SANS SEC401 PRACTICE EXAM TEST QUESTIONS AND
SOLUTIONS MARKED A+
✔✔Sniffer - ✔✔Program and/or device that monitors data traveling over a network
✔✔Bluetooth current Encryption - ✔✔AES, vulnerabilities in the Application layer
✔✔802.11b supports up to - ✔✔11 Mbps at 2.4 GHz
✔✔802.11a supports up to - ✔✔54 Mbps at 5 GHz
✔✔802.11g supports up to - ✔✔22/54 Mbps at 2.4 GHz
✔✔802.11n supports up to - ✔✔54-600 Mbps at 5 GHz
✔✔802.11ac supports up to - ✔✔1300 Mbps at 5 GHz
✔✔802.11i - ✔✔Authentication at Layer 2, provides strong encryption, replay protection
and integrity protection - WPA2
✔✔Wireless Encryption Standards - ✔✔WEP -> WPA -> WPA2
✔✔Defense-in-Depth - ✔✔Multiple levels of protection deployed in an environment in
order to further protect all layers of the OSI Model and critical assets
✔✔Risk= - ✔✔Threats * Vulnerabilties
✔✔Threat - ✔✔Potential to do harm to a System
✔✔Vulnerability - ✔✔Ability for the threat to cause harm to a system
✔✔CIA (Confidentiality) - ✔✔Information is available only to those who need access to
it
✔✔CIA (Integrity) - ✔✔No unauthorized changes to the file
✔✔CIA (Availability) - ✔✔Data is available when you need/want it
✔✔Zero Day - ✔✔Vulnerability that is unknown
✔✔Approaches to Defense-in-Depth - ✔✔Uniform Protection
Protected Enclaves
Information Centric
Threat Vector Analysis
, ✔✔Viruses - ✔✔Not Self-Propagating, external means of transport
✔✔Worm - ✔✔Self-propagating, code that looks for systems and tries to access
✔✔Trojan - ✔✔Tries to be useful software but contains malware
✔✔Logic Bomb - ✔✔Executes when certain conditions are met
✔✔Policy - ✔✔Protects the organizations, the people, and the information
✔✔Procedure - ✔✔Detailed steps to be followed by users, system operations
personnel, or others to accomplish a specific task
✔✔Standard - ✔✔Organizational that specifies uniform use of specific technologies or
parameters
✔✔Baseline - ✔✔A more specific implementation of a standard
✔✔Guidline - ✔✔A suggestion or set of best practices
✔✔NDA - ✔✔Protects sensitive information, individuals must keep it confidential
✔✔Copyright - ✔✔Everything created has an implied copyright
✔✔Business Continuity Planning - ✔✔Is a strategic plan focusing on the availability of
critical business processes. Prepare and Mitigate
✔✔Disaster Recovery Plan - ✔✔Covers the recovery of IT systems in the event of a
disruption or disaster. Respond and Recover
✔✔Identity - ✔✔Who you claim to be
✔✔Authentication - ✔✔A process by which you prove you are who you say you are.
Something you know, have, are.
✔✔Authorization - ✔✔Determines what someone has access to or is allowed to do after
authentication
✔✔Accountability - ✔✔Deals with knowing who did what and when
✔✔Least Privilege - ✔✔Diving the least amount of access needed to do a job
SOLUTIONS MARKED A+
✔✔Sniffer - ✔✔Program and/or device that monitors data traveling over a network
✔✔Bluetooth current Encryption - ✔✔AES, vulnerabilities in the Application layer
✔✔802.11b supports up to - ✔✔11 Mbps at 2.4 GHz
✔✔802.11a supports up to - ✔✔54 Mbps at 5 GHz
✔✔802.11g supports up to - ✔✔22/54 Mbps at 2.4 GHz
✔✔802.11n supports up to - ✔✔54-600 Mbps at 5 GHz
✔✔802.11ac supports up to - ✔✔1300 Mbps at 5 GHz
✔✔802.11i - ✔✔Authentication at Layer 2, provides strong encryption, replay protection
and integrity protection - WPA2
✔✔Wireless Encryption Standards - ✔✔WEP -> WPA -> WPA2
✔✔Defense-in-Depth - ✔✔Multiple levels of protection deployed in an environment in
order to further protect all layers of the OSI Model and critical assets
✔✔Risk= - ✔✔Threats * Vulnerabilties
✔✔Threat - ✔✔Potential to do harm to a System
✔✔Vulnerability - ✔✔Ability for the threat to cause harm to a system
✔✔CIA (Confidentiality) - ✔✔Information is available only to those who need access to
it
✔✔CIA (Integrity) - ✔✔No unauthorized changes to the file
✔✔CIA (Availability) - ✔✔Data is available when you need/want it
✔✔Zero Day - ✔✔Vulnerability that is unknown
✔✔Approaches to Defense-in-Depth - ✔✔Uniform Protection
Protected Enclaves
Information Centric
Threat Vector Analysis
, ✔✔Viruses - ✔✔Not Self-Propagating, external means of transport
✔✔Worm - ✔✔Self-propagating, code that looks for systems and tries to access
✔✔Trojan - ✔✔Tries to be useful software but contains malware
✔✔Logic Bomb - ✔✔Executes when certain conditions are met
✔✔Policy - ✔✔Protects the organizations, the people, and the information
✔✔Procedure - ✔✔Detailed steps to be followed by users, system operations
personnel, or others to accomplish a specific task
✔✔Standard - ✔✔Organizational that specifies uniform use of specific technologies or
parameters
✔✔Baseline - ✔✔A more specific implementation of a standard
✔✔Guidline - ✔✔A suggestion or set of best practices
✔✔NDA - ✔✔Protects sensitive information, individuals must keep it confidential
✔✔Copyright - ✔✔Everything created has an implied copyright
✔✔Business Continuity Planning - ✔✔Is a strategic plan focusing on the availability of
critical business processes. Prepare and Mitigate
✔✔Disaster Recovery Plan - ✔✔Covers the recovery of IT systems in the event of a
disruption or disaster. Respond and Recover
✔✔Identity - ✔✔Who you claim to be
✔✔Authentication - ✔✔A process by which you prove you are who you say you are.
Something you know, have, are.
✔✔Authorization - ✔✔Determines what someone has access to or is allowed to do after
authentication
✔✔Accountability - ✔✔Deals with knowing who did what and when
✔✔Least Privilege - ✔✔Diving the least amount of access needed to do a job
