SANS Security Exam 2024/2025 fully
solved & updated
The elements of the CIA are - ANSWER-Confidentiality, Integrity, Availability
Which role always has ultimate responsibility for security in an organization? -
ANSWER-Senior Manager
What is the goal of most Cyber Threats today? - ANSWER-Make money for the
attacker
What is the name of the role with primary responsibility for data? - ANSWER-Data
Owner
What role is responsible for implementing controls on data? - ANSWER-Data
Custodian
The term due care means that senior management has a legal responsibility to -
ANSWER-Act as a reasonable person would act in protecting assets
Who in the organization determines if risk is acceptable? - ANSWER-Chief
Executive Officer (CEO)
The term Exposure Factor means - ANSWER-The percentage of asset value loss
The term Single Loss Expectancy means - ANSWER-What is costs each time a
threat materializes
The formula to arrive at Annual Loss Expectancy is - ANSWER-Annual Rate of
Occurance * Single Loss Expectancy
, The formula to arrive at Single Loss Expectancy is - ANSWER-Asset Value *
Exposure Factor
Which approach to Risk Assessment is based on money? - ANSWER-Quantitative
Which approach to Risk Assessment is based on severity and likelihood? -
ANSWER-Qualitative
Of the three control areas, which deals with authentication? - ANSWER-Technical
Controls
Of the three control types, which deals with authentication? - ANSWER-
Preventive
Which Risk Strategy deals with stopping risky activities or business practices? -
ANSWER-Risk Avoidance
Which Risk Strategy involves buying insurance? - ANSWER-Risk Transference
Separation of duties means - ANSWER-No person has control of a critical
process from beginning to end
If completed correctly, a Non-Disclosure Agreement (NDA) is a legally binding
contract - ANSWER-True
What defines and dictates proper policy in any organization? - ANSWER-The
corporate culture of the organization
All awareness training must be - ANSWER-Documented
A broad, general statement of management intent defines - ANSWER-A policy
Dual control means - ANSWER-No person can access data alone; it takes two
people
When you delete a file on a Windows computer, what happens? - ANSWER-It
moves to the Recycle Bin, but is still on the disk
When you empty the Recycle Bin in Windows, what happens? - ANSWER-The
first letter of each file is removed-the system can't find the file
solved & updated
The elements of the CIA are - ANSWER-Confidentiality, Integrity, Availability
Which role always has ultimate responsibility for security in an organization? -
ANSWER-Senior Manager
What is the goal of most Cyber Threats today? - ANSWER-Make money for the
attacker
What is the name of the role with primary responsibility for data? - ANSWER-Data
Owner
What role is responsible for implementing controls on data? - ANSWER-Data
Custodian
The term due care means that senior management has a legal responsibility to -
ANSWER-Act as a reasonable person would act in protecting assets
Who in the organization determines if risk is acceptable? - ANSWER-Chief
Executive Officer (CEO)
The term Exposure Factor means - ANSWER-The percentage of asset value loss
The term Single Loss Expectancy means - ANSWER-What is costs each time a
threat materializes
The formula to arrive at Annual Loss Expectancy is - ANSWER-Annual Rate of
Occurance * Single Loss Expectancy
, The formula to arrive at Single Loss Expectancy is - ANSWER-Asset Value *
Exposure Factor
Which approach to Risk Assessment is based on money? - ANSWER-Quantitative
Which approach to Risk Assessment is based on severity and likelihood? -
ANSWER-Qualitative
Of the three control areas, which deals with authentication? - ANSWER-Technical
Controls
Of the three control types, which deals with authentication? - ANSWER-
Preventive
Which Risk Strategy deals with stopping risky activities or business practices? -
ANSWER-Risk Avoidance
Which Risk Strategy involves buying insurance? - ANSWER-Risk Transference
Separation of duties means - ANSWER-No person has control of a critical
process from beginning to end
If completed correctly, a Non-Disclosure Agreement (NDA) is a legally binding
contract - ANSWER-True
What defines and dictates proper policy in any organization? - ANSWER-The
corporate culture of the organization
All awareness training must be - ANSWER-Documented
A broad, general statement of management intent defines - ANSWER-A policy
Dual control means - ANSWER-No person can access data alone; it takes two
people
When you delete a file on a Windows computer, what happens? - ANSWER-It
moves to the Recycle Bin, but is still on the disk
When you empty the Recycle Bin in Windows, what happens? - ANSWER-The
first letter of each file is removed-the system can't find the file
