SANS SEC530 FINAL EXAM ACTUAL QUESTIONS AND
ANSWERS GUARANTEE A+
✔✔What is an effective way to defend against and detect rogue route advertisement
attacks?
A) Configure RA Guard to analyze RAs and filter out RAs that are sent by unauthorized
devices.
B) Configure all routers to send RA messages with low priority and detect RA messages
from two or more sources.
C) Configure all routers to send RA messages with medium priority and detect RA
messages from two or more sources.
D) Configure all routers to send RA messages with critical priority and detect RA
messages from one or more sources. - ✔✔A) Configure RA Guard to analyze RAs and
filter out RAs that are sent by unauthorized devices.
✔✔Which of the following is a criterion for implementing security zones?
A) Open services
B) Threats
C) Security baseline
D) Patches - ✔✔B) Threats
✔✔Which functionality can be used to force alignment of visible "from" in emails?
A) Domain-based Message Authentication, Reporting, and Compliance (DMARC)
B) DomainKeys Identified Mail (DKIM)
C) Sender Policy Framework (SPF)
D) Bayesian Filter - ✔✔A) Domain-based Message Authentication, Reporting, and
Compliance (DMARC)
✔✔Which step is commonly missed by organizations when implementing network
segmentation?
A) Segmentation must include disabling IPv6 link-local addresses.
B) Segmentation must include authentication and access control per user/device.
C) Segmentation must eliminate VLAN trunk ports.
D) Segmentation must utilize application-aware (layer 7) filtering. - ✔✔B) Segmentation
must include authentication and access control per user/device.
✔✔Why is blocking malicious IPv6 source hosts by their IPv6 address typically
ineffective?
A) The default IPv6 temporary address default lifetime for most operating systems is 7
days.
,B) The default IPv6 not-temporary address preferred lifetime for most operating systems
is 1 day.
C) The default IPv6 not-temporary address default lifetime for most operating systems is
7 days.
D) The default IPv6 temporary address preferred lifetime for most operating systems is
1 day. - ✔✔D) The default IPv6 temporary address preferred lifetime for most operating
systems is 1 day.
✔✔What functionality uses digital signatures to send an email that guarantees it
originates from the owner of a domain?
A) DNS filtering
B) Bayesian filter
C) DomainKeys Identified Mail
D) Sender Policy Framework - ✔✔C) DomainKeys Identified Mail
✔✔An organization requires SNMP monitoring of Cisco network devices; however, it
does not have SNMPv3 capability. Which of the following will prevent an attacker from
gaining SNMP access that enables them to download the Cisco IOS configuration.
A) Disabling SNMP read access
B) Changing community strings frequently
C) Disabling SNMP write access
D) Using complex community strings - ✔✔C) Disabling SNMP write access
✔✔What is the default password type supported in Cisco devices?
A) Type 8 (PBKDF2)
B) Type 5 (salted MD5)
C) Type 9 (SCRYPT)
D) Type 0 (plaintext) - ✔✔D) Type 0 (plaintext)
✔✔What is an inherent security benefit of having system services listening only on
unique local address (ULA) IPv6 addresses instead of global unicast addresses (GUA)?
A) ULA addresses are used to fully anonymize the source, thus improving privacy.
B) ULA addresses are not publicly routed, creating a layer of isolation from the Internet.
C) ULA addresses do not offer an inherent security improvement over GUA addresses.
D) ULA addresses are used to fully anonymize the destination, this improving privacy. -
✔✔B) ULA addresses are not publicly routed, creating a layer of isolation from the
Internet.
✔✔Which of the following NIST special publications brings guidelines for the secure
development of IPv6?
,A) NIST SP 800-119
B) NIST SP 800-53
C) NIST SP 800-86
D) NIST SP 800-68 - ✔✔A) NIST SP 800-119
✔✔In which scenario must IPv6 hosts use duplicate address detection (DAD) to
determine whether an address is already in use on the network?
A) When systems use DHCPv6 to obtain an address and stateless address
autoconfiguration is enabled.
B) When systems use stateless address autoconfiguration to generate an IP address
and privacy extensions are enabled.
C) When systems use DHCPv6 to obtain an address and privacy extensions are
disabled.
D) When systems use stateless address autoconfiguration to generate addresses and
privacy extensions are disabled. - ✔✔B) When systems use stateless address
autoconfiguration to generate an IP address and privacy extensions are enabled.
