SANS SEC401 MAIN EXAMINATION SETS QUESTIONS AND
SOLUTIONS MARKED A+
✔✔Transport Layer 4 OSI Stack - ✔✔Determines that application the packet should be
sent to through port numbers (Web on 80,443)
✔✔Network Layer 3 OSI Stack - ✔✔Moving packets from one network to another
network, uses logical addressing instead of physical addressing
✔✔Data Link Layer 2 OSI Stack - ✔✔Takes a packet and frames it suitable for
transmission
✔✔Physical Layer 1 OSI Stack - ✔✔Network cable, electromagnetic radiation
✔✔TCP/IP Protocol Stack (4) - ✔✔Layer 4) Application
Layer 3) Transport (TCP/UDP)
Layer 2) Internet (IP)
Layer 1) Network
✔✔Network Address in: 10.1.2.0/24 Subnet - ✔✔10.1.2.0
✔✔Broadcast Address in: 10.1.2.0/24 Subnet - ✔✔10.1.2.255
✔✔Class A CIDR Addressing (Mask, IP Range) - ✔✔N.H.H.H, 255.0.0.0 - 1-127
10.0.0.0/8
16.7 Million IP's
✔✔Class B CIDR Addressing (Mask, IP Range) - ✔✔N.N.H.H, 255.255.0.0 - 128-191
172.16.0.0/16
65,536 IP's
✔✔Class C CIDR Addressing (Mask, IP Range) - ✔✔N.N.N.H, 255.255.255.0 - 192-223
192.168.1.0/24
256 IP's
✔✔Address that broadcasts to current network - ✔✔255.255.255.255
✔✔ARP (Address Resolution Protocol) - ✔✔Required to go from Layer 2 to 3,
broadcasts to a network querying for an IP Address, once found, sends it back to
requesting MAC
✔✔DNS (Domain Name System) - ✔✔Name to an IP Address (TCP/UDP 53)
✔✔Layer 3 Network Protocols - ✔✔ICMP (Ping and Traceroute)
, ✔✔Layer 4 Transport Protocols - ✔✔TCP (Connection) and UDP (Connectionless)
✔✔3-Way Handshake (TCP) - ✔✔A: SYN
B: SYN ACK
A: ACK
✔✔Closing a TCP Session - ✔✔A: FIN
B: ACK
B: FIN
A: ACK
✔✔Sniffer - ✔✔Program and/or device that monitors data traveling over a network
✔✔Bluetooth current Encryption - ✔✔AES, vulnerabilities in the Application layer
✔✔802.11b supports up to - ✔✔11 Mbps at 2.4 GHz
✔✔802.11a supports up to - ✔✔54 Mbps at 5 GHz
✔✔802.11g supports up to - ✔✔22/54 Mbps at 2.4 GHz
✔✔802.11n supports up to - ✔✔54-600 Mbps at 5 GHz
✔✔802.11ac supports up to - ✔✔1300 Mbps at 5 GHz
✔✔802.11i - ✔✔Authentication at Layer 2, provides strong encryption, replay protection
and integrity protection - WPA2
✔✔Wireless Encryption Standards - ✔✔WEP -> WPA -> WPA2
✔✔Defense-in-Depth - ✔✔Multiple levels of protection deployed in an environment in
order to further protect all layers of the OSI Model and critical assets
✔✔Risk= - ✔✔Threats * Vulnerabilties
✔✔Threat - ✔✔Potential to do harm to a System
✔✔Vulnerability - ✔✔Ability for the threat to cause harm to a system
✔✔CIA (Confidentiality) - ✔✔Information is available only to those who need access to
it
✔✔CIA (Integrity) - ✔✔No unauthorized changes to the file
SOLUTIONS MARKED A+
✔✔Transport Layer 4 OSI Stack - ✔✔Determines that application the packet should be
sent to through port numbers (Web on 80,443)
✔✔Network Layer 3 OSI Stack - ✔✔Moving packets from one network to another
network, uses logical addressing instead of physical addressing
✔✔Data Link Layer 2 OSI Stack - ✔✔Takes a packet and frames it suitable for
transmission
✔✔Physical Layer 1 OSI Stack - ✔✔Network cable, electromagnetic radiation
✔✔TCP/IP Protocol Stack (4) - ✔✔Layer 4) Application
Layer 3) Transport (TCP/UDP)
Layer 2) Internet (IP)
Layer 1) Network
✔✔Network Address in: 10.1.2.0/24 Subnet - ✔✔10.1.2.0
✔✔Broadcast Address in: 10.1.2.0/24 Subnet - ✔✔10.1.2.255
✔✔Class A CIDR Addressing (Mask, IP Range) - ✔✔N.H.H.H, 255.0.0.0 - 1-127
10.0.0.0/8
16.7 Million IP's
✔✔Class B CIDR Addressing (Mask, IP Range) - ✔✔N.N.H.H, 255.255.0.0 - 128-191
172.16.0.0/16
65,536 IP's
✔✔Class C CIDR Addressing (Mask, IP Range) - ✔✔N.N.N.H, 255.255.255.0 - 192-223
192.168.1.0/24
256 IP's
✔✔Address that broadcasts to current network - ✔✔255.255.255.255
✔✔ARP (Address Resolution Protocol) - ✔✔Required to go from Layer 2 to 3,
broadcasts to a network querying for an IP Address, once found, sends it back to
requesting MAC
✔✔DNS (Domain Name System) - ✔✔Name to an IP Address (TCP/UDP 53)
✔✔Layer 3 Network Protocols - ✔✔ICMP (Ping and Traceroute)
, ✔✔Layer 4 Transport Protocols - ✔✔TCP (Connection) and UDP (Connectionless)
✔✔3-Way Handshake (TCP) - ✔✔A: SYN
B: SYN ACK
A: ACK
✔✔Closing a TCP Session - ✔✔A: FIN
B: ACK
B: FIN
A: ACK
✔✔Sniffer - ✔✔Program and/or device that monitors data traveling over a network
✔✔Bluetooth current Encryption - ✔✔AES, vulnerabilities in the Application layer
✔✔802.11b supports up to - ✔✔11 Mbps at 2.4 GHz
✔✔802.11a supports up to - ✔✔54 Mbps at 5 GHz
✔✔802.11g supports up to - ✔✔22/54 Mbps at 2.4 GHz
✔✔802.11n supports up to - ✔✔54-600 Mbps at 5 GHz
✔✔802.11ac supports up to - ✔✔1300 Mbps at 5 GHz
✔✔802.11i - ✔✔Authentication at Layer 2, provides strong encryption, replay protection
and integrity protection - WPA2
✔✔Wireless Encryption Standards - ✔✔WEP -> WPA -> WPA2
✔✔Defense-in-Depth - ✔✔Multiple levels of protection deployed in an environment in
order to further protect all layers of the OSI Model and critical assets
✔✔Risk= - ✔✔Threats * Vulnerabilties
✔✔Threat - ✔✔Potential to do harm to a System
✔✔Vulnerability - ✔✔Ability for the threat to cause harm to a system
✔✔CIA (Confidentiality) - ✔✔Information is available only to those who need access to
it
✔✔CIA (Integrity) - ✔✔No unauthorized changes to the file
