EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following protocols is used to retrieve e-mails from a remote mail server?

Question2: Which of the following heights of fence deters only casual trespassers?

Question3: You are examining a packet capture session in Wire shark and see the packet shown in the accompanying image. Based on what you see, what is the appropriate protection against this type of attempted attack?

Question4: Two clients connecting from the same public IP address (for example - behind the same NAT firewall) can connect simultaneously to the same web server on the Internet, provided what condition is TRUE?

Question5: There are three key factors in selecting a biometric mechanism. What are they?

Question6: What is the process of simultaneously installing an operating system and a Service Pack called?

Question7: Which command would allow an administrator to determine if a RPM package was already installed?

Question8: You are responsible for a Microsoft based network. Your servers are all clustered. Which of the following are the likely reasons for the clustering? Each correct answer represents a complete solution. Choose two.

Question9: Which of the following statements about buffer overflow is true?

Question10: Which of the following hardware devices prevents broadcasts from crossing over subnets?

Question11: Which of the following ports is used by the Secure File Transfer Protocol (SFTP)?

Question12: Which of the following prevents malicious programs from attacking a system?

Question13: Which of the following SIP INVITE lines indicates to the remote registrar the VoIP phone that initiated the call?

Question14: You have been hired by the company to upgrade its existing Windows NT 4.0 network to a Windows 2000 based network. In the past, the company's support group has faced difficult time because users changed the configuration of their workstations. Which of the following features of the Active Directory would best justify the move to the Windows 2000 network.?

Question15: Which class of IDS events occur when the IDS fails to alert on malicious data?

Question16: Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

Question17: What is the key difference between Electronic Codebook mode and other block cipher modes like Cipher Block Chaining, Cipher-Feedback and Output-Feedback?

Question18: What database can provide contact information for Internet domains?

Question19: Which of the following areas of a network contains DNS servers and Web servers for Internet users?

Question20: What is the term for a game in which for every win there must be an equivalent loss?

Question21: You work as a system administrator for Tech Perfect Inc. The company has a Linux-based network. You are a root user on the Linux operating system. A user, Jetson, wants to view the speed and the duplex for his Ethernet card. His ethernet card is activated on interface eth0. Which of the following commands can you use to accomplish this task?

Question22: A new data center is being built where customer credit information will be processed and stored. Which of the following actions will help maintain the confidentiality of the data?

Question23: What type of attack can be performed against a wireless network using the tool Kismet?

Question24: Which layer of the TCP/IP Protocol Stack Is responsible for port numbers?

Question25: Which of the following statements regarding the Secure Sockets Layer (SSL) security model are true?
Each correct answer represents a complete solution. Choose two.

Question26: Which of the following is referred to as Electromagnetic Interference (EMI)?

Question27: You work as a Network Administrator for McRobert Inc. You want to know the NetBIOS name of your computer. Which of the following commands will you use?

Question28: Which of the following items are examples of preventive physical controls? Each correct answer represents a complete solution. Choose three.

Question29: Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 domain- based network. The network contains ten Windows 2003 member servers, 150 Windows XP Professional client computers. According to the company's security policy, Mark needs to check whether all the computers in the network have all available security updates and shared folders. He also needs to check the file system type on each computer's hard disk. Mark installs and runs MBSACLI.EXE with the appropriate switches on a server.
Which of the following tasks will he accomplish?

Question30: Which of the following files contains the shadowed password entries in Linux?

Question31: Which of the following is a characteristic of hash operations?

Question32: Which of the following can be done over telephone lines, e-mail, instant messaging, and any other method of communication considered private.

Question33: You work as a Network Administrator for Tech Perfect Inc. The company has a Linux-based network. Rick, a Sales Manager, is running some unnecessary processes on a Linux server. You want to list down all processes that are being run by Rick. Which of the following commands will you use to accomplish the task?

Question34: Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution. Choose two.

Question35: What would the file permission example "rwsr-sr-x" translate to in absolute mode?

Question36: What database can provide contact information for Internet domains?

Question37: You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer.
The company asks you to implement a RAID system to provide fault tolerance to a database. You want to
implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?

Question38: In preparation to do a vulnerability scan against your company's systems. You've taken the steps below:
You've notified users that there will be a system test.
You've priontized and selected your targets and subnets.
You've configured the system to do a deep scan.
You have a member of your team on call to answer questions.
Which of the following is a necessary step to take prior to starting the scan?

