EMT Practice Test

1. Question Content...


Question List

Question1: What would the following IP tables command do?
IP tables -I INPUT -s 99.23.45.1/32 -j DROP

Question2: Which of the following items are examples of preventive physical controls? Each correct answer represents a complete solution. Choose three.

Question3: Which of the following should be implemented to protect an organization from spam?

Question4: Where could you go in Windows XP/2003 to configure Automatic Updates?

Question5: A security analyst has entered the following rule to detect malicious web traffic:
alert tcp any -> 192.168.1.0/24 SO (msg: Attempted SQL Injection!"; sld:20000O01;) How can this rule be changed to reduce false positives?

Question6: The Windows 'tracert' begins by sending what type of packet to the destination host?

Question7: Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution. Choose two.

Question8: What type of attack can be performed against a wireless network using the tool Kismet?

Question9: During a scheduled evacuation training session the following events took place in this order:
1. Evacuation process began by triggering the building fire alarm.
2
a. The meeting point leader arrived first at the designated meeting point and immediately began making note of who was and was not accounted for.
2b. Stairwell and door monitors made it to their designated position to leave behind a box of flashlights and prop the stairway doors open with a garbage can so employees can find exits and dispose of food and beverages.
2c. Special needs assistants performed their assigned responsibility to help employees out that require special assistance.
3. The safety warden communicated with the meeting point leader via walkie talkie to collect a list of missing personnel and communicated this information back to the searchers.
4. Searchers began checking each room and placing stick-it notes on the bottom of searched doors to designate which areas were cleared.
5. All special need assistants and their designated wards exited the building.
6. Searchers complete their assigned search pattern and exit with the Stairwell/door monitors.
Given this sequence of events, which role is in violation of its expected evacuation tasks?

Question10: In PKI, when someone wants to verify that the certificate is valid, what do they use to decrypt the signature?

Question11: Which of the following radio frequencies is used by the IEEE 802.11a wireless network?

Question12: Which of the following protocols is used to send e-mails on the Internet?

Question13: Validating which vulnerabilities in a network environment are able to be exploited by an attacker is called what?

Question14: Which of the following Linux commands can change both the username and group name a file belongs to?

Question15: What is the purpose of notifying stakeholders prior to a scheduled vulnerability scan?

Question16: What is log, pre-processing?

Question17: Which of the following resources is a knowledge base of real-world observed adversary tactics and techniques?

Question18: Your software developer comes to you with an application that controls a user device. The application monitors its own behavior and that of the device and creates log files. The log files are expected to grow steadily and rapidly. Your developer currently has the log files stored in the /bin folder with the application binary. Where would you suggest that the developer store the log files?

Question19: Which of the following access control principles helps prevent collusion and detect abuse of access?

Question20: Which of the following authentication methods are used by Wired Equivalent Privacy (WEP)? Each correct answer represents a complete solution. Choose two.

Question21: What is the term for a game in which for every win there must be an equivalent loss?

Question22: Which of the following is a Layer 3 device that will typically drop directed broadcast traffic?

Question23: You work as a Network Administrator for McRobert Inc. You want to know the NetBIOS name of your computer. Which of the following commands will you use?

Question24: Which Windows event log would you look in if you wanted information about whether or not a specific diver was running at start up?

Question25: You work as a Network Administrator for Net World Inc. The company has a Linux-based network. You are optimizing performance and security on your Web server. You want to know the ports that are listening to FTP. Which of the following commands will you use?

Question26: Why would someone use port 80 for deployment of unauthorized services?

Question27: Which of the following protocols implements VPN using IPSec?

Question28: Against policy, employees have installed Peer-to-Peer applications on their workstations and they are using them over TCP port 80 to download files via the company network from other Peer-to-Peer users on the Internet. Which of the following describes this threat?

Question29: What dots Office 365 use natively for authentication?

Question30: Which port category does the port 110 fall into?

Question31: Which of the following statements about the integrity concept of information security management are true?
Each correct answer represents a complete solution. Choose three.

