EMT Practice Test
1. Question Content...
Question1: How can an attacker exploit a stack overflow to execute arbitrary code?
Question2: What is the BEST approach to addressing security issues in legacy web applications?
Question4: Which of the following is a responsibility of the information owner?
Question6: Which of the following BEST describles a protection profile (PP)?
Question19: Which of the following is true of Service Organization Control (SOC) reports?
Question20: A vulnerability test on an Information System (IS) is conducted to
Question23: Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?
Question33: Which of the following is used to detect steganography?
Question34: Intellectual property rights are PRIMARY concerned with which of the following?
Question36: Which of the following can be used to calculate the loss event probability?
Question37: Which of the following would an internal technical security audit BEST validate?
Question38: The PRIMARY purpose of accreditation is to:
Question41: What is the MAIN purpose of a change management policy?
Question43: Which of the following is a weakness of Wired Equivalent Privacy (WEP)?
Question46: Which of the following BEST describes the responsibilities of a data owner?
Question48: Which of the following is MOST important when deploying digital certificates?
Question51: Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?
Question53: What does electronic vaulting accomplish?
Question56: A vulnerability in which of the following components would be MOST difficult to detect?
Question57: Secure real-time transport protocol (SRTP) provides security for which of the following?
Question68: What is the PRIMARY role of a scrum master in agile development?
Question73: Who would be the BEST person to approve an organizations information security policy?
Question88: Mandatory Access Controls (MAC) are based on:
Question91: Access to which of the following is required to validate web session management?
Question93: Which one of the following affects the classification of data?
Question95: What are the roles within a scrum methodoligy?
Question108: Which of the following is needed to securely distribute symmetric cryptographic keys?
Question109: What are the roles within a scrum methodology?
Question113: How can an attacker exploit overflow to execute arbitrary code?
Question114: Which of the following is the MOST challenging issue in apprehending cyber criminals?
Question117: Which of the following does Secure Sockets Layer (SSL) encryption protect?
Question124: Which of the following mobile code security models relies only on trust?
Question125: In order to assure authenticity, which of the following are required?
Question130: In fault-tolerant systems, what do rollback capabilities permit?
Question134: Why are mobile devices something difficult to investigate in a forensic examinition?
Question135: What is the MOST critical factor to achieve the goals of a security program?
Question136: Which type of test suite should be run for fast feedback during application develoment?
Question140: Which one of the following describes granularity?
Question141: A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?
Question142: Continuity of operations is BEST supported by which of the following?
Question146: Which of the following media is least problematic with data remanence?
Question148: Why is lexical obfuscation in software development discouraged by many organizations?
Question154: Which of the following is a remote access protocol that uses a static authentication?
Question161: Which of the following describes the BEST configuration management practice?
Question163: Which of the following is a characteristic of convert security testing?
Question166: Where would an organization typically place an endpoint security solution?
Question167: Which of the following is a security limitation of File Transfer Protocol (FTP)?
Question169: Which of the following BEST provides for non-repudiation od user account actions?
Question170: The type of authorized interactions a subject can have with an object is
Question177: When is a Business Continuity Plan (BCP) considered to be valid?
Question190: Who determines the required level of independence for security control Assessors (SCA)?
Question191: Reciprocal backup site agreements are considered to be
Question192: Which of the following steps is performed during the forensic data analysis phase?
Question196: What protocol is often used between gateway hosts on the Internet?
Question198: Which of the following techniques BEST prevents buffer overflows?
Question199: Attack trees are MOST useful for which of the following?
Question202: At a MINIMUM, audits of permissions to individual or group accounts should be scheduled
Question204: What is maintained by using write blocking devices whan forensic evidence is examined?