✔✔Which of the following solutions would work for ensuring accurate NTP synchronized
time across devices on an air-gapped network with no connectivity to untrusted
networks such as the Internet?
A) NTP time synchronization cannot be enabled for an air-gapped network.
B) Purchase and deploy stratum one time server locally.
C) Leverage the free authenticated NTP services that NIST makes available.
D) Deploy an Internet-based time server and volunteer to serve in the ntp.org pool. -
✔✔B) Purchase and deploy stratum one time server locally.
✔✔The NTP "monlist" command can be abused to facilitate which type of attack?
A) An NTP time skew attack.
B) An NTP amplification attack.
C) An NTP session hijacking attack.
D) An NTP time zone attack. - ✔✔B) An NTP amplification attack.
✔✔What does the NTP *monlist* command do? - ✔✔The NTP monlist command
requests the NTP server to respond with a list of up to 600 NTP client systems that
have recently queried the server.
✔✔Which statement is true regarding the Linux Iptables firewall?
A) A system with no configured output chain will allow all outbound traffic.
B) Iptables supports INPUT, OUTPUT, and FORWARD tables.
C) Iptables supports FILTER, MANGLE, and NAT chains.
, D) A system with no configured output chain will block all outbound traffic. - ✔✔A) A
system with no configured output chain will allow all outbound traffic.
✔✔What is the name of the DNS TXT record that helps validate email to verify whether
it is sent from an authorized source based on authorized IP addresses?
A) DomainKeys Identified Mail
B) Mailer Exchange
C) Sender Policy Framework
D) Host Info - ✔✔C) Sender Policy Framework
✔✔Which of the following network device configuration auditing tools is free, currently
maintained, and available for use by any organization?
A) Nipper Studio
B) CISecurity's CIS-CAT Pro
C) CISecurity's Router Audit Tool
D) Nipper-ng - ✔✔D) Nipper-ng
✔✔Which of the following best practices is applicable to all versions of SNMP?
A) Use easy to remember community strings.
B) Use encryption.
C) Disable single DES encryption.
D) Disable SNMP write access if possible. - ✔✔D) Disable SNMP write access if
possible.
✔✔Which of the following must be in place to allow an unauthenticated attacker to
perform admin password reset on a Cisco switch?
A) Trunk port access and the ability to cause the device to crash or restart.
B) Console port access and the ability to cause the device to crash or restart.
C) Unauthenticated attacker has no ability to perform admin password reset.
D) Parallel port access and the knowledge of the default password reset PIN. - ✔✔B)
Console port access and the ability to cause the device to crash or restart.
✔✔Which address is critical for performing IPv6 scanning?
A) IPv6 loopback
B) IPv6 multicast address
C) IPv6 global unicast
D) IPv6 link-local - ✔✔B) IPv6 multicast address
ANSWERS GUARANTEE A+
✔✔What is an effective way to defend against and detect rogue route advertisement
attacks?
A) Configure RA Guard to analyze RAs and filter out RAs that are sent by unauthorized
devices.
B) Configure all routers to send RA messages with low priority and detect RA messages
from two or more sources.
C) Configure all routers to send RA messages with medium priority and detect RA
messages from two or more sources.
D) Configure all routers to send RA messages with critical priority and detect RA
messages from one or more sources. - ✔✔A) Configure RA Guard to analyze RAs and
filter out RAs that are sent by unauthorized devices.
✔✔Which of the following is a criterion for implementing security zones?
A) Open services
B) Threats
C) Security baseline
D) Patches - ✔✔B) Threats
✔✔Which functionality can be used to force alignment of visible "from" in emails?
A) Domain-based Message Authentication, Reporting, and Compliance (DMARC)
B) DomainKeys Identified Mail (DKIM)
C) Sender Policy Framework (SPF)
D) Bayesian Filter - ✔✔A) Domain-based Message Authentication, Reporting, and
Compliance (DMARC)
✔✔Which step is commonly missed by organizations when implementing network
segmentation?
A) Segmentation must include disabling IPv6 link-local addresses.
B) Segmentation must include authentication and access control per user/device.
C) Segmentation must eliminate VLAN trunk ports.
D) Segmentation must utilize application-aware (layer 7) filtering. - ✔✔B) Segmentation
must include authentication and access control per user/device.
