EMT Practice Test

1. Question Content...


Question List

Question1: How can an attacker exploit a stack overflow to execute arbitrary code?

Question2: What is the BEST approach to addressing security issues in legacy web applications?

Question3: An organization discovers that its secure file transfer protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization's general information technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?

Question4: Which of the following is a responsibility of the information owner?

Question5: What steps can be taken to prepare personally identifiable information (PII) for processing by a third party?

Question6: Which of the following BEST describles a protection profile (PP)?

Question7: An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Question8: Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider's customers?

Question9: In configuration management, what baseline configuration information MUST be maintained for each computer system?

Question10: Which of the following security testing strategies is BEST suited for companies with low to moderate security maturity?

Question11: Which of the following is the MOST effective practice in managing user accounts when an employee is terminated?

Question12: Which layer of the Open system Interconnect (OSI) model is responsible for secure data transfer between applications, flow control, and error detection and correction?

Question13: In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper connectivity?

Question14: A system administration office desires to implement the following rules:
- An administrator that is designated as a skill level 3, with 5 years
of experience, is allowed to perform system backups, upgrades, and
local administration.
- An administrator that is designated as a skill level 5, with 10 years of experience, is permitted to perform all actions related to system administration.
Which of the following access control methods MUST be implemented to achieve this goal?

Question15: What capability would typically be included in a commercially available software package designed for access control?

Question16: A new Chief Information Officer (CIO) created a group to write a data retention policy based on applicable laws. Which of the following is the PRIMARY motivation for the policy?

Question17: Which security access policy contains fixed security attributes that are used by the system to determine a user's access to a file or object?

Question18: A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate future infections?

Question19: Which of the following is true of Service Organization Control (SOC) reports?

Question20: A vulnerability test on an Information System (IS) is conducted to

Question21: Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?

Question22: Which of the following is the BEST way to protect against structured Query Language (SQL) injection?

Question23: Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?

Question24: What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source?

Question25: Internet protocol security (IPSec), point-to-point tunneling protocol (PPTP), and secure sockets Layer (SSL) all use Which of the following to prevent replay attacks?

Question26: Which of the following is the final phase of the identity and access provisioning lifecycle?

Question27: When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Question28: A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results.
What should be implemented to BEST achieve the desired results?

Question29: Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

Question30: The adoption of an enterprise-wide business continuilty program requires Which of the folllowing?

Question31: A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C.
The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

Question32: Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Question33: Which of the following is used to detect steganography?

Question34: Intellectual property rights are PRIMARY concerned with which of the following?

Question35: The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

Question36: Which of the following can be used to calculate the loss event probability?

Question37: Which of the following would an internal technical security audit BEST validate?

Question38: The PRIMARY purpose of accreditation is to:

Question39: An organization implements a Remote Access Server (RAS). Once users correct to the server, digital certificates are used to authenticate their identity. What type of Extensible Authentication Protocol (EAP) would the organization use dring this authentication?

Question40: An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests. Which contract is BEST in offloading the task from the IT staff?

Question41: What is the MAIN purpose of a change management policy?

Question42: Why do certificate Authorities (CA) add value to the security of electronic commerce transactions?

Question43: Which of the following is a weakness of Wired Equivalent Privacy (WEP)?

Question44: What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization's systems cannot be unavailable for more than 24 hours?

Question45: Which of the following is the GREATEST benefit of implementing a Role Based Access Control (RBAC) system?

Question46: Which of the following BEST describes the responsibilities of a data owner?

Question47: What operations role is responsible for protecting the enterprise from corrupt or contaminated media?

Question48: Which of the following is MOST important when deploying digital certificates?

Question49: Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?

Question50: Which of the following objects should be removed FIRST prior to uploading code to public code repositories?

Question51: Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?

Question52: Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Question53: What does electronic vaulting accomplish?

Question54: What is the threat modeling order using process for Attack simu-lation and threat analysis (PASTA)?

