EMT Practice Test

1. Question Content...


Question List

Question1: Management has requested an additional layer of remote access control to protect a critical database that is hosted online. Which of the following would 8EST provide this protection?

Question2: Which of the following BEST offers data encryption, authentication, and integrity of data flowing between a server and the client?

Question3: Your enterprise SIEM system is configured to collect andanalyze log data from various sources. Beginning at12:00 AM on December 4, 2024, until 1:00 AM(Absolute), several instances of PowerShell arediscovered executing malicious commands andaccessing systems outside of their normal workinghours.
What is the physical address of the web server that wastargeted with malicious PowerShell commands?

Question4: Which of the following is foundational for implementing a Zero Trust model?

Question5: Which of (he following is the PRIMARY reason to regularly review firewall rules?

Question6: The CISO has received a bulletin from law enforcementauthorities warning that the enterprise may be at risk ofattack from a specific threat actor. Review the bulletin named CCOA Threat Bulletin.pdf on the Desktop.
Which of the following domain name(s) from the CCOAThreat Bulletin.pdf was contacted between 12:10 AMto 12:12 AM (Absolute) on August 17, 2024?

Question7: Which ofthe following is .1 PRIMARY output from the development of a cyber risk management strategy?

Question8: Which of the following is the PRIMARY benefit of a cybersecurity risk management program?

Question9: Following a ransomware incident, the network teamprovided a PCAP file, titled ransom.pcap, located in theInvestigations folder on the Desktop.
What is the full User-Agent value associated with theransomware demand file download. Enter your responsein the field below.

Question10: Which of the following should be the ULTIMATE outcome of adopting enterprise governance of information and technology in cybersecurity?

Question11: The PRIMARY function of open source intelligence (OSINT) is:

Question12: Exposing the session identifier in a URL is an example of which web application-specific risk?

Question13: In the Open Systems Interconnection (OSI) Model for computer networking, which of the following is the function of the network layer?

Question14: Which of the following is the MOST important reason to limit the number of users with local admin privileges on endpoints?

Question15: In which phase of the Cyber Kill Chain" would a red team run a network and port scan with Nmap?

Question16: A small organization has identified a potential risk associated with its outdated backup system and has decided to implement a new cloud-based real-time backup system to reduce the likelihood of data loss. Which of the following risk responses has the organization chosen?

Question17: Which of the following tactics is associated with application programming interface (API) requests that may result in bypassing access control checks?

Question18: Which of the following risks is MOST relevant to cloud auto-scaling?

Question19: On the Analyst Desktop is a Malware Samples folderwith a file titled Malscript.viruz.txt.
Based on the contents of the malscript.viruz.txt, whichthreat actor group is the malware associated with?

Question20: The network team has provided a PCAP file withsuspicious activity located in the Investigations folderon the Desktop titled, investigation22.pcap.
What is the filename of the webshell used to control thehost 10.10.44.200? Your response must include the fileextension.

Question21: Which of the following can be used to identity malicious activity through a take user identity?

Question22: Which of the following MOST directly supports the cybersecurity objective of integrity?

Question23: Which ofthe following is a type of middleware used to manage distributed transactions?

Question24: A bank employee is found to beexfiltrationsensitive information by uploading it via email. Which of the following security measures would be MOST effective in detecting this type of insider threat?

Question25: The enterprise is reviewing its security posture byreviewing unencrypted web traffic in the SIEM.
How many logs are associated with well knownunencrypted web traffic for the month of December2023 (Absolute)? Note: Security Onion refers to logsas documents.

Question26: Which of the following is the MOST effective approach for tracking vulnerabilities in an organization's systems and applications?

Question27: Which of the following Is a PRIMARY function of a network intrusion detection system (IDS)?

Question28: An attacker has compromised a number of systems on an organization'snetwork andisexfiltrationdata Usingthe Domain Name System (DNS) queries. Whichof the following is the BEST mitigation strategy to prevent data exfiltration using this technique?
mitigation strategy to prevent data exfiltration using this technique?

Question29: Which of the following MOST effectively minimizes the impact of a control failure?

Question30: Which of the following is the MOST common output of a vulnerability assessment?

Question31: A change advisory board Is meeting to review a remediation plan for a critical vulnerability, with a cybersecurity analyst in attendance. When asked about measures to address post-implementation issues, which o! the following would be the analyst's BEST response?

Question32: Which ofthe following is the PRIMARY purpose of load balancers in cloud networking?

Question33: An organization continuously monitors enforcement of the least privilege principle and requires users and devices to re-authenticate at multiple levels of a system. Which type of security model has been adopted?