✔✔Why is blocking malicious IPv6 source hosts by their IPv6 address typically
ineffective?
A) The default IPv6 temporary address default lifetime for most operating systems is 7
days.
,B) The default IPv6 not-temporary address preferred lifetime for most operating systems
is 1 day.
C) The default IPv6 not-temporary address default lifetime for most operating systems is
7 days.
D) The default IPv6 temporary address preferred lifetime for most operating systems is
1 day. - ✔✔D) The default IPv6 temporary address preferred lifetime for most operating
systems is 1 day.
✔✔What functionality uses digital signatures to send an email that guarantees it
originates from the owner of a domain?
A) DNS filtering
B) Bayesian filter
C) DomainKeys Identified Mail
D) Sender Policy Framework - ✔✔C) DomainKeys Identified Mail
✔✔An organization requires SNMP monitoring of Cisco network devices; however, it
does not have SNMPv3 capability. Which of the following will prevent an attacker from
gaining SNMP access that enables them to download the Cisco IOS configuration.
A) Disabling SNMP read access
B) Changing community strings frequently
C) Disabling SNMP write access
D) Using complex community strings - ✔✔C) Disabling SNMP write access
✔✔What is the default password type supported in Cisco devices?
A) Type 8 (PBKDF2)
B) Type 5 (salted MD5)
C) Type 9 (SCRYPT)
D) Type 0 (plaintext) - ✔✔D) Type 0 (plaintext)
✔✔What is an inherent security benefit of having system services listening only on
unique local address (ULA) IPv6 addresses instead of global unicast addresses (GUA)?
A) ULA addresses are used to fully anonymize the source, thus improving privacy.
B) ULA addresses are not publicly routed, creating a layer of isolation from the Internet.
C) ULA addresses do not offer an inherent security improvement over GUA addresses.
D) ULA addresses are used to fully anonymize the destination, this improving privacy. -
✔✔B) ULA addresses are not publicly routed, creating a layer of isolation from the
Internet.
✔✔Which of the following NIST special publications brings guidelines for the secure
development of IPv6?
,A) NIST SP 800-119
B) NIST SP 800-53
C) NIST SP 800-86
D) NIST SP 800-68 - ✔✔A) NIST SP 800-119
✔✔In which scenario must IPv6 hosts use duplicate address detection (DAD) to
determine whether an address is already in use on the network?
A) When systems use DHCPv6 to obtain an address and stateless address
autoconfiguration is enabled.
B) When systems use stateless address autoconfiguration to generate an IP address
and privacy extensions are enabled.
C) When systems use DHCPv6 to obtain an address and privacy extensions are
disabled.
D) When systems use stateless address autoconfiguration to generate addresses and
privacy extensions are disabled. - ✔✔B) When systems use stateless address
autoconfiguration to generate an IP address and privacy extensions are enabled.
✔✔Which of the following solutions would work for ensuring accurate NTP synchronized
time across devices on an air-gapped network with no connectivity to untrusted
networks such as the Internet?
A) NTP time synchronization cannot be enabled for an air-gapped network.
B) Purchase and deploy stratum one time server locally.
C) Leverage the free authenticated NTP services that NIST makes available.
D) Deploy an Internet-based time server and volunteer to serve in the ntp.org pool. -
✔✔B) Purchase and deploy stratum one time server locally.
✔✔The NTP "monlist" command can be abused to facilitate which type of attack?
A) An NTP time skew attack.
B) An NTP amplification attack.
C) An NTP session hijacking attack.
D) An NTP time zone attack. - ✔✔B) An NTP amplification attack.
✔✔What does the NTP *monlist* command do? - ✔✔The NTP monlist command
requests the NTP server to respond with a list of up to 600 NTP client systems that
have recently queried the server.
✔✔Which statement is true regarding the Linux Iptables firewall?
A) A system with no configured output chain will allow all outbound traffic.
B) Iptables supports INPUT, OUTPUT, and FORWARD tables.
C) Iptables supports FILTER, MANGLE, and NAT chains.
, D) A system with no configured output chain will block all outbound traffic. - ✔✔A) A
system with no configured output chain will allow all outbound traffic.
✔✔What is the name of the DNS TXT record that helps validate email to verify whether
it is sent from an authorized