Question55: After a breach incident, investigators narrowed the attack to a specific network administrator's credentials. However, there was no evidence to determine how the hackers obtained the credentials. Much of the following actions could have BEST avoided the above breach per the investigation described above?

Question56: A vulnerability in which of the following components would be MOST difficult to detect?

Question57: Secure real-time transport protocol (SRTP) provides security for which of the following?

Question58: After following the processes defined within the change management plan, a super user has upgraded a device within an Information system.
What step would be taken to ensure that the upgrade did NOT affect the network security posture?

Question59: Which of the following is the BEST identity-as-a-service (IDaaS) solution for validating users?

Question60: Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?

Question61: Which of the following authorization standards is built to handle application programming interface (API) access for Federated identity management (FIM)?

Question62: Which of the following is an initial consideration when developing an information security management system?

Question63: Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?

Question64: Drag and Drop Question
Match the types of e-authentication tokens to their description.
Drag each e-authentication token on the left to its corresponding description on the right.

Question65: In a dispersed network that lacks central control, which of the following is die PRIMARY course of action to mitigate exposure?

Question66: The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.
Which elements are required?

Question67: Which of the following offers the BEST security functionality for transmitting authentication tokens?

Question68: What is the PRIMARY role of a scrum master in agile development?

Question69: Information security metrics provide the GREATEST value tp management when based upon the security manager's knowledge of which of the following?

Question70: A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process?

Question71: A security engineer is tasked with implementing a new identity solution. The client doesn't want to install or maintain the infrastructure. Which of the following would qualify as the BEST solution?

Question72: What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique?

Question73: Who would be the BEST person to approve an organizations information security policy?

Question74: All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Question75: When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?

Question76: A security team member was selected as a member of a Change Control Board (CCB) for an organization. Which of the following is one of their responsibilities?

Question77: With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question78: An organization that has achieved a Capability Maturity model Integration (CMMI) level of 4 has done which of the following?

Question79: Which of the following are effective countermeasures against passive network-layer attacks?

Question80: Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Question81: What Is the FIRST step for a digital investigator to perform when using best practices to collect digital evidence from a potential crime scene?

Question82: When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?

Question83: An organization publishes and periodically updates its employee policies in a file on their intranet.
Which of the following is a PRIMARY security concern?

Question84: Which of the following is the BEST way to protect against structured Query language (SQL) injection?

Question85: Which of the following is critical if an empolyee is dismissed due to violation of an organization's acceptable use policy (Aup) ?

Question86: Which of the following provides the MOST comprehensive filtering of Peer-to-Peer (P2P) traffic?

Question87: Directive controls are a form of change management policy and procedures. Which of the following subsections are recommended as part of the change management process?

Question88: Mandatory Access Controls (MAC) are based on:

Question89: Which step of the Risk Management Framework (RMF) identifies the initial set of baseline security controls?

Question90: Individuls have been identified and determined as having a need-to-know for the information.
Which of the following access control methods MUST include a consistent set of rules for controlling and limiting access?

Question91: Access to which of the following is required to validate web session management?

Question92: Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?

Question93: Which one of the following affects the classification of data?

Question94: Which layer handle packet fragmentation and reassembly in the Open system interconnection (OSI) Reference model?

Question95: What are the roles within a scrum methodoligy?

Question96: How does Encapsulating Security Payload (ESP) in transport mode affect in the Internet Protocol (IP)?

Question97: Which of the following questions will be addressed through the use of a Privacy Impact Assessment (PIA)?

Question98: Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Question99: Which of the following is a strategy of grouping requirements in developing a security test and Evolution (ST&E)?

Question100: Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Which of the following BEST describes the access control methodology used?

Question101: Which of the following is the PRIMARY benefit of a formalized information classification program?

Question102: Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?

Question103: Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

Question104: Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?

Question105: Which of the following authorization standards is built to handle Application programming Interface (API) access for federated Identity management (FIM)?

Question106: Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)?

Question107: Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

Question108: Which of the following is needed to securely distribute symmetric cryptographic keys?