Question39: Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

Question40: Which of the following Ethernet specifications can transmit data up to a distance of 500 meters?

Question41: Which of the following terms refers to the method that allows or restricts specific types of packets from crossing over the firewall?

Question42: Which of the following protocols are used to provide secure communication between a client and a server
over the Internet?
Each correct answer represents a part of the solution. Choose two.

Question43: Which of the following are the types of routing protocols?
Each correct answer represents a complete solution. Choose two.

Question44: What is the unnoticed theft of sensitive data from a laptop owned by an organization's CEO an example of in information warfare?

Question45: Which of the following is a benefit to utilizing Cygwin for Windows?

Question46: You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for
your company.
You have physically installed sensors at all key positions throughout the network such that they all report
to the command console.
What will be the key functions of the sensors in such a physical layout?
Each correct answer represents a complete solution. Choose all that apply.

Question47: Which of the following features of Windows 7 allows an administrator to both passively review installed software and configure policies to prevent out-of-date or insecure software from running?

Question48: Analyze the screenshot below. What is the purpose of this message?

Question49: Several files servers are configured in an iSCSI storage area network (SAN). The servers have been configured to use RADIUS and IPSec with the Microsoft iSCSI Initiator properties page. However, clients are unable to connect to any of the servers in the iSCSI SAN. What's the likely reason?

Question50: At what point in the Incident Handling process should an organization determine its approach to notifying law enforcement?

Question51: Which of the following tools is used to query the DNS servers to get detailed information about IP addresses, MX records, and NS servers?

Question52: You are reviewing a packet capture file from your network intrusion detection system. In the packet stream, you come across a long series of "no operation" (NOP) commands. In addition to the NOP commands, there appears to be a malicious payload. Of the following, which is the most appropriate preventative measure for this type of attack?

Question53: Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

Question54: Which of the following statements best explains how encryption works on the Internet?

Question55: Which of the following protocols is used to establish a secure TELNET session over TCP/IP?

Question56: Which of the following BEST describes the two job functions of Microsoft Baseline Security Analyzer (MBSA)?

Question57: What is the maximum number of connections a normal Bluetooth device can handle at one time?

Question58: Which of the following fields CANNOT be hashed by Authentication Header (AH) in transport mode?

Question59: You work as a Network Administrator for Net World Inc. The company has a Linux-based network. You are optimizing performance and security on your Web server. You want to know the ports that are listening to FTP. Which of the following commands will you use?

Question60: Which of the following terms is synonymous with the willful destruction of another person's property?

Question61: What protocol is a WAN technology?

Question62: You are going to upgrade your hard disk's file system from FAT to NTFS. What are the major advantages of the NTFS file system over FAT16 and FAT32 file systems?
Each correct answer represents a complete solution. Choose all that apply.

Question63: Which of the following is a signature-based intrusion detection system (IDS) ?

Question64: Which of the following is the default port for Simple Network Management Protocol (SNMP)?

Question65: Which of the following describes software technologies that improve portability, manageability, and compatibility of applications by encapsulating them from the underlying operating system on which they are executed?

Question66: You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest single domain network. The company has recently provided laptops to its sales team members. You have configured access points in the network to enable a wireless network. The company's security policy states that all users using laptops must use smart cards for authentication. Select and place the authentication method you are required to configure to implement the security policy of the company.

Question67: You are an Intrusion Detection Analyst and the system has alerted you to an Event of Interest (EOI) that appears to be activity generated by a worm. You investigate and find that the network traffic was normal. How would this type of alert be categorized?

Question68: Where could you go in Windows XP/2003 to configure Automatic Updates?

Question69: How many bytes does it take to represent the hexadecimal value OxFEDCBA?

Question70: It is possible to sniff traffic from other hosts on a switched Ethernet network by impersonating which type of network device?

Question71: Which Linux file lists every process that starts at boot time?

Question72: An attacker gained physical access to an internal computer to access company proprietary data. The facility is protected by a fingerprint biometric system that records both failed and successful entry attempts. No failures were logged during the time periods of the recent breach. The account used when the attacker entered the facility shortly before each incident belongs to an employee who was out of the area. With respect to the biometric entry system, which of the following actions will help mitigate unauthorized physical access to the facility?

Question73: You work as a Network Administrator for NetTech Inc. When you enter
http://66.111.64.227
in the browser's address bar, you are able to access the site. But, you are unable to access the site when you enter
http://www.uCertify.com. What is the most likely cause?

