SANS SEC401 CORE EXAMS MANUAL QUESTIONS AND
SOLUTIONS MARKED A+
What is the term for an individual, organization, or group who is capable and motivated
to carry out an attack?
a) Threat agent
b) Threat proxy
c) Hacktivist
d) Nation state - ✔✔a) Threat agent
- book 1, page 30
Which of the following layers of the OSI protocol stack handles the establishment and
maintenance of connections?
a) Network
b) Session
c) Presentation
d) Transport - ✔✔b) Session
- book 1, page 56
What is a method adopted by IEEE 802.11n that results in higher bandwidth?
a) Multiple input single output
b) Single input multiple output
c) Multiple input multiple output
d) Single input single output - ✔✔c) Multiple input multiple output
- book 1, page 177
Which of the following presents simulated hardware to the virtual machine OS?
a) Physical BIOS settings
b) Host OS
c) Device manager from physical system
d) Hypervisor - ✔✔d) Hypervisor
- book 1, page 110
Designed to be a software upgrade to existing devices that supported WEP, which of
the following security protocols utilizes RC4 and TKIP to provide data communication
confidentiality?
a) WPA1
b) Enhanced WEP
c) WPA3
d) WPA2 - ✔✔a) WPA1
- book 1, page 194
,What is an often-ignored IT asset in security hardening?
a) Servers
b) Routers
c) Applications
d) Desktops - ✔✔b) routers
- book 1, page 27
What security framework provides cloud security guidance across 14 domains?
a) COBIT
b) CSA Cloud Controls Matrix
c) ISO 27000
d) NIST 800-53R4 / FedRAMP - ✔✔b) CSA Cloud Controls Matrix
- book 1, page 144
Which of the following maps the components of the conceptual design via the use of a
network diagram?
a) Conceptual design
b) Logical design
c) Enterprise design
d) Physical design - ✔✔b) Logical design
- book 1, page 19
What principle of Know Your Environment understands the value of a senior leader's
laptop?
a) Knowing the physical design of communication
b) Knowing the logical design of valuable data
c) Knowing the flow of communication
d) Knowing the location of valuable data - ✔✔d) Knowing the location of valuable data
- book 1, page 22
Which layer 4 protocol is a good multicast solution for optimized real-time
communications delivered over a wireless network?
a) UDP
b) ICMP
c) IP
d) TCP - ✔✔a) UDP
- book 1, page 93
What term characterizes a virtual Kali Linux machine running on a Windows 10
computer?
, a) Guest OS
b) Hypervisor OS
c) Default OS
d) Host OS - ✔✔a) Guest OS
- book 1, page 110
What is a benefit of cloud computing compared to an on-premise data center?
a) Trading away variable operating costs for fixed capital costs
b) Resources take up to a month to provision
c) On-demand resources at the speed of business
d) Greater control of infrastructure - ✔✔c) On-demand resources at the speed of
business
- book 1, page 125
What is a foundational principle of zero-trust?
a) Every user, device, or network connection must be proven.
b) Block all network traffic to/from sensitive networks.
c) Developers and system admins cannot be trusted.
d) Threats from the outside are most important. - ✔✔a) Every user, device, or network
connection must be proven
- book 2, page ___
A security analyst seeks to control the risk of unauthorized copying to critical files
associated with external drives. Which of the following control actions uses the concept
of vector-oriented defense-in-depth?
a) Isolating the work groups with access to the critical files
b) Disabling the ability to update critical files
c) Isolating critical files using layered protection
d) Disabling USB - ✔✔d) Disabling USB
- book 2, page 20
What Authenticator Assurance Level is the following an example of: a user
authentication by using an email address and password (involving cryptographic
algorithm) and by completing an SMS process?
a) AAL 2
b) AAL 1
c) AAL 4
d) AAL 3 - ✔✔a) AAL 2
- book 2, page ___
What can be used to provide common grounds for effectiveness of security measures?
SOLUTIONS MARKED A+
What is the term for an individual, organization, or group who is capable and motivated
to carry out an attack?
a) Threat agent
b) Threat proxy
c) Hacktivist
d) Nation state - ✔✔a) Threat agent
- book 1, page 30
Which of the following layers of the OSI protocol stack handles the establishment and
maintenance of connections?
a) Network
b) Session
c) Presentation
d) Transport - ✔✔b) Session
- book 1, page 56
What is a method adopted by IEEE 802.11n that results in higher bandwidth?
a) Multiple input single output
b) Single input multiple output
c) Multiple input multiple output
d) Single input single output - ✔✔c) Multiple input multiple output
- book 1, page 177
Which of the following presents simulated hardware to the virtual machine OS?
a) Physical BIOS settings
b) Host OS
c) Device manager from physical system
d) Hypervisor - ✔✔d) Hypervisor
- book 1, page 110
Designed to be a software upgrade to existing devices that supported WEP, which of
the following security protocols utilizes RC4 and TKIP to provide data communication
confidentiality?
a) WPA1
b) Enhanced WEP
c) WPA3
d) WPA2 - ✔✔a) WPA1
- book 1, page 194
,What is an often-ignored IT asset in security hardening?
a) Servers
b) Routers
c) Applications
d) Desktops - ✔✔b) routers
- book 1, page 27
What security framework provides cloud security guidance across 14 domains?
a) COBIT
b) CSA Cloud Controls Matrix
c) ISO 27000
d) NIST 800-53R4 / FedRAMP - ✔✔b) CSA Cloud Controls Matrix
- book 1, page 144
Which of the following maps the components of the conceptual design via the use of a
network diagram?
a) Conceptual design
b) Logical design
c) Enterprise design
d) Physical design - ✔✔b) Logical design
- book 1, page 19
What principle of Know Your Environment understands the value of a senior leader's
laptop?
a) Knowing the physical design of communication
b) Knowing the logical design of valuable data
c) Knowing the flow of communication
d) Knowing the location of valuable data - ✔✔d) Knowing the location of valuable data
- book 1, page 22
Which layer 4 protocol is a good multicast solution for optimized real-time
communications delivered over a wireless network?
a) UDP
b) ICMP
c) IP
d) TCP - ✔✔a) UDP
- book 1, page 93
What term characterizes a virtual Kali Linux machine running on a Windows 10
computer?
, a) Guest OS
b) Hypervisor OS
c) Default OS
d) Host OS - ✔✔a) Guest OS
- book 1, page 110
What is a benefit of cloud computing compared to an on-premise data center?
a) Trading away variable operating costs for fixed capital costs
b) Resources take up to a month to provision
c) On-demand resources at the speed of business
d) Greater control of infrastructure - ✔✔c) On-demand resources at the speed of
business
- book 1, page 125
What is a foundational principle of zero-trust?
a) Every user, device, or network connection must be proven.
b) Block all network traffic to/from sensitive networks.
c) Developers and system admins cannot be trusted.
d) Threats from the outside are most important. - ✔✔a) Every user, device, or network
connection must be proven
- book 2, page ___
A security analyst seeks to control the risk of unauthorized copying to critical files
associated with external drives. Which of the following control actions uses the concept
of vector-oriented defense-in-depth?
a) Isolating the work groups with access to the critical files
b) Disabling the ability to update critical files
c) Isolating critical files using layered protection
d) Disabling USB - ✔✔d) Disabling USB
- book 2, page 20
What Authenticator Assurance Level is the following an example of: a user
authentication by using an email address and password (involving cryptographic
algorithm) and by completing an SMS process?
a) AAL 2
b) AAL 1
c) AAL 4
d) AAL 3 - ✔✔a) AAL 2
- book 2, page ___
What can be used to provide common grounds for effectiveness of security measures?
