1
SANS - SEC530 Questions with Answers (100% Correct
Answers)
Which of the following is a recommended USB keyboard mitigation for
sites requiring high security?
A) Disable USB ports in the system.
B) Restrict USB devices with approved PIDs and VIDs.
C) Block the USB devices physically.
D) Restrict USB devices with approved user accounts. Answer: C) Block
the USB devices physically.
Which of the following Cisco IOS commands is used to shut the port
down automatically when the maximum number of MAC addresses is
exceeded?
A) switchport port-security violation shutdown
B) switchport port-security limit rate source-mac-shutdown
C) switchport port-security violation auto-shutdown
© 2025 All rights reserved
,2
D) switchport port-security mac-exceed-port-shutdown Answer: A)
switchport port-security violation shutdown
What is a common failing associated with focusing only on compliance-
drive security?
A) Compliance-driven security tends to focus only on hardening
internal systems.
B) Compliance-driven security tends to focus only on hardening the
perimeter.
C) Compliance-driven security tends to be costly in terms of solutions
and resources.
D) Compliance-driven security tends to fail in the face of a persistent
adversary. Answer: D) Compliance-driven security tends to fail in the
face of a persistent adversary.
Which of the following is described by Lockheed Martin as a
countermeasure action to the Kill Chain?
A) Disrupt
B) Prevent
© 2025 All rights reserved
,3
C) React
D) Remove Answer: A) Disrupt
What is an easy to implement and effective control an organization can
leverage to make pivoting more difficult for an attacker?
A) WPA2
B) P2P patching
C) Private VLAN
D) VPN Answer: C) Private VLAN
Which type of private VLAN ports may only communicate with
promiscuous ports?
A) Isolated
B) Promiscuous
C) Network
D) Community Answer: A) Isolated
Which of the following wireless standards supports up to 1300 Mbps?
© 2025 All rights reserved
, 4
A) 802.11b
B) 802.11ac
C) 802.11n
D) 802.11w Answer: B) 802.11ac
In which phase of the security architecture design lifecycle is threat
modeling and attack surface analysis conducted?
A) Scan
B) Discover and Assess
C) Plan
D) Design Answer: C) Plan
Which of the following is the best practice to mitigate against the Cisco
Discovery Protocol (CDP) information leakage attack?
A) Disable the CDP unless expressly required.
B) No mitigations are needed since CDP is secure by default.
C) Schedule the CDP patch regularly.
© 2025 All rights reserved
SANS - SEC530 Questions with Answers (100% Correct
Answers)
Which of the following is a recommended USB keyboard mitigation for
sites requiring high security?
A) Disable USB ports in the system.
B) Restrict USB devices with approved PIDs and VIDs.
C) Block the USB devices physically.
D) Restrict USB devices with approved user accounts. Answer: C) Block
the USB devices physically.
Which of the following Cisco IOS commands is used to shut the port
down automatically when the maximum number of MAC addresses is
exceeded?
A) switchport port-security violation shutdown
B) switchport port-security limit rate source-mac-shutdown
C) switchport port-security violation auto-shutdown
© 2025 All rights reserved
,2
D) switchport port-security mac-exceed-port-shutdown Answer: A)
switchport port-security violation shutdown
What is a common failing associated with focusing only on compliance-
drive security?
A) Compliance-driven security tends to focus only on hardening
internal systems.
B) Compliance-driven security tends to focus only on hardening the
perimeter.
C) Compliance-driven security tends to be costly in terms of solutions
and resources.
D) Compliance-driven security tends to fail in the face of a persistent
adversary. Answer: D) Compliance-driven security tends to fail in the
face of a persistent adversary.
Which of the following is described by Lockheed Martin as a
countermeasure action to the Kill Chain?
A) Disrupt
B) Prevent
© 2025 All rights reserved
,3
C) React
D) Remove Answer: A) Disrupt
What is an easy to implement and effective control an organization can
leverage to make pivoting more difficult for an attacker?
A) WPA2
B) P2P patching
C) Private VLAN
D) VPN Answer: C) Private VLAN
Which type of private VLAN ports may only communicate with
promiscuous ports?
A) Isolated
B) Promiscuous
C) Network
D) Community Answer: A) Isolated
Which of the following wireless standards supports up to 1300 Mbps?
© 2025 All rights reserved
, 4
A) 802.11b
B) 802.11ac
C) 802.11n
D) 802.11w Answer: B) 802.11ac
In which phase of the security architecture design lifecycle is threat
modeling and attack surface analysis conducted?
A) Scan
B) Discover and Assess
C) Plan
D) Design Answer: C) Plan
Which of the following is the best practice to mitigate against the Cisco
Discovery Protocol (CDP) information leakage attack?
A) Disable the CDP unless expressly required.
B) No mitigations are needed since CDP is secure by default.
C) Schedule the CDP patch regularly.
© 2025 All rights reserved
