SANS - SEC530 Actual Exam 2025 SANS
SEC530 Exam Latest Update 2025 Questions
and Correct Answers Rated A+
Which of these methods for delivering software patches in a Windows
enterprise should an organization utilize?
A) Windows Server Update Services
B) Windows Update Delivery Optimization
C) Windows 10 P2P Patching
D) System Patch Management Services -Answer-B) Windows Update
Delivery Optimization
Which project documents common tactics, techniques, and
procedures that advanced persistent threat groups used against
enterprise networks?
A) DEF3NSE
B) DET3CT
C) ATP&CK
D) ATT&CK -Answer-D) ATT&CK
Which type of analysis is less common and is based around
presumption of compromise that the network is already owned?
A) Perimeter analysis
B) Infection analysis
C) Risk analysis
D) Egress analysis -Answer-D) Egress analysis
,Which of the following tools is used by attackers to perform ARP
spoofing?
A) Burp Suite
B) Aircrack
C) Ettercap
D) Snort -Answer-C) Ettercap
What does ARP spoofing require that makes many organizations
consider it low probability / low risk?
A) ARP spoofing is an antiquated attack and is no longer a risk for
organizations.
B) ARP spoofing only works on network switches.
C) ARP spoofing requires local Layer 2 access.
D) ARP spoofing only works on wireless network. -Answer-C) ARP
spoofing requires local Layer 2 access.
Which of the following strategies can eliminate duplicate flow logs?
A) Switching to NetFlow V9.
B) Using SDN fabrics.
C) Purchasing a commercial solution.
D) Changing flow logs to only be on internal traffic. -Answer-D)
Changing flow logs to only be on internal traffic.
Which of the following Cisco commands is used to enable DHCP
snooping on a switch to mitigate the rogue DHCP server attack?
A) ip mitigate dhcp-snooping
B) ip enable snooping
C) ip config dhcp snooping
,D) ip dhcp snooping -Answer-D) ip dhcp snooping
Which specific security architecture is usually (and too narrowly)
referenced when describing secure architecture?
A) Product-based architecture
B) Host-based architecture
C) Application-based architecture
D) Network-based architecture -Answer-D) Network-based
architecture
Which of the statements regarding NetFlow is correct?
A) NetFlow v12 is the latest NetFlow version.
B) NetFlow is an open standard invented by Palo Alto Networks.
C) NetFlow v5 and v9 are commonly used today.
D) NetFlow v9 supports layer 3 NetFlow and IPv4 only. -Answer-C)
NetFlow v5 and v9 are commonly used today.
Which of the following types of wireless network communication is
described as low-power, low-bandwidth, and short-range?
A) Zigbee
B) 802.11
C) Bluetooth
D) Infrared -Answer-A) Zigbee
Which of the following components are required to collect flow data?
A) Flow exporter, flow collector, flow analyzer
B) Flow filter, flow controller, flow analyzer
C) Flow importer, flow exporter, flow collector
, D) Flow viewer, flow director, flow filter -Answer-A) Flow exporter, flow
collector, flow analyzer
Which wireless communication method handles authentication by
using 802.1X and RADIUS?
A) WPA
B) WPA2 Enterprise
C) WPA2 Personal
D) WEP -Answer-B) WPA2 Enterprise
Which of the following is the best practice for remote connections?
A) Set "ssh authentication-retries" to 0 in the configuration.
B) Use SSHv2 and disable SSHv1.
C) Use the RSA key size 512 bits in configuration.
D) Use telnet or SSHv2. -Answer-B) Use SSHv2 and disable SSHv1.
Which of the following are a benefit and a drawback of SLAAC IPv6
address assignments?
A) Benefit: SLAAC requires no DHCP infrastructure. Drawback:
SLAAC causes privacy concerns.
B) Benefit: SLAAC fixes privacy concerns of IPv6. Drawback: SLAAC
requires DHCP infrastructure.
C) Benefit: SLAAC eliminates the need for IPv6 Global Unicast
temporary addresses. Drawback: SLAAC causes privacy concerns.
D) Benefit: SLAAC eliminates the need for IPv6 Global Unicast
temporary addresses. Drawback: SLAAC fixes privacy concerns of
IPv6. -Answer-A) Benefit: SLAAC requires no DHCP infrastructure.