Question74: If Linux server software is a requirement in your production environment which of the following should you NOT utilize?

Question75: When are Group Policy Objects (GPOs) NOT applied automatically to workstations?

Question76: The TTL can be found in which protocol header?

Question77: You work as a Network Administrator for McRobert Inc. You want to know the NetBIOS name of your computer. Which of the following commands will you use?

Question78: What are the two actions the receiver of a PGP email message can perform that allows establishment of trust between sender and receiver?

Question79: Which of the following authentication methods are used by Wired Equivalent Privacy (WEP)? Each correct answer represents a complete solution. Choose two.

Question80: Which of the following commands is used to switch from one user login to another in a Linux computer?

Question81: During a scheduled evacuation training session the following events took place in this order:
1. Evacuation process began by triggering the building fire alarm.
2a. The meeting point leader arrived first at the designated meeting point and immediately began making note of who was and was not accounted for.
2b. Stairwell and door monitors made it to their designated position to leave behind a box of flashlights and prop the stairway doors open with a garbage can so employees can find exits and dispose of food and beverages.
2c. Special needs assistants performed their assigned responsibility to help employees out that require special assistance.
3. The safety warden communicated with the meeting point leader via walkie talkie to collect a list of missing personnel and communicated this information back to the searchers.
4. Searchers began checking each room and placing stick-it notes on the bottom of searched doors to designate which areas were cleared.
5. All special need assistants and their designated wards exited the building.
6. Searchers complete their assigned search pattern and exit with the Stairwell/door monitors.
Given this sequence of events, which role is in violation of its expected evacuation tasks?

Question82: When Net Stumbler is initially launched, it sends wireless frames to which of the following addresses?

Question83: Which of the following would be a valid reason to use a Windows workgroup?

Question84: Against which of the following does SSH provide protection?
Each correct answer represents a complete solution. Choose two.

Question85: Which of the following TCP packet flags indicates that host should IMMEDIATELY terminate the connection containing the packet?

Question86: Which of the following is an Institute of Electrical and Electronics Engineering (IEEE) specification that defines standards for Ethernet?

Question87: Which of the following books deals with confidentiality?

Question88: Which Host-based IDS (HIDS) method of log monitoring utilizes a list of keywords or phrases that define the events of interest for the analyst, then takes a list of keywords to watch for and generates alerts when it sees matches in log file activity?

Question89: Which of the following protocols multicasts messages and information among all member devices in an IP multicast group?

Question90: Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 domain- based network. The network contains ten Windows 2003 member servers, 150 Windows XP Professional client computers. According to the company's security policy, Mark needs to check whether all the computers in the network have all available security updates and shared folders. He also needs to check the file system type on each computer's hard disk. Mark installs and runs MBSACLI.EXE with the appropriate switches on a server.
Which of the following tasks will he accomplish?

Question91: Which of the following is the default subnet mask for the Class C IP address network?

Question92: Which of the following heights of fence deters only casual trespassers?

Question93: Which of the following SHELL commands displays currently logged-in users and their tasks?

Question94: Which of the following books of the Rainbow Series contains the DOD Password Management Guidelines?

Question95: You work as a Network Administrator for McNeil Inc. You are installing an application. You want to view the log file whenever a new entry is added to the /var/log/messages log file. Which of the following commands will you use to accomplish this?

Question96: Which of the following statements about the authentication concept of information security management is true?

Question97: If the NET_ID of the source and destination address in an IP (Internet Protocol) packet match, which answer BEST describes the routing method the sending host will use?

Question98: Which of the following monitors program activities and modifies malicious activities on a system?

Question99: John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is currently working on his C based new traceroute program. Since, many processes are running together on the system, he wants to give the highest priority to the cc command process so that he can test his program, remove bugs, and submit it to the office in time. Which of the following commands will John use to give the highest priority to the cc command process?

Question100: Which of the following number ranges is used for the IPX Standard ACL?

Question101: Which of the following would be a valid reason to use a Windows workgroup?

Question102: John works as a professional Ethical Hacker. He has been assigned a project to test the security of
www.we-are-secure.com
. While examining a log report, he finds that an intrusion has been attempted by an attacker whose IP address is 0x40.0x3 A.0x2B.0xE6. Which of the following decimal IP addresses will respond to the ping on the above Hexadecimal IP address?

Question103: When trace route fails to get a timely response for a packet after three tries, which action will it take?