Question109: What are the roles within a scrum methodology?

Question110: An organization is required to comply with the Payment Card Industry Data Security Standard (PCI-DSS), what is the MOST effective approach to safeguard digital and paper media that contains cardholder data?

Question111: Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Question112: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions.
Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will MOST likely allow the organization to keep risk at an acceptable level?

Question113: How can an attacker exploit overflow to execute arbitrary code?

Question114: Which of the following is the MOST challenging issue in apprehending cyber criminals?

Question115: Which of the following is the MOST important security goal when performing application interface testing?

Question116: What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?

Question117: Which of the following does Secure Sockets Layer (SSL) encryption protect?

Question118: An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?

Question119: Which of the following is used to support the of defense in depth during development phase of a software product?

Question120: Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?

Question121: Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals?

Question122: An organization implements a remote access server (RAS), Once users connect to the server, digital certificates are used to authenticate their identity. What type of extensible Authentication protocol (EAP) would the organization use during this authentication?

Question123: When conduting a security assessment of access controls , Which activity is port of the data analysis phase?

Question124: Which of the following mobile code security models relies only on trust?

Question125: In order to assure authenticity, which of the following are required?

Question126: Which security modes is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data?

Question127: In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of

Question128: Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?

Question129: Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation?

Question130: In fault-tolerant systems, what do rollback capabilities permit?

Question131: Which of the following is an attacker MOST likely to target to gain privileged access to a system?

Question132: What is a consideration when determining the potential impact an organization faces in the event of the loss of confidentiality of Personally Identifiable Information (PII)?

Question133: In order for application developers to detect potential vulnerabilities earlier during the Software Development Life Cycle (SDLC), which of the following safeguards should be implemented FIRST as part of a comprehensive testing framework?

Question134: Why are mobile devices something difficult to investigate in a forensic examinition?

Question135: What is the MOST critical factor to achieve the goals of a security program?

Question136: Which type of test suite should be run for fast feedback during application develoment?

Question137: Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved?

Question138: A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating system (OS) was not properly detected.
Where in the vulnerability assessment process did the error MOST likely occur?

Question139: A continuous information security monitoring program can BEST reduce risk through which of the following?

Question140: Which one of the following describes granularity?

Question141: A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?

Question142: Continuity of operations is BEST supported by which of the following?

Question143: Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?

Question144: Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?

Question145: Company A is evaluating new software to replace an in-house developed application. During the acquisition process. Company A specified the security retirement, as well as the functional requirements. Company B responded to the acquisition request with their flagship product that runs on an Operating System (OS) that Company A has never used nor evaluated. The flagship product meets all security -and functional requirements as defined by Company A.
Based upon Company B's response, what step should Company A take?

Question146: Which of the following media is least problematic with data remanence?

Question147: Security categorization of a new system takes place during which phase of the Systems Development Life Cycle (SDLC)?

Question148: Why is lexical obfuscation in software development discouraged by many organizations?

Question149: What can happen when an Intrusion Detection System (IDS) is installed inside a firewall- protected internal network?

Question150: What type of access control determines the authorization to resource based on pre-defined job titles within an organization?

Question151: An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Question152: An organization is outsourcing its payroll system and is requesting to conduct a full audit on the third-party information technology (IT) systems. During the due diligence process, the third party provides previous audit report on its IT system. Which of the following MUST be considered by the organization in order for the audit reports to be acceptable?

Question153: The core component of Role Based Access control (RBAC) must be constructed of defined data elements, Which elements are requried?

Question154: Which of the following is a remote access protocol that uses a static authentication?

Question155: Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?

Question156: Additional padding may be added to the Encapsulating security protocol (ESP) trailer to provide which of the following?

Question157: Which of the following is a credible source to validate that security testing of Commercial Off-The- Shelf (COTS) software has been performed with international standards?

Question158: Digital certificates used transport Layer security (TLS) supprot which of the following?

