EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following threats exists with an implementation of digital signatures?

Question2: Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection?

Question3: As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?

Question4: Users require access rights that allow them to view the average salary of groups of employees.
Which control would prevent the users from obtaining an individual employee's salary?

Question5: Which of the following are core categories of malicious attack against Internet of Things (IOT) devices?

Question6: An organization publishes and periodically updates its employee policies in a file on their intranet.
Which of the following is a PRIMARY security concern?

Question7: Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Question8: Which of the following would an internal technical security audit BEST validate?

Question9: What is the PRIMARY reason for implementing change management?

Question10: The PRIMARY purpose of accreditation is to:

Question11: The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?

Question12: Which of the following Service Organization Control (SOC) report types should an organization request if they require a period of time report covering security and availability for a particular system?

Question13: An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests. Which contract is BEST in offloading the task from the IT staff?

Question14: Which of the following is the MOST important security goal when performing application interface testing?

Question15: Which of the following is the BEST reason to apply patches manually instead of automated patch management?

Question16: A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled. Why did the network architect likely design the VoIP system with gratuitous ARP disabled?

Question17: Which of the following is the weakest form of protection for an application that handles Personally Identifiable Information (PII)?

Question18: Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?

Question19: When deploying en Intrusion Detection System (IDS) on a high-volume network, the need to distribute the load across multiple sensors would create which technical problem?

Question20: Which of the following initiates the systems recovery phase of a disaster recovery plan?

Question21: What is the MAIN reason for having a developer sign a Non-Disclosure Agreement (NDA)?

Question22: A criminal organization is planning an attack on a government network. Which of the following is the MOST severe attack to the network availability?

Question23: Although code using a specific program language may not be susceptible to a buffer overflow attack,

Question24: Which of the following alarm systems is recommended to detect intrusions through windows in a high- noise, occupied environment?

Question25: Which of the following is critical if an employee is dismissed due to violation of an organization's Acceptable Use Policy (ALP)?

Question26: Which of the following is MOST important when deploying digital certificates?

Question27: From an asset security perspective, what is the BEST countermeasure to prevent data theft due to data remanence when a sensitive data storage media is no longer needed?

Question28: Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Question29: Which of the following should be included in a hardware retention policy?
Which of the following should be included in a hardware retention policy?

Question30: Which of the following is a direct monetary cost of a security incident?

Question31: An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?

Question32: Which of the following is the BEST metric to obtain when gaining support for an Identify and Access Management (IAM) solution?

Question33: Which of the following is a common characteristic of privacy?

Question34: As a security manger which of the following is the MOST effective practice for providing value to an organization?

Question35: Which of the following is the GREATEST benefit of implementing a Role Based Access Control (RBAC) system?

Question36: What is a warn site when conducting Business continuity planning (BCP)

Question37: An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses?

Question38: Which of the following is an initial consideration when deveoping an information security management system (ISMS)?

Question39: Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?

Question40: Which of the following should be included a hardware retention policy?

Question41: What is the FIRST action a security professional needs to take while assessing an organization's asset security in order to properly classify and protect access to data?

Question42: Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Question43: How does identity as a service (IDaaS) provide an easy mechanism for integrating identity service into individual applications with minimal development effort?

Question44: Which of the following attacks is dependent upon the compromise of a secondary target in order to reach the primary target?

Question45: Digital certificates used in Transport Layer Security (TLS) support which of the following?

Question46: Which of the following practices provides the development of security and identification of threats in designing software?

Question47: How is remote authentication Dial-In user service (RADIUS) authentication accomplished?

Question48: In which identity management process is the subject's identity established?

Question49: All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Question50: Mandatory Access Controls (MAC) are based on:

Question51: A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

Question52: What is the FIRST step requird in establishing a records retention program?

Question53: Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates?

Question54: A security team member was selected as a member of a Change Control Board (CCB) for an organization. Which of the following is one of their responsibilities?

Question55: Which of the following media sanitization techniques is MOST likely to be effective for an organization using public cloud services?