Question32: You are examining a packet capture session in Wire shark and see the packet shown in the accompanying image. Based on what you see, what is the appropriate protection against this type of attempted attack?

Question33: The process of enumerating all hosts on a network defines which of the following activities?

Question34: Which of the following protocols provides maintenance and error reporting function?

Question35: While building multiple virtual machines on a single host operating system, you have determined that each virtual machine needs to work on the network as a separate entity with its own unique IP address on the same logical subnet. You also need to limit each guest operating system to how much system resources it has access to. Which of the following correctly identifies steps that must be taken towards setting up these virtual environments?

Question36: Based on the iptables output below, which type of endpoint security protection has host 192.168.1.17 implemented for incoming traffic on TCP port 22 (SSH) and TCP port 23 (telnet)?

Question37: You work as a Network Administrator for Net Perfect Inc. The company has a Linux-based network. You are configuring an application server. An application named Report, which is owned by the root user, is placed on the server. This application requires superuser permission to write to other files. All sales managers of the company will be using the application. Which of the following steps will you take in order to enable the sales managers to run and use the Report application?

Question38: Users at the Marketing department are receiving their new Windows XP Professional workstations. They will need to maintain local work files in the first logical volume, and will use a second volume for the information shared between the area group. Which is the best file system design for these workstations?

Question39: Training an organization on possible phishing attacks would be included under which NIST Framework Core guidelines?

Question40: A new data center is being built where customer credit information will be processed and stored. Which of the following actions will help maintain the confidentiality of the data?

Question41: What is the discipline of establishing a known baseline and managing that condition known as?

Question42: Which of the following monitors program activities and modifies malicious activities on a system?

Question43: Which of the following statements about the authentication concept of information security management is true?

Question44: On which of the following OSI model layers does IPSec operate?

Question45: Which of the following statements about IPSec are true?
Each correct answer represents a complete solution. Choose two.

Question46: Which of the following services resolves host name to IP Address?

Question47: What Amazon Web Services (AWS) term describes a grouping of at least one datacenter with redundant power, high speed connections to other data centres and the Internet?

Question48: Fill in the blank with the correct answer to complete the statement below.
The permission is the minimum required permission that is necessary for a user to enter a directory and list its contents.

Question49: What requirement must an administrator remember when utilizing Security Configuration and Analysis (SCA) to apply security templates to Windows systems?

Question50: How can an adversary utilize a stolen database of unsalted password hashes?

Question51: Which of the following correctly describes a stateless packet filter?

Question52: Which of the following are advantages of Network Intrusion Detection Systems (NIDS)?

Question53: Analyze the screenshot below. In what order should the vulnerabilities be remediated?

Question54: What does Authentication Header (AH) add to the packet in order to prevent an attacker from lying about the source?

Question55: SSL session keys are available in which of the following lengths?

Question56: Which of the following consists of the security identifier number (SID) of your user account, the SID of all of your groups and a list of all your user rights?

Question57: On an NTFS file system, what will happen when a conflict exists between Allow and Deny permissions?

Question58: What type of formal document would include the following statement?
Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal application of Internet/Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies, and if there is any uncertainty, employees should consult their supervisor or manager.

Question59: A database is accessed through an application that users must authenticate with, on a host that only accepts connections from a subnet where the business unit that uses the data is located. What defense strategy is this?

Question60: At what point in the Incident Handling process should an organization determine its approach to notifying law enforcement?

Question61: Analyze the screenshot below. What is the purpose of this message?

Question62: Which of the following is a backup strategy?

Question63: You are the security director for an off-shore banking site. From a business perspective, what is a major factor to consider before running your new vulnerability scanner against the company's business systems?

Question64: Which aspect of UNIX systems was process accounting originally developed for?

Question65: What is the purpose of a TTL value?

Question66: Which of the following is referred to as Electromagnetic Interference (EMI)?

Question67: What is the most secure way to address an unused Windows service so it cannot be exploited by malware?

Question68: What is the first thing that should be done during the containment step of incident handling?

Question69: Which of the following processes Is used to prove a user Is who they claim to be based upon something they know, have, are, and/or their physical location?

