SANS 401 GSEC Exam 2025 SANS 401 GSEC
Exam Latest Update 2025 Questions and
Correct Answers Rated A+
Authentication -Answer-A process by which you prove you are who
you say you are. Something you know, have, are.
Authorization -Answer-Determines what someone has access to or is
allowed to do after authentication
Accountability -Answer-Deals with knowing who did what and when
Least Privilege -Answer-Diving the least amount of access needed to
do a job
Need to Know -Answer-Give access only when it is needed and take it
away when it's not
Separation of Duties -Answer-Break critical tasks across multiple
people to limit exposure points
Rotation of Duties -Answer-Change jobs on a regular basis
Single Sign-On -Answer-Log on once and the credentials are carried
with the user to simplify user management
Password Hash Strength determined by -Answer-Quality of Algorithm,
Key Length, CPU Cycles, Character set support, Password Length
Salt -Answer-Bytes or numbers added to hash to further create more
possible passwords
,Incident -Answer-An adverse event in an information system and/or
network, or threat of the occurrence of such event
Event -Answer-Any observable occurrence in a system and/or network
Incident Handling Steps (6) -Answer-Preparation
Identification
Containment
Eradication
Recovery
Lesson's Learned
Chain of Custody -Answer-Document evidence items and its custody,
transfer, and disposition
Real Evidence -Answer-Is the tangible items. Seized Computer, USB,
Printout, etc.
Direct Evidence -Answer-What the handler actually saw, not what the
handler surmised
Command Injection -Answer-Attacker sends OS commands as form or
other input and adds additional code for malicious cause
Buffer Overflows -Answer-Program allocate a certain amount of buffer
space to perform operations
SQL Injection -Answer-Inserting SQL into a field which is executed on
the backend of the database. Poor input validation
,Cross-Site Scripting -Answer-Allowing JavaScript to be entered into
entry field and executing to steal cookies and session data
Return on Investment (ROI | ROSI) -Answer-The financial benefit or
return received from a given amount of money or capital invest into
product
Social Engineering -Answer-Attempts to manipulate or trick a person
into providing information or access
Network Mapping (hping) -Answer-Enables port scanning and
spoofing simultaneously by crafting packets and analyzing the return.
Test firewall rules, remote OS fingerprinting, audit TCP/IP stacks
Port Scanning (nmap) -Answer-Network mapper that can give
information about a network/device in order to understand open ports,
services, etc.
Kismet -Answer-Linux WLAN analysis tool which is completely
passive and won't be detected with use
SSL/TLS -Answer-Protocol for encrypting network traffic which
operates on port 443
Secure Coding Essentials -Answer-Validate all user input
Handle errors and do not display errors to end users
Need for SID's and Cookies -Answer-HTTP is stateless
Reasons for a SIEM -Answer-Monitor web content and file integrity
Track performance and look for trends and anomalies
, Firewalls -Answer-A router with a filtering ruleset which reduces risks
by protecting systems from attempts to exploit vulnerabilities.
Stateless Packet Filter -Answer-Low-end firewall: Enhanced security
and very fast. Can be bypassed by attackers by sending only ACK
packets, no SYN.
How often is ACK packet set in TCP connection -Answer-All of them
except for the first packet of 3-way handshake (SYN only)
Proxy -Answer-Maintains complete TCP connection state and
sequencing through two connections
Data Diode -Answer-Is a semiconductor device with two terminals,
typically allowing the flow of current in one direction only
Honeypots -Answer-An information system resource that has no
legitimate purpose or reason for someone to connect to it
Reasons for Honeypots -Answer-Draw in attackers to understand how
they break in
Better determine what is attack traffic
Intrusion -Answer-Any activity that is contrary to security policy
Intrusion Detection System (IDS) -Answer-Reports attacks against
monitored systems/networks. Requires monitoring, alerting, and
reaction
Network IDS (NIDS) -Answer-Deployed as a passive sniffer/sensor at
network aggregation points. Uses signature, anomaly analysis
Exam Latest Update 2025 Questions and
Correct Answers Rated A+
Authentication -Answer-A process by which you prove you are who
you say you are. Something you know, have, are.