Drawback: SLAAC causes privacy concerns.
SEC530 Exam Latest Update 2025 Questions
and Correct Answers Rated A+
Which of these methods for delivering software patches in a Windows
enterprise should an organization utilize?
A) Windows Server Update Services
B) Windows Update Delivery Optimization
C) Windows 10 P2P Patching
D) System Patch Management Services -Answer-B) Windows Update
Delivery Optimization
Which project documents common tactics, techniques, and
procedures that advanced persistent threat groups used against
enterprise networks?
A) DEF3NSE
B) DET3CT
C) ATP&CK
D) ATT&CK -Answer-D) ATT&CK
Which type of analysis is less common and is based around
presumption of compromise that the network is already owned?
A) Perimeter analysis
B) Infection analysis
C) Risk analysis
D) Egress analysis -Answer-D) Egress analysis
,Which of the following tools is used by attackers to perform ARP
spoofing?
A) Burp Suite
B) Aircrack
C) Ettercap
D) Snort -Answer-C) Ettercap
What does ARP spoofing require that makes many organizations
consider it low probability / low risk?
A) ARP spoofing is an antiquated attack and is no longer a risk for
organizations.
B) ARP spoofing only works on network switches.
C) ARP spoofing requires local Layer 2 access.
D) ARP spoofing only works on wireless network. -Answer-C) ARP
spoofing requires local Layer 2 access.
Which of the following strategies can eliminate duplicate flow logs?
A) Switching to NetFlow V9.
B) Using SDN fabrics.
C) Purchasing a commercial solution.
D) Changing flow logs to only be on internal traffic. -Answer-D)
Changing flow logs to only be on internal traffic.
Which of the following Cisco commands is used to enable DHCP
snooping on a switch to mitigate the rogue DHCP server attack?
A) ip mitigate dhcp-snooping
B) ip enable snooping
C) ip config dhcp snooping
,D) ip dhcp snooping -Answer-D) ip dhcp snooping
Which specific security architecture is usually (and too narrowly)
referenced when describing secure architecture?
A) Product-based architecture
B) Host-based architecture
C) Application-based architecture
D) Network-based architecture -Answer-D) Network-based
architecture
Which of the statements regarding NetFlow is correct?
A) NetFlow v12 is the latest NetFlow version.
B) NetFlow is an open standard invented by Palo Alto Networks.
C) NetFlow v5 and v9 are commonly used today.
D) NetFlow v9 supports layer 3 NetFlow and IPv4 only. -Answer-C)
NetFlow v5 and v9 are commonly used today.
Which of the following types of wireless network communication is
described as low-power, low-bandwidth, and short-range?
A) Zigbee
B) 802.11
C) Bluetooth
D) Infrared -Answer-A) Zigbee
Which of the following components are required to collect flow data?
A) Flow exporter, flow collector, flow analyzer
B) Flow filter, flow controller, flow analyzer
C) Flow importer, flow exporter, flow collector
, D) Flow viewer, flow director, flow filter -Answer-A) Flow exporter, flow
collector, flow analyzer
Which wireless communication method handles authentication by
using 802.1X and RADIUS?
A) WPA
B) WPA2 Enterprise
C) WPA2 Personal
D) WEP -Answer-B) WPA2 Enterprise
Which of the following is the best practice for remote connections?
A) Set "ssh authentication-retries" to 0 in the configuration.
B) Use SSHv2 and disable SSHv1.
C) Use the RSA key size 512 bits in configuration.
D) Use telnet or SSHv2. -Answer-B) Use SSHv2 and disable SSHv1.
Which of the following are a benefit and a drawback of SLAAC IPv6
address assignments?
A) Benefit: SLAAC requires no DHCP infrastructure. Drawback:
SLAAC causes privacy concerns.
B) Benefit: SLAAC fixes privacy concerns of IPv6. Drawback: SLAAC
requires DHCP infrastructure.
C) Benefit: SLAAC eliminates the need for IPv6 Global Unicast
temporary addresses. Drawback: SLAAC causes privacy concerns.
D) Benefit: SLAAC eliminates the need for IPv6 Global Unicast
temporary addresses. Drawback: SLAAC fixes privacy concerns of
IPv6. -Answer-A) Benefit: SLAAC requires no DHCP infrastructure.
Drawback: SLAAC causes privacy concerns.