Question70: Where are user accounts and passwords stored in a decentralized privilege management environment?

Question71: Which of the following is a term that refers to unsolicited e-mails sent to a large number of e-mail users?

Question72: What is the function of the TTL (Time to Live) field in IPv4 and the Hop Limit field in IPv6 In an IP Packet header?

Question73: Why are false positives such a problem with IPS technology?

Question74: Which of the following proxy servers provides administrative controls over the content?

Question75: A Host-based Intrusion Prevention System (HIPS) software vendor records how the Firefox Web browser interacts with the operating system and other applications, and identifies all areas of Firefox functionality. After collecting all the data about how Firefox should work, a database is created with this information, and it is fed into the HIPS software. The HIPS then monitors Firefox whenever it's in use. What feature of HIPS is being described in this scenario?

Question76: Which AWS service integrates with the Amazon API Gateway to provision and renew TLS encryption needs for data in transit?

Question77: You work as a Network Administrator for Net Perfect Inc. The company has a Linux-based network. You have created a folder named Report. You have made David the owner of the folder. The members of a group named JAdmin can access the folder and have Read, Write, and Execute permissions. No other user can access the folder. You want to ensure that the members of the JAdmin group do not have Write permission on the folder. Also, you want other users to have Read permission on the Report folder.
Which of the following commands will you use to accomplish the task?

Question78: What does an attacker need to consider when attempting an IP spoofing attack that relies on guessing Initial Sequence Numbers (ISNs)?

Question79: What is the motivation behind SYN/FIN scanning?

Question80: What technique makes it difficult for attackers to predict the memory address space location for code execution?

Question81: When a host on a remote network performs a DNS lookup of www.google.com, which of the following is likely to provide an Authoritative reply?

Question82: Which of the following attack vectors are addressed by Xinetd and TCP Wrappers?
A, Outsider attack from network
B, Outsider attack from a telephone
C, Insider attack from local network
D, Attack from previously installed malicious code

Question83: An attacker gained physical access to an internal computer to access company proprietary dat a. The facility is protected by a fingerprint biometric system that records both failed and successful entry attempts. No failures were logged during the time periods of the recent breach. The account used when the attacker entered the facility shortly before each incident belongs to an employee who was out of the area. With respect to the biometric entry system, which of the following actions will help mitigate unauthorized physical access to the facility?

Question84: Which of the following would be a valid reason to use a Windows workgroup?

Question85: The Return on Investment (ROI) measurement used in Information Technology and Information Security fields is typically calculated with which formula?

Question86: When using Pretty Good Privacy (PGP) to digitally sign a message, the signature is created in a two-step process. First, the message to be signed is submitted to PGP's cryptographic hash algorithm. What is one of the hash algorithms used by PGP for this process?

Question87: Which of the following is NOT a recommended best practice for securing Terminal Services and Remote Desktop?

Question88: Which Authenticates Assurance Level requires a hardware-based authenticates?

Question89: In order to capture traffic for analysis, Network Intrusion Detection Systems (NIDS) operate with network cards in what mode?

Question90: You work as a Network Administrator for McNeil Inc. The company has a Linux-based network. David, a Sales Manager, wants to know the name of the shell that he is currently using. Which of the following commands will he use to accomplish the task?

Question91: Which of the following is the reason of using Faraday cage?

Question92: Which of the following processes is known as sanitization?

Question93: You work as a Network Administrator for Net World Inc. The company has a Linux-based network. For testing purposes, you have configured a default IP-table with several filtering rules. You want to reconfigure the table. For this, you decide to remove the rules from all the chains in the table. Which of the following commands will you use?

Question94: What is the name of the Windows XP/2003 tool that you can use to schedule commands to be executed on remote systems during off-peak hours?

Question95: What improvement could a company that is rated at a NIST Implementation Tier of 2:
Risk Informed do to Increase their rating to a Tier 3: Repeatable?

Question96: Which services will have listening ports on a hardened Linux log server?

Question97: An attacker is able to trick an IDS into ignoring malicious traffic through obfuscation of the packet payload. What type of IDS error has occurred?

