EMT Practice Test
1. Question Content...
Question6: Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?
Question14: What is the ultimate objective of information classification?
Question15: What does secure authentication with logging provide?
Question17: Which of the following analyses is performed to protect information assets?
Question19: Which of the following threats exists with an implementation of digital signatures?
Question24: At a MINIMUM, audits of permissions to individual or group accounts should be scheduled
Question26: Mandatory Access Controls (MAC) are based on:
Question27: Which of the following initiates the systems recovery phase of a disaster recovery plan?
Question35: Which of the following is a remote access protocol that uses a static authentication?
Question36: Which of the following is the MOST beneficial to review when performing an IT audit?
Question38: Which of the following is an appropriate source for test data?
Question39: What is the difference between media marking and media labeling?
Question40: What should an auditor do when conducting a periodic audit on media retention?
Question45: When can a security program be considered effective?
Question51: Why must all users be positively identified prior to using multi-user computers?
Question53: Which of the following is true of Service Organization Control (SOC) reports?
Question57: What does the Maximum Tolerable Downtime (MTD) determine?
Question58: Which type of fire alarm system sensor is intended to detect fire at its earliest stage?
Question60: A disadvantage of an application filtering firewall is that it can lead to
Question63: What is the foundation of cryptographic functions?
Question78: What is the PRIMARY purpose of auditing, as it relates to the security review cycle?
Question87: Which one of the following is a common risk with network configuration management?
Question89: Secure real-time transport protocol (SRTP) provides security for which of the following?
Question90: When is a Business Continuity Plan (BCP) considered to be valid?
Question91: Data leakage of sensitive information is MOST often concealed by which of the following?
Question95: Single Sign-On (SSO) is PRIMARILY designed to address which of the following?
Question96: Which of the following is the MOST crucial for a successful audit plan?
Question102: Logical access control programs are MOST effective when they are
Question110: Individual access to a network is BEST determined based on
Question114: Which of the following is a method of attacking internet (IP) v6 Layer 3 and Layer 4 ?
Question117: Which of the following will accomplish Multi-Factor Authentication (MFA)?
Question119: Which of the following is a PRIMARY challenge when running a penetration test?
Question121: Which of the following is used to detect steganography?
Question129: Which of the following is the MOST difficult to enforce when using cloud computing?
Question131: What is the purpose of an Internet Protocol (IP) spoofing attack?
Question134: An organization's information security strategic plan MUST be reviewed
Question140: What is one way to mitigate the risk of security flaws in custom software?
Question144: What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?
Question146: Which one of the following affects the classification of data?
Question147: Which of the following is the FIRST step during digital identity provisioning?
Question148: Which of the following is a characteristic of convert security testing?
Question150: Why are mobile devices something difficult to investigate in a forensic examination?
Question152: Discretionary Access Control (DAC) restricts access according to
Question157: What are the roles within a scrum methodoligy?
Question158: Which of the following steps is performed during the forensic data analysis phase?
Question166: What is the FIRST step required in establishing a records retention program?
Question167: In order for a security policy to be effective within an organization, it MUST include
Question177: The PRIMARY purpose of a security awareness program is to
Question178: Which of the following methods provides the MOST protection for user credentials?
Question180: Which of the following would an internal technical security audit BEST validate?
Question183: With data labeling, which of the following MUST be the key decision maker?
Question185: Are companies legally required to report all data breaches?
Question187: The overall goal of a penetration test is to determine a system's
Question196: In a basic SYN flood attack, what is the attacker attempting to achieve?
Question198: The BEST method to mitigate the risk of a dictionary attack on a system is to
Question206: Data remanence is the biggest threat in which of the following scenarios?
Question213: Which of the following is the PRIMARY issue when analyzing detailed log information?
Question215: Which of the following is a responsibility of a data steward?
Question218: Which of the following is the MOST common method of memory protection?
Question219: Copyright provides protection for which of the following?
Question222: Which of the following MUST be in place to recognize a system attack?
Question225: Which of the following techniques is effective to detect taps in fiber optic cables?
Question237: Reciprocal backup site agreements are considered to be
Question241: What does a Synchronous (SYN) flood attack do?
Question245: Which of the following is the BEST technique to facilitate secure software development?
Question247: What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Question250: Which of the following is the MAIN reason for using configuration management?
Question262: What is the PRIMARY goal of fault tolerance?
Question263: The 802.1x standard provides a framework for what?
Question269: Which of the following is most helpful in applying the principle of LEAST privilege?
Question274: What is the MOST efficient way to secure a production program and its data?
Question275: Passive Infrared Sensors (PIR) used in a non-climate controlled environment should
Question278: Determining outage costs caused by a disaster can BEST be measured by the
Question283: What does an organization FIRST review to assure compliance with privacy requirements?
Question287: Which of the following is the MAIN goal of a data retention policy?
Question288: What Is the FIRST step in establishing an information security program?
Question290: The PRIMARY security concern for handheld devices is the
Question293: What is the MOST common component of a vulnerability management framework?
Question298: Which of the following BEST provides for non-repudiation od user account actions?








