on a web server is no longer needed?

Question10: Which of the following will decrease the likelihood of eavesdropping on a wireless network?

Question11: Which approach is recommended by the CIS Controls for performing penetration tests?

Question12: How often should the security awareness program be communicated to employees?

Question13: Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log. Which of the following lines in your firewall ruleset has expired and should be removed from the configuration?

Question14: Which of the following actions produced the output seen below?

Question15: What documentation should be gathered and reviewed for evaluating an Incident Response program?

Question16: An analyst investigated unused organizational accounts. The investigation found that:
-10% of accounts still have their initial login password, indicating they were never used
-10% of accounts have not been used in over six months
Which change in policy would mitigate the security risk associated with both findings?

Question17: An organization has implemented a control for Controlled Use of Administrative Privilege. The control requires users to enter a password from their own user account before being allowed elevated privileges, and that no client applications (e.g. web browsers, e-mail clients) can be run with elevated privileges. Which of the following actions will validate this control is implemented properly?

Question18: What is a recommended defense for the CIS Control for Application Software Security?

Question19: Implementing which of the following will decrease spoofed e-mail messages?

Question20: How does an organization's hardware inventory support the control for secure configurations?

Question21: Which of the following is a responsibility of a change management board?

Question22: An organization has failed a test for compliance with a policy of continual detection and removal of malicious software on its network. Which of the following errors is the root cause?

Question23: An organization has implemented a control for penetration testing and red team exercises conducted on their network. They have compiled metrics showing the success of the penetration testing (Penetration Tests), as well as the number of actual adversary attacks they have sustained (External Attacks). Assess the metrics below and determine the appropriate interpretation with respect to this control.

Question24: A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.
Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator's account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?

Question25: Which of the following archiving methods would maximize log integrity?

Question26: What is a zero-day attack?

Question27: Which projects enumerates or maps security issues to CVE?

Question28: Below is a screenshot from a deployed next-generation firewall. These configuration settings would be a defensive measure for which CIS Control?

Question29: Which of the following should be measured and analyzed regularly when implementing the Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CIS Control?

Question30: John a network administrator at Northeast High School. Faculty have been complaining that although they can detect and authenticate to the faculty wireless network, they are unable to connect. While troubleshooting, John discovers that the wireless network server is out of DHCP addresses due to a large number of unauthorized student devices connecting to the network. Which course of action would be an effective temporary stopgap to secure the network until a permanent solution can be found?

Question31: Which of the following baselines is considered necessary to implement the Boundary Defense CIS Control?

Question32: An organization has implemented a control for Controlled Use of Administrative Privileges. They are collecting audit data for each login, logout, and location for the root account of their MySQL server, but they are unable to attribute each of these logins to a specific user. What action can they take to rectify this?

Question33: An administrator looking at a web application's log file found login attempts by the same host over several seconds. Each user ID was attempted with three different passwords. The event took place over 5 seconds.
* ROOT
* TEST
* ADMIN
* SQL
* USER
* NAGIOSGUEST
What is the most likely source of this event?