Question98: Which of the following are used to suppress gasoline and oil fires? Each correct answer represents a complete solution. Choose three.

Question99: You work as an Administrator for McRoberts Inc. The company has a Linux-based network. You are logged in as a non-root user on your client computer. You want to delete all files from the /garbage directory. You want that the command you will use should prompt for the root user password. Which of the following commands will you use to accomplish the task?

Question100: Which of the following statements best describes where a border router is normally placed?

Question101: Which of the following SIP INVITE lines indicates to the remote registrar the VoIP phone that initiated the call?

Question102: What is the main problem with relying solely on firewalls to protect your company's sensitive data?

Question103: Which of the following activities would take place during the containment phase?

Question104: Which of the following statements about Secure Sockets Layer (SSL) are true? Each correct answer represents a complete solution. Choose two.

Question105: What is the command-line tool for Windows XP and later that allows administrators the ability to get or set configuration data for a very wide variety of computer and user account settings?

Question106: An employee attempting to use your wireless portal reports receiving the error shown below. Which scenario is occurring?

Question107: Which of the following is an Implementation of PKI?

Question108: What is a characteristic of iOS security?

Question109: What is a security feature available with Windows Vista and Windows 7 that was not present in previous Windows operating systems?

Question110: Many IIS servers connect to Microsoft SQL databases. Which of the following statements about SQL server security is TRUE?

Question111: Which command would allow an administrator to determine if a RPM package was already installed?

Question112: Which of the following terms is used for the process of securing a system or a device on a network infrastructure?

Question113: What is it called when an OSI layer adds a new header to a packet?

Question114: Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP)?

Question115: The Linux command to make the /etc/shadow file, already owned by root, readable only by root is which of the following?

Question116: Where is the source address located in an IPv4 header?

Question117: Your customer wants to make sure that only computers he has authorized can get on his Wi-Fi. What is the most appropriate security measure you can recommend?

Question118: If Linux server software is a requirement in your production environment which of the following should you NOT utilize?

Question119: When trace route fails to get a timely response for a packet after three tries, which action will it take?

Question120: If a DNS client wants to look up the IP address for good.news.com and does not receive an authoritative reply from its local DNS server, which name server is most likely to provide an authoritative reply?

Question121: What Windows log should be checked to troubleshoot a Windows service that is falling to start?

Question122: Which access control mechanism requires a high amount of maintenance since all data must be classified, and all users granted appropriate clearance?

Question123: A folder D:\Files\Marketing has the following NTFS permissions:
* Administrators: Full Control
* Marketing: Change and Authenticated
* Users: Read
It has been shared on the server as "MARKETING", with the following share permissions:
* Full Control share permissions for the Marketing group
Which of the following effective permissions apply if a user from the Sales group accesses the \\FILESERVER\MARKETING shared folder?

Question124: Which of the following SIP methods is used to setup a new session and add a caller?

Question125: In an Active Directory domain, which is the preferred method of keeping host computers patched?

Question126: What is the fundamental problem with managing computers in stand-alone Windows workgroups?

Question127: You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are required to search for the error messages in the /var/log/messages log file. Which of the following commands will you use to accomplish this?

Question128: Which of the following is a signature-based intrusion detection system (IDS) ?

Question129: Which of the following is Azure's version of a superuser?

Question130: To be considered a strong algorithm, an encryption algorithm must be which of the following?

Question131: With regard to defense-in-depth, which of the following statements about network design principles is correct?

Question132: Which of the following is required to be backed up on a domain controller to recover Active Directory?

Question133: What protocol is a WAN technology?

Question134: Which of the following tools is used to query the DNS servers to get detailed information about IP addresses, MX records, and NS servers?

Question135: What cryptographic technique does file Integrity monitoring employ?

Question136: Your CIO has found out that it is possible for an attacker to clone your company's RFID (Radio Frequency ID) based key cards. The CIO has tasked you with finding a way to ensure that anyone entering the building is an employee. Which of the following authentication types would be the appropriate solution to this problem?

