Page |1
SANS - SEC 301 and CCNA Learning Set
Questions and Correct Answers/ Latest
Update / Already Graded
Everyone can do everything they need to do and nothing more.
Bradley Manning - WikiLeaks Target - HVAC hack
Ans: Principle of Least Privilege
The cornerstone of all security: Everyting done in security addresses
one or more of these three things
Confidentiality, Integrity, availability
Confidentiality - Only those who need to access something can; ties
into principle of least privilege
Integrity - data is edited correctly and by the right people. Failure ex.:
Delta $5 tickets round trip tickets to anywhere Delta flies/attach on
pricing database
Availability - If you cannot use it, why do you have it?
Ans: CIA Triad
Pharmaceuticals and government, research
Ans: Confidentiality
All rights reserved © 2025/ 2026 |
, Page |2
Financials maintained in part by confidentiality
Ans: Integrity
eCommerce Ex. Amazon make $133,000/per minute thus denial of
service is critical business impact; power company need to keep lights
on = availability issue
Ans: Availability
Authentication, Authorization, Accountability
Ans: AAA
Detailed steps to make policy happen
Ans: Procedure
Policy, Procedure and Training
Ans: PPT
Users must know what policies and procedures say to follow them.
Ans: Training
All rights reserved © 2025/ 2026 |
, Page |3
Broad general statement of management's intent to protect
information
Ans: Policy
A security professional needs to be:
1/3 technologist
1/3 manager
1/3 lawyer
-Tkhis is the perfect summation of the career field.
-Technology supports security efforts
-Management decisions (and budgets) drive security
-Legal issues mandate security requirements
Ans: Security by Thirds
Senior Mgmt:
-Has legal responsibility to protect the assets of the org:
That give him the ultimate responsibility for security
-Authority can be delegated - responsibility cannot be
Data owner - person or office with primary responsibility for data;
owners determine classification, protective measures and more
All rights reserved © 2025/ 2026 |
, Page |4
Data custodian - the person/group that implement the controls; make
the decisions of the owner happens
Users - use data; are also automatically data custodians
Ans: Security Roles and Responsiblities
safety of people
Ans: Number 1 Goal of Security
years ago: teenagers
today: we face organized crime and nation states
-well funded
-highly motivated
disgruntled insider: difficult to counter; tends to be subtle; often
damaging or even devastating
Accidental insider: common; also tend to be subtle; in aggregate - even
ore damaging
All rights reserved © 2025/ 2026 |
SANS - SEC 301 and CCNA Learning Set
Questions and Correct Answers/ Latest
Update / Already Graded
Everyone can do everything they need to do and nothing more.
Bradley Manning - WikiLeaks Target - HVAC hack
Ans: Principle of Least Privilege
The cornerstone of all security: Everyting done in security addresses
one or more of these three things
Confidentiality, Integrity, availability
Confidentiality - Only those who need to access something can; ties
into principle of least privilege
Integrity - data is edited correctly and by the right people. Failure ex.:
Delta $5 tickets round trip tickets to anywhere Delta flies/attach on
pricing database
Availability - If you cannot use it, why do you have it?
Ans: CIA Triad
Pharmaceuticals and government, research
Ans: Confidentiality
All rights reserved © 2025/ 2026 |
, Page |2
Financials maintained in part by confidentiality
Ans: Integrity
eCommerce Ex. Amazon make $133,000/per minute thus denial of
service is critical business impact; power company need to keep lights
on = availability issue
Ans: Availability
Authentication, Authorization, Accountability
Ans: AAA
Detailed steps to make policy happen
Ans: Procedure
Policy, Procedure and Training
Ans: PPT
Users must know what policies and procedures say to follow them.
Ans: Training
All rights reserved © 2025/ 2026 |
, Page |3
Broad general statement of management's intent to protect
information
Ans: Policy
A security professional needs to be:
1/3 technologist
1/3 manager
1/3 lawyer
-Tkhis is the perfect summation of the career field.
-Technology supports security efforts
-Management decisions (and budgets) drive security
-Legal issues mandate security requirements
Ans: Security by Thirds
Senior Mgmt:
-Has legal responsibility to protect the assets of the org:
That give him the ultimate responsibility for security
-Authority can be delegated - responsibility cannot be
Data owner - person or office with primary responsibility for data;
owners determine classification, protective measures and more
All rights reserved © 2025/ 2026 |
, Page |4
Data custodian - the person/group that implement the controls; make
the decisions of the owner happens
Users - use data; are also automatically data custodians
Ans: Security Roles and Responsiblities
safety of people
Ans: Number 1 Goal of Security
years ago: teenagers
today: we face organized crime and nation states
-well funded
-highly motivated
disgruntled insider: difficult to counter; tends to be subtle; often
damaging or even devastating
Accidental insider: common; also tend to be subtle; in aggregate - even
ore damaging
All rights reserved © 2025/ 2026 |
