SANS - SEC530 UPDATED Exam
Questions and CORRECT Answers
Which of the following is a recommended USB keyboard mitigation for sites requiring high
security?
A) Disable USB ports in the system.
B) Restrict USB devices with approved PIDs and VIDs.
C) Block the USB devices physically.
D) Restrict USB devices with approved user accounts. - CORRECT ANSWER - C) Block
the USB devices physically.
Which of the following Cisco IOS commands is used to shut the port down automatically when
the maximum number of MAC addresses is exceeded?
A) switchport port-security violation shutdown
B) switchport port-security limit rate source-mac-shutdown
C) switchport port-security violation auto-shutdown
D) switchport port-security mac-exceed-port-shutdown - CORRECT ANSWER - A)
switchport port-security violation shutdown
What is a common failing associated with focusing only on compliance-drive security?
A) Compliance-driven security tends to focus only on hardening internal systems.
B) Compliance-driven security tends to focus only on hardening the perimeter.
C) Compliance-driven security tends to be costly in terms of solutions and resources.
D) Compliance-driven security tends to fail in the face of a persistent adversary. - CORRECT
ANSWER - D) Compliance-driven security tends to fail in the face of a persistent
adversary.
,Which of the following is described by Lockheed Martin as a countermeasure action to the Kill
Chain?
A) Disrupt
B) Prevent
C) React
D) Remove - CORRECT ANSWER - A) Disrupt
What is an easy to implement and effective control an organization can leverage to make
pivoting more difficult for an attacker?
A) WPA2
B) P2P patching
C) Private VLAN
D) VPN - CORRECT ANSWER - C) Private VLAN
Which type of private VLAN ports may only communicate with promiscuous ports?
A) Isolated
B) Promiscuous
C) Network
D) Community - CORRECT ANSWER - A) Isolated
Which of the following wireless standards supports up to 1300 Mbps?
A) 802.11b
B) 802.11ac
C) 802.11n
D) 802.11w - CORRECT ANSWER - B) 802.11ac
,In which phase of the security architecture design lifecycle is threat modeling and attack surface
analysis conducted?
A) Scan
B) Discover and Assess
C) Plan
D) Design - CORRECT ANSWER - C) Plan
Which of the following is the best practice to mitigate against the Cisco Discovery Protocol
(CDP) information leakage attack?
A) Disable the CDP unless expressly required.
B) No mitigations are needed since CDP is secure by default.
C) Schedule the CDP patch regularly.
D) Enable the SECDP feature in the CDP to secure the CDP. - CORRECT ANSWER - A)
Disable the CDP unless expressly required.
Which of the following prevents physical access to the network when plugging in an
unauthorized device?
A) MAC address filtering
B) Packet filtering firewall
C) Background checks
D) Two-factor authentication - CORRECT ANSWER - A) MAC address filtering
What would be one of the first steps for a security architect when building or redesigning a
security architecture to secure an organization?
A) Remove unnecessary egress traffic
, B) Perform a perimeter pen test
C) Deploy patches to external systems
D) Identify critical assets - CORRECT ANSWER - D) Identify critical assets
Which of the following is a method of detecting a BYOAP problem on a network?
A) Multiple VPN connections from the internal network.
B) Multiple URL requests from the same source IP.
C) Multiple SSIDs in the area.
D) Multiple user agent strings from the same IP address. - CORRECT ANSWER - D)
Multiple user agent strings from the same IP address.
What could be implemented to mitigate the risk of one client pivoting to another on the same
network?
A) Host-based antipivot
B) Next-gen antivirus
C) NAC controls
D) Private VLANs - CORRECT ANSWER - D) Private VLANs
What is the term used for when the red team is working together with the blue team through
simulation of specific threat scenarios?
A) Purple teaming
B) Black-hat teaming
C) Defensive teaming
D) Multi-front teaming - CORRECT ANSWER - A) Purple teaming
Questions and CORRECT Answers
Which of the following is a recommended USB keyboard mitigation for sites requiring high
security?
A) Disable USB ports in the system.
B) Restrict USB devices with approved PIDs and VIDs.
C) Block the USB devices physically.
D) Restrict USB devices with approved user accounts. - CORRECT ANSWER - C) Block
the USB devices physically.
Which of the following Cisco IOS commands is used to shut the port down automatically when
the maximum number of MAC addresses is exceeded?
A) switchport port-security violation shutdown
B) switchport port-security limit rate source-mac-shutdown
C) switchport port-security violation auto-shutdown
D) switchport port-security mac-exceed-port-shutdown - CORRECT ANSWER - A)
switchport port-security violation shutdown
What is a common failing associated with focusing only on compliance-drive security?
A) Compliance-driven security tends to focus only on hardening internal systems.
B) Compliance-driven security tends to focus only on hardening the perimeter.
C) Compliance-driven security tends to be costly in terms of solutions and resources.
D) Compliance-driven security tends to fail in the face of a persistent adversary. - CORRECT
ANSWER - D) Compliance-driven security tends to fail in the face of a persistent
adversary.
,Which of the following is described by Lockheed Martin as a countermeasure action to the Kill
Chain?
A) Disrupt
B) Prevent
C) React
D) Remove - CORRECT ANSWER - A) Disrupt
What is an easy to implement and effective control an organization can leverage to make
pivoting more difficult for an attacker?
A) WPA2
B) P2P patching
C) Private VLAN
D) VPN - CORRECT ANSWER - C) Private VLAN
Which type of private VLAN ports may only communicate with promiscuous ports?
A) Isolated
B) Promiscuous
C) Network
D) Community - CORRECT ANSWER - A) Isolated
Which of the following wireless standards supports up to 1300 Mbps?
A) 802.11b
B) 802.11ac
C) 802.11n
D) 802.11w - CORRECT ANSWER - B) 802.11ac
,In which phase of the security architecture design lifecycle is threat modeling and attack surface
analysis conducted?
A) Scan
B) Discover and Assess
C) Plan
D) Design - CORRECT ANSWER - C) Plan
Which of the following is the best practice to mitigate against the Cisco Discovery Protocol
(CDP) information leakage attack?
A) Disable the CDP unless expressly required.
B) No mitigations are needed since CDP is secure by default.
C) Schedule the CDP patch regularly.
D) Enable the SECDP feature in the CDP to secure the CDP. - CORRECT ANSWER - A)
Disable the CDP unless expressly required.
Which of the following prevents physical access to the network when plugging in an
unauthorized device?
A) MAC address filtering
B) Packet filtering firewall
C) Background checks
D) Two-factor authentication - CORRECT ANSWER - A) MAC address filtering
What would be one of the first steps for a security architect when building or redesigning a
security architecture to secure an organization?
A) Remove unnecessary egress traffic
, B) Perform a perimeter pen test
C) Deploy patches to external systems
D) Identify critical assets - CORRECT ANSWER - D) Identify critical assets
Which of the following is a method of detecting a BYOAP problem on a network?
A) Multiple VPN connections from the internal network.
B) Multiple URL requests from the same source IP.
C) Multiple SSIDs in the area.
D) Multiple user agent strings from the same IP address. - CORRECT ANSWER - D)
Multiple user agent strings from the same IP address.
What could be implemented to mitigate the risk of one client pivoting to another on the same
network?
A) Host-based antipivot
B) Next-gen antivirus
C) NAC controls
D) Private VLANs - CORRECT ANSWER - D) Private VLANs
What is the term used for when the red team is working together with the blue team through
simulation of specific threat scenarios?
A) Purple teaming
B) Black-hat teaming
C) Defensive teaming
D) Multi-front teaming - CORRECT ANSWER - A) Purple teaming