Authorization -Answer-Determines what someone has access to or is
allowed to do after authentication
Accountability -Answer-Deals with knowing who did what and when
Least Privilege -Answer-Diving the least amount of access needed to
do a job
Need to Know -Answer-Give access only when it is needed and take it
away when it's not
Separation of Duties -Answer-Break critical tasks across multiple
people to limit exposure points
Rotation of Duties -Answer-Change jobs on a regular basis
Single Sign-On -Answer-Log on once and the credentials are carried
with the user to simplify user management
Password Hash Strength determined by -Answer-Quality of Algorithm,
Key Length, CPU Cycles, Character set support, Password Length
Salt -Answer-Bytes or numbers added to hash to further create more
possible passwords
,Incident -Answer-An adverse event in an information system and/or
network, or threat of the occurrence of such event
Event -Answer-Any observable occurrence in a system and/or network
Incident Handling Steps (6) -Answer-Preparation
Identification
Containment
Eradication
Recovery
Lesson's Learned
Chain of Custody -Answer-Document evidence items and its custody,
transfer, and disposition
Real Evidence -Answer-Is the tangible items. Seized Computer, USB,
Printout, etc.
Direct Evidence -Answer-What the handler actually saw, not what the
handler surmised
Command Injection -Answer-Attacker sends OS commands as form or
other input and adds additional code for malicious cause
Buffer Overflows -Answer-Program allocate a certain amount of buffer
space to perform operations
SQL Injection -Answer-Inserting SQL into a field which is executed on
the backend of the database. Poor input validation
,Cross-Site Scripting -Answer-Allowing JavaScript to be entered into
entry field and executing to steal cookies and session data
Return on Investment (ROI | ROSI) -Answer-The financial benefit or
return received from a given amount of money or capital invest into
product
Social Engineering -Answer-Attempts to manipulate or trick a person
into providing information or access
Network Mapping (hping) -Answer-Enables port scanning and
spoofing simultaneously by crafting packets and analyzing the return.
Test firewall rules, remote OS fingerprinting, audit TCP/IP stacks
Port Scanning (nmap) -Answer-Network mapper that can give
information about a network/device in order to understand open ports,
services, etc.
Kismet -Answer-Linux WLAN analysis tool which is completely
passive and won't be detected with use
SSL/TLS -Answer-Protocol for encrypting network traffic which
operates on port 443
Secure Coding Essentials -Answer-Validate all user input
Handle errors and do not display errors to end users
Need for SID's and Cookies -Answer-HTTP is stateless
Reasons for a SIEM -Answer-Monitor web content and file integrity
Track performance and look for trends and anomalies
, Firewalls -Answer-A router with a filtering ruleset which reduces risks
by protecting systems from attempts to exploit vulnerabilities.
Stateless Packet Filter -Answer-Low-end firewall: Enhanced security
and very fast. Can be bypassed by attackers by sending only ACK
packets, no SYN.
How often is ACK packet set in TCP connection -Answer-All of them
except for the first packet of 3-way handshake (SYN only)
Proxy -Answer-Maintains complete TCP connection state and
sequencing through two connections
Data Diode -Answer-Is a semiconductor device with two terminals,
typically allowing the flow of current in one direction only
Honeypots -Answer-An information system resource that has no
legitimate purpose or reason for someone to connect to it
Reasons for Honeypots -Answer-Draw in attackers to understand how
they break in
Better determine what is attack traffic
Intrusion -Answer-Any activity that is contrary to security policy
Intrusion Detection System (IDS) -Answer-Reports attacks against
monitored systems/networks. Requires monitoring, alerting, and
reaction
Network IDS (NIDS) -Answer-Deployed as a passive sniffer/sensor at
network aggregation points. Uses signature, anomaly analysis