Question56: An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Question57: Which of the following authorization standards is built to handle application programming interface (API) access for Federated identity management (FIM)?

Question58: During a recent assessment an organization has discovered that the wireless signal can be detected outside the campus area. What logical control should be implemented in order to BFST protect One confidentiality of information traveling One wireless transmission media?

Question59: What is a consideration when determining the potential impact an organization faces in the event of the loss of confidentiality of Personally Identifiable Information (PII)?

Question60: Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider's customers?

Question61: The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?

Question62: Which of the following is part of a Trusted Platform Module (TPM)?

Question63: What is the MOST effective way to determine a mission critical asset in an organization?

Question64: copyright provides protection for which of the following?

Question65: Utilizing a public wireless Local Area network (WLAN) to connect to a private network should be done only in which of the following situations?

Question66: Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique?

Question67: A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.
Which of the following is the GREATEST impact on security for the network?

Question68: Which of the following techniques BEST prevents buffer overflows?

Question69: Which is the second phase of public key Infrastructure (pk1) key/certificate life-cycle management?

Question70: Which of the following is an accurate statement when an assessment results in the discovery of vulnerabilities in a critical network component?

Question71: Which of the following is the PRIMARY risk associated with Extensible Markup Language (XML) applications?

Question72: Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?

Question73: Which of the following security testing strategies is BEST suited for companies with low to moderate security maturity?

Question74: An employee receives a promotion that entities them to access higher-level functions on the company's accounting system, as well as keeping their access to the previous system that is no longer needed or applicable. What is the name of the process that tries to remove this excess privilege?

Question75: A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system?

Question76: An organization is required to comply with the Payment Card Industry Data Security Standard (PCI-DSS), what is the MOST effective approach to safeguard digital and paper media that contains cardholder data?

Question77: A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?

Question78: Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Which of the following BEST describes the access control methodology used?

Question79: What determines the level of security of a combination lock?

Question80: When developing a business case for updating a security program, the security program owner MUST do which of the following?

Question81: Which of the following is the BEST approach for a forensic examiner to obtain the greatest amount of relevant information form malicious software?

Question82: For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data?

Question83: Which of the following MUST a security policy include to be effective within an organization?

Question84: Which of the following is a common measure within a Local Area Network (LAN) to provide en additional level of security through segmentation?

Question85: Where would an organization typically place an endpoint security solution?

Question86: Which of the following is the MOST important reason for timely installation of software patches?

Question87: A project requires the use of en authentication mechanism where playback must be protected and plaintext secret must be used. Which of the following should be used?

Question88: An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?

Question89: Which of the following is the MOST crucial for a successful audit plan?

Question90: A company has decided that they need to begin maintaining assets deployed in the enterprise.
What approach should be followed to determine and maintain ownership information to bring the company into compliance?

Question91: In The Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?

Question92: Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Question93: Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

Question94: An advantage of link encryption in a communications network is that it

Question95: An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Question96: Which would result in the GREATEST import following a breach to a cloud environmet?

Question97: As a best practice, the Security Assessment Report (SAR) should include which of the following sections?

Question98: At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Question99: Which of the following is the BEST identity-as-a-service (IDaaS) solution for validating users?

Question100: When selecting a disk encryption technology, which of the following MUST also be assured to be encrypted?

Question101: What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?

Question102: What is the expected outcome of security awareness in support of a security awareness program?

Question103: Asymmetric algorithms are used for which of the following when using Secure Sockets Layer/Transport Layer Security (SSL/TLS) for implementing network security?

Question104: A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report.
In which phase of the assessment was this error MOST likely made?

Question105: Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?

Question106: Which of the following global privacy legislation principles ensures that data handling policies and the name of the data controller are easily accessible to the public?

Question107: Which of the following controls is the most for a system identified as critical in terms of data and function to the organization?

Question108: What is the motivation for use of the Online Certificate Status Protocol (OCSP)?

Question109: Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Question110: What is the threat modeling order using process for Attack simu-lation and threat analysis (PASTA)?