Question137: When designing wireless networks, one strategy to consider is implementing security mechanisms at all layers of the OSI model. Which of the following protection mechanisms would protect layer 1?

Question138: Your system has been infected by malware. Upon investigation, you discover that the malware propagated primarily via email. The malware attacked known vulnerabilities for which patches are available, but due to problems with your configuration management system you have no way to know which systems have been patched and which haven't, slowing your progress in patching your network. Of the following, which solution would you use to protect against this propagation vector?

Question139: Which of the following are the types of access controls?
Each correct answer represents a complete solution. Choose three.

Question140: Which layer of the TCP/IP Protocol Stack Is responsible for port numbers?

Question141: To update from a Windows Server Update Services (WSUS) server, users of the machine must have what rights, If any?

Question142: IPS devices that are classified as "In-line NIDS" devices use a combination of anomaly analysis, signature- based rules, and what else to identify malicious events on the network?

Question143: You have set up a local area network for your company. Your firewall separates your network into several sections: a DMZ with semi-public servers (web, dns, email) and an intranet with private servers. A penetration tester gains access to both sections and installs sniffers in each. He is able to capture network traffic for all the devices in the private section but only for one device (the device with the sniffer) in the DMZ. What can be inferred about the design of the system?

Question144: Which of the following languages enable programmers to store cookies on client computers? Each correct answer represents a complete solution. Choose two.

Question145: You are responsible for technical support at a company. One of the employees complains that his new laptop cannot connect to the company wireless network. You have verified that he is entering a valid password/passkey. What is the most likely problem?

Question146: Which of the following is generally practiced by the police or any other recognized governmental authority?

Question147: How is a Distributed Denial of Service (DDOS) attack distinguished from a regular DOS attack?

Question148: When a packet leaving the network undergoes Network Address Translation (NAT), which of the following is changed?

Question149: Which of the following systems acts as a NAT device when utilizing VMware in NAT mode?

Question150: Which of the following are the types of intrusion detection systems?
Each correct answer represents a complete solution. Choose all that apply.

Question151: The following three steps belong to the chain of custody for federal rules of evidence. What additional step is recommended between steps 2 and 3?
STEP 1 - Take notes: who, what, where, when and record serial numbers of machine(s) in question.
STEP 2 - Do a binary backup if data is being collected.
STEP 3 - Deliver collected evidence to law enforcement officials.

Question152: You ask your system administrator to verify user compliance with the corporate policies on password strength, namely that all passwords will have at least one numeral, at least one letter, at least one special character and be 15 characters long. He comes to you with a set of compliance tests for use with an offline password cracker. They are designed to examine the following parameters of the password:
* they contain only numerals
* they contain only letters
* they contain only special characters
* they contain only letters and numerals
* they contain only letters and special characters
* they contain only numerals and special characters
Of the following, what is the benefit to using this set of tests?

Question153: You work as a Network Administrator for NetTech Inc. To ensure the security of files, you encrypt data files using Encrypting File System (EFS).
You want to make a backup copy of the files and maintain security settings. You can backup the files either to a network share or a floppy disk. What will you do to accomplish this?

Question154: Which type of risk assessment results are typically categorized as low, medium, or high-risk events?

Question155: You work as a Network Administrator for Rick International. The company has a TCP/IP-based network. A user named Kevin wants to set an SSH terminal at home to connect to the company's network. You have to configure your company's router for it. By default, which of the following standard ports does the SSH protocol use for connection?

Question156: Analyze the following screenshot. What conclusion can be drawn about the user account shown?

Question157: Which of the following heights of fence deters only casual trespassers?

Question158: Who is responsible for deciding the appropriate classification level for data within an organization?

Question159: When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as.

Question160: Your organization is developing a network protection plan. No single aspect of your network seems more important than any other. You decide to avoid separating your network into segments or categorizing the systems on the network. Each device on the network is essentially protected in the same manner as all other devices.
This style of defense-in-depth protection is best described as which of the following?

Question161: Which of the following is a new Windows Server 2008 feature for the Remote Desktop Protocol (RDP)?