Question34: Which type of cloud deployment model is intended to be leveraged over the Internet by many organizations with varying needs and requirements?

Question35: Which of the following controls would BEST prevent an attacker from accessing sensitive data from files or disk images that have been obtained either physically or via the network?

Question36: An insecure continuous integration and continuous delivery (CI/CD) pipeline would MOST likely lead to:

Question37: The enterprise is reviewing its security posture byreviewing unencrypted web traffic in the SIEM.
How many unique IPs have received well knownunencrypted web connections from the beginning of2022 to the end of 2023 (Absolute)?

Question38: The network team has provided a PCAP file withsuspicious activity located in the Investigations folderon the Desktop titled, investigation22.pcap.
What date was the webshell accessed? Enter the formatas YYYY-MM-DD.

Question39: During a post-mortem incident review meeting, it is noted that a malicious attacker attempted to achieve network persistence by using vulnerabilities that appeared to be lower risk but ultimately allowed the attacker to escalate their privileges. Which ofthe following did the attacker MOST likely apply?

Question40: Question 1 and 2
You have been provided with authentication logs toinvestigate a potential incident. The file is titledwebserver- auth-logs.txt and located in theInvestigations folder on the Desktop.
Which IP address is performing a brute force attack?
What is the total number of successful authenticationsby the IP address performing the brute force attack?

Question41: Which of the following roles typically performs routine vulnerability scans?

Question42: Which of the following processes is MOST effective for reducing application risk?

Question43: Your enterprise has received an alert bulletin fromnational authorities that the network has beencompromised at approximately 11:00 PM (Absolute) onAugust 19, 2024. The alert is located in the alerts folderwith filename, alert_33.pdf.
Use the IOCs to find the compromised host. Enter thehost name identified in the keyword agent.name fieldbelow.

Question44: An organization's financial data was compromised and posted online. The forensics review confirms proper access rights and encryption of the database at the host site. A lack of which of the following controls MOST likely caused the exposure?

Question45: Which of the following is the BEST way for an organization to balance cybersecurity risks and address compliance requirements?

Question46: Which of the following utilities is MOST suitable for administrative tasks and automation?

Question47: Which type of access control can be modified by a user or data owner?

Question48: Which of the following is the GREATEST risk resulting from a Domain Name System (DNS) cache poisoning attack?

Question49: Before performing a penetration test for a client, it is MOST crucial to ensure:

Question50: As part of a penetration testing program, which team facilitates education and training of architects and developers to encourage better security and awareness?

Question51: An organization uses containerization for its business application deployments, and all containers run on the same host, so they MUST share the same:

Question52: Following a ransomware incident, the network teamprovided a PCAP file, titled ransom.pcap, located in theInvestigations folder on the Desktop.
What is the name of the file containing the ransomwaredemand? Your response must include the fileextension.

Question53: Which of the following is the PRIMARY security related reason to use a tree network topology rather than a bus network topology?

Question54: Most of the operational responsibility remains with the customerin which of the following cloudservice models?

Question55: A nation-state that is employed to cause financial damage on an organization is BEST categorized as:

Question56: Which ruleset can be applied in the /home/administrator/hids/ruleset/rules directory?
Double-click each image to view it larger.


Question57: Which of the following BEST enables an organization to identify potential security threats by monitoring and analyzing network traffic for unusual activity?

Question58: The user of the Accounting workstation reported thattheir calculator repeatedly opens without their input.
The following credentials are used for thisquestion.
Username:Accounting
Password:1x-4cc0unt1NG-x1
Using the provided credentials, SSH to the Accountingworkstation and generate a SHA256 checksum of the filethat triggered RuleName Suspicious PowerShell usingeither certutil or Get-FileHash of the file causing theissue. Copy the hash and paste it below.

Question59: The CISO has received a bulletin from law enforcementauthorities warning that the enterprise may be at risk ofattack from a specific threat actor. Review the bulletin named CCOA Threat Bulletin.pdf on the Desktop.
Which host IP was targeted during the following timeframe: 11:39 PM to 11:43 PM (Absolute) on August
16,2024?

Question60: Which of the following would BCST enable an organization to prioritize remediation activities when multiple vulnerabilities are identified?

Question61: Which of the following is a PRIMARY risk that can be introduced through the use of a site-to-site virtual private network (VPN) with a service provider?

Question62: Which layer ofthe TCP/IP stack promotes the reliable transmission of data?

Question63: Which of the following is a KEY difference between traditional deployment methods and continuous integration/continuous deployment (CI/CD)?

Question64: Which of the following should be completedFIRSTin a data loss prevention (OLP) system implementation project?

Question65: Which of the following is MOST important for maintaining an effective risk management program?