Question111: Drag and Drop Question
Drag the following Security Engineering terms on the left to the BEST definition on the right.

Question112: Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?

Question113: An organization implements a remote access server (RAS), Once users connect to the server, digital certificates are used to authenticate their identity. What type of extensible Authentication protocol (EAP) would the organization use during this authentication?

Question114: What Is the FIRST step for a digital investigator to perform when using best practices to collect digital evidence from a potential crime scene?

Question115: Which of the following four iterative steps are conducted on third-party vendors in an on-going basis?

Question116: What does electronic vaulting accomplish?

Question117: What access control scheme uses fine-grained rules to specify the conditions under which access to each data item or applications is granted?

Question118: Which of the following is the MOST important activity an organization performs to ensure that security is part of the overall organization culture?

Question119: An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is

Question120: Which of the following BEST describes how access to a system is granted to federated user accounts?

Question121: What is the PRIMARY goal of fault tolerance?

Question122: Which of the following is an example of two-factor authentication?

Question123: Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?

Question124: A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?

Question125: Company A is evaluating new software to replace an in-house developed application. During the acquisition process. Company A specified the security retirement, as well as the functional requirements. Company B responded to the acquisition request with their flagship product that runs on an Operating System (OS) that Company A has never used nor evaluated. The flagship product meets all security -and functional requirements as defined by Company A.
Based upon Company B's response, what step should Company A take?

Question126: A security practitioner is tasked with securing the organization's Wireless Access Points (WAP).
Which of these is the MOST effective way of restricting this environment to authorized users?

Question127: Which of the following mandates the amount and complexity of security controls applied to a security risk?

Question128: A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files?

Question129: Which of the following in the BEST way to reduce the impect of an externlly sourced flood attack?

Question130: Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?

Question131: What are the roles within a scrum methodoligy?

Question132: How can a security engineer maintain network separation from a secure environment while allowing remote users to work in the secure environment?

Question133: Drag and Drop Question
Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength.
Drag the authentication type on the correct positions on the right according to strength from weakest to strongest.

Question134: A vulnerability test on an Information System (IS) is conducted to

Question135: Which of the following is needed to securely distribute symmetric cryptographic keys?

Question136: Copyright provides protection for which of the following?

Question137: An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective?

Question138: What does a Synchronous (SYN) flood attack do?

Question139: Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Question140: Which of the following is generally indicative of a replay attack when dealing with biometric authentication?

Question141: Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?

Question142: Which of the following is critical if an empolyee is dismissed due to violation of an organization's acceptable use policy (Aup) ?

Question143: Which of the following is the GREATEST security risk associated with the use of identity as a service (IDaaS) when an organization is developing its own software?

Question144: Which of the following MOST applies to session initiation protocal (SIP) security?

Question145: Which one of the following affects the classification of data?

Question146: Which of the following is used to support the of defense in depth during development phase of a software product?

Question147: Which of the following is the PRIMARY consideration when determining the frequency an automated control should be assessed or monitored?

Question148: An organization wants to enable uses to authenticate across multiple security domains. To accomplish this they have decided to use Federated Identity Management (F1M). Which of the following is used behind the scenes in a FIM deployment?

Question149: When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Question150: Which of the following is a characteristic of convert security testing?

Question151: If virus infection is suspected, which of the following is the FIRST step for the user to take?

Question152: Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Question153: Which of the following will help identify the source internet protocol (IP) address of malware being exected on a computer?

Question154: An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?

Question155: In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper connectivity?

Question156: Which of the following is an advantage of on-premise Credential Management Systems?

Question157: Drag and Drop Question
Match the types of e-authentication tokens to their description.
Drag each e-authentication token on the left to its corresponding description on the right.

Question158: What is the PRIMARY benefit of analyzing the partition layout of a hard disk volume when performing forensic analysis?

Question159: When conducting a forensic criminal investigation on a computer had drive, what should be dene PRIOR to analysis?