Question159: Drag and Drop Question
Given a file containing ordered number, i.e. "123456789," match each of the following redundant Array of independent Disks (RAID) levels to the corresponding visual representation visual representation. Note: P() = parity.
Drag each level to the appropriate place on the diagram.

Question160: Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?

Question161: Which of the following describes the BEST configuration management practice?

Question162: A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

Question163: Which of the following is a characteristic of convert security testing?

Question164: In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

Question165: A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

Question166: Where would an organization typically place an endpoint security solution?

Question167: Which of the following is a security limitation of File Transfer Protocol (FTP)?

Question168: What is the MOST effective way to determine a mission critical asset in an organization?

Question169: Which of the following BEST provides for non-repudiation od user account actions?

Question170: The type of authorized interactions a subject can have with an object is

Question171: When a flaw in Industrial control (ICS) software is discovered, what is the GREATEST impediment to deploying a patch?

Question172: Which one of the following is an advantage of an effective release control strategy from a configuration control standpoint?

Question173: Which of the following are the FIRST two steps to securing employees from threats involving workplace violence and acts of terrorism?

Question174: Physical assets defined in an organization's Business Impact Analysis (BIA) could include which of the following?

Question175: Which of the following is the FIRST thing to consider when reviewing Information Technology (IT) internal controls?

Question176: Which of the following techniques is MOST useful when dealing with Advanced persistent Threat (APT) intrusions on live virtualized environments?

Question177: When is a Business Continuity Plan (BCP) considered to be valid?

Question178: Which of the following is the MOST efficient mechanism to account for all staff during a speedy non- emergency evacuation from a large security facility?

Question179: An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?

Question180: Which of the following is the BEST reason to apply patches manually instead of automated patch management?

Question181: Which of the following findings would MOST likely indicate a high risk in a vulnerability assessment report?

Question182: A security professional recommends that a company integrate threat modeling into its Agile development processes. Which of the following BEST describes the benefits of this approach?

Question183: As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

Question184: When a system changes significantly, who is PRIMARILY responsible for assessing the security impact?

Question185: When developing a business case for updating a security program, the security program owner MUST do which of the following?

Question186: Drag and Drop Question
What is the correct order of steps in an information security assessment?
Place the information security assessment steps on the left next to the numbered boxes on the right in the correct order.

Question187: What MUST each information owner do when a system contains data from multiple information owners?

Question188: Due to system constraints, a group of system administrators must share a high-level access set of credentials.
Which of the following would be MOST appropriate to implement?

Question189: Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?

Question190: Who determines the required level of independence for security control Assessors (SCA)?

Question191: Reciprocal backup site agreements are considered to be

Question192: Which of the following steps is performed during the forensic data analysis phase?

Question193: Which of the following will have the MOST influence on the definition and creation of data classification and data ownership policies?

Question194: Which of the following technologies would provide the BEST alternative to anti-malware software?

Question195: Which of the following techniques is known to be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections?

Question196: What protocol is often used between gateway hosts on the Internet?

Question197: Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?

Question198: Which of the following techniques BEST prevents buffer overflows?

Question199: Attack trees are MOST useful for which of the following?

Question200: What technique used for spoofing the origin of an email can successfully conceal the sender s Internet Protocol (IP) address?

Question201: Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Question202: At a MINIMUM, audits of permissions to individual or group accounts should be scheduled

Question203: When using Security Assertion markup language (SAML), it is assumed that the principal subject

Question204: What is maintained by using write blocking devices whan forensic evidence is examined?

Question205: Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?

Question206: If virus infection is suspected, which of the following is the FIRST step for the user to take?

Question207: Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

Question208: Which of the following is the PRIMARY risk associated with Extensible Markup Language (XML) applications?

Question209: What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?

Question210: Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

Question211: Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Question212: The process of "salting" a password is designed to increase the difficulty of cracking which of the following?

Question213: A group of organizations follows the same access standards and practices. One manages the verification and due diligence processes for the others. For a user to access a resource from one of the organizations, a check is made to see if that user has been certified. Which Federated Identity Management (FIM) process is this an example of?