EMT Practice Test

1. Question Content...


Question List

Question1: An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Question2: In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Question3: What is the MOST important consideration from a data security perspective when an organization plans to relocate?

Question4: Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Question5: Which of the following represents the GREATEST risk to data confidentiality?

Question6: A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

Question7: Which of the following could cause a Denial of Service (DoS) against an authentication system?

Question8: Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Question9: A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its
20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Question10: Which of the following is a PRIMARY advantage of using a third-party identity service?

Question11: What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

Question12: Which of the following mobile code security models relies only on trust?

Question13: What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Question14: Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Question15: An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Question16: The use of private and public encryption keys is fundamental in the implementation of which of the following?

Question17: At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Question18: Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary?

Question19: Which of the following is an initial consideration when developing an information security management system?

Question20: Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Question21: Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Question22: Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Question23: An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Question24: A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation.
What MUST an administrator review to audit a user's access to data files?

Question25: Which security service is served by the process of encryption plaintext with the sender's private key and decrypting cipher text with the sender's public key?

Question26: What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

Question27: Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Question28: Who in the organization is accountable for classification of data information assets?

Question29: Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

Question30: Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Question31: What is the PRIMARY reason for implementing change management?

Question32: In which of the following programs is it MOST important to include the collection of security process data?

Question33: With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question34: Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

Question35: What is the purpose of an Internet Protocol (IP) spoofing attack?

Question36: What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?