Question160: When should the software Quality Assurance (QA) team feel confident that testing is complete?

Question161: What does the Maximum Tolerable Downtime (MTD) determine?

Question162: Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Question163: Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

Question164: Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?

Question165: During a Disaster Recovery (DR) assessment, additional coverage for assurance is required.
What should en assessor do?

Question166: Why do certificate Authorities (CA) add value to the security of electronic commerce transactions?

Question167: Which of the following presents the PRIMARY concern to an organiztion when setting up a federated single sign-on (SSO) solution with another

Question168: When adopting software as a service (Saas), which security responsibility will remain with remain with the adopting organization?

Question169: Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

Question170: Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Question171: During a fingerprint verification process, which of the following is used to verify identity and authentication?

Question172: The goal of a Business Impact Analysis (BIA) is to determine which of the following?

Question173: Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

Question174: What should be used immediately after a Business Continuity Plan (BCP) has been invoked?

Question175: Which of the following has the GREATEST Impact on an organization's security posture?

Question176: Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?

Question177: What type of access control determines the authorization to resource based on pre-defined job titles within an organization?

Question178: Which of the following is the MOST challenging issue in apprehending cyber criminals?

Question179: An organization operates a legacy Industrial Control System (ICS) to support its core business service, which carrot be replaced. Its management MUST be performed remotely through an administrative console software, which in tum depends on an old version of the Java Runtime Environment (JPE) known to be vulnerable to a number of attacks, How is this risk BEST managed?

Question180: Which of the following can be used to calculate the loss event probability?

Question181: Which of the following is the MOST common method of memory protection?

Question182: Which step of the Risk Management Framework (RMF) identifies the initial set of baseline security controls?

Question183: What is the MAIN purpose for writing planned procedures in the design of Business Continuity Plans (BCP)?

Question184: Passive Infrared Sensors (PIR) used in a non-climate controlled environment should

Question185: Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?

Question186: Which of the following will help prevent improper session handling?

Question187: Which of the following is the FIRST step in the incident response process?

Question188: When conveying the results of a security assessment, which of the following is the PRIMARY audience?

Question189: How does Encapsulating Security Payload (ESP) in transport mode affect in the Internet Protocol (IP)?

Question190: A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need?

Question191: Which open standard could l large corporation deploy for authorization services for single sign-on (SSO) use across multiple internal and external application?

Question192: Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint?

Question193: In which of the following programs is it MOST important to include the collection of security process data?

Question194: A vulnerability in which of the following components would be MOST difficult to detect?

Question195: Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

Question196: Which of the following is the BEST statement for a professional to include as port of businees continuity (BC) procedure?

Question197: It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?

Question198: Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow?

Question199: When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?

Question200: A security professional recommends that a company integrate threat modeling into its Agile development processes. Which of the following BEST describes the benefits of this approach?

Question201: Reciprocal backup site agreements are considered to be

Question202: Which is the MOST critical aspect of computer-generated evidence?

Question203: What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?

Question204: Which is the RECOMMENDED configuration mode for sensors for an intrusion prevention system (IPS) if the prevention capabilities will be used?

Question205: Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/ Internet Protocol (TCP/IP) traffic?

Question206: Functional security testing is MOST critical during which phase of the system development life cycle (SDLC)?

Question207: Which of the following are the FIRST two steps to securing employees from threats involving workplace violence and acts of terrorism?

Question208: Which of the following is a characteristic of a challenge/respones authentication process?

Question209: A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

Question210: Internet protocol security (IPSec), point-to-point tunneling protocol (PPTP), and secure sockets Layer (SSL) all use Which of the following to prevent replay attacks?

Question211: An organization implements a Remote Access Server (RAS). Once users correct to the server, digital certificates are used to authenticate their identity. What type of Extensible Authentication Protocol (EAP) would the organization use dring this authentication?

Question212: What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

Question213: Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?

Question214: Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP).
Which of the following represents a valid measure to help protect the network against unauthorized access?

Question215: Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?

Question216: Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?

Question217: When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?