Question104: You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. You have configured a firewall on the network. A filter has been applied to block all the ports. You want to enable sending and receiving of emails on the network. Which of the following ports will you open?
Each correct answer represents a complete solution. Choose two.

Question105: When discussing access controls, which of the following terms describes the process of determining the activities or functions that an Individual is permitted to perform?

Question106: What file instructs programs like Web spiders NOT to search certain areas of a site?

Question107: You work as a Linux technician for Tech Perfect Inc. You have lost the password of the root. You want to provide a new password. Which of the following steps will you take to accomplish the task?

Question108: Which of the following protocols work at the Session layer of the OSI model? Each correct answer represents a complete solution. Choose all that apply.

Question109: How are differences in configuration settings handled between Domain and Local Group Policy Objects (GPOs)?

Question110: Which of the following types of fire comes under Class K fire?

Question111: An employee attempting to use your wireless portal reports receiving the error shown below. Which scenario is occurring?

Question112: Which of the following classes of fire comes under Class C fire?

Question113: While building multiple virtual machines on a single host operating system, you have determined that each virtual machine needs to work on the network as a separate entity with its own unique IP address on the same logical subnet. You also need to limit each guest operating system to how much system resources it has access to. Which of the following correctly identifies steps that must be taken towards setting up these virtual environments?

Question114: What technical control provides the most critical layer of defense if an intruder is able to bypass all physical security controls and obtain tapes containing critical data?

Question115: Which port category does the port 110 fall into?

Question116: Which of the following files is used to control the behavior of the SSH server?

Question117: Which of the following uses public-key encryption to encrypt and digitally sign e-mail messages during communication between e-mail clients?

Question118: You are going to upgrade your hard disk's file system from FAT to NTFS. What are the major advantages of the NTFS file system over FAT16 and FAT32 file systems?
Each correct answer represents a complete solution. Choose all that apply.

Question119: The Linux command to make the /etc/shadow file, already owned by root, readable only by root is which of the following?

Question120: Which of the following tools is used to query the DNS servers to get detailed information about IP addresses, MX records, and NS servers?

Question121: Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

Question122: Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 domain- based network. The network contains ten Windows 2003 member servers, 150 Windows XP Professional client computers. According to the company's security policy, Mark needs to check whether all the computers in the network have all available security updates and shared folders. He also needs to check the file system type on each computer's hard disk. Mark installs and runs MBSACLI.EXE with the appropriate switches on a server. Which of the following tasks will he accomplish?

Question123: Which of the following statements regarding Secure Sockets Layer (SSL) are true? Each correct answer represents a complete solution. Choose all that apply.

Question124: Which of the following is an advantage of an Intrusion Detection System?

Question125: At what point in the Incident Handling process should an organization determine its approach to notifying law enforcement?

Question126: You have reason to believe someone with a domain user account has been accessing and modifying sensitive spreadsheets on one of your application servers. You decide to enable auditing for the files to see who is accessing and changing them. You enable the Audit Object Access policy on the files via Group Policy. Two weeks later, when you check on the audit logs, you see they are empty. What is the most likely reason this has happened?

Question127: You work as a Network Administrator for McRoberts Inc. The company has a Linux-based network. You
have created a script named lf.cgi. You want to provide the following permissions on it:
rwsr-sr--Which of the following commands will you execute?

Question128: Which of the below choices should an organization start with when implementing an effective risk management process?

Question129: When should you create the initial database for a Linux file integrity checker?

Question130: Which of the following quantifies the effects of a potential disaster over a period of time?

Question131: Which of the following are advantages of NTFS file system over FAT32 and FAT? Each correct answer represents a part of the solution. Choose two.

Question132: What is the maximum cable segment length supported by a 10BaseT network?

Question133: Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

Question134: Included below is the output from a resource kit utility run against local host.

Which command could have produced this output?

Question135: An attacker gained physical access to an internal computer to access company proprietary data. The facility is protected by a fingerprint biometric system that records both failed and successful entry attempts.
No failures were logged during the time periods of the recent breach. The account used when the attacker entered the facility shortly before each incident belongs to an employee who was out of the area. With respect to the biometric entry system, which of the following actions will help mitigate unauthorized physical access to the facility?

Question136: Which of the following statements about Dynamic Host Configuration Protocol (DHCP) are true? Each correct answer represents a complete solution. Choose two.

Question137: Which of the following is TRUE regarding the ability of attackers to eavesdrop on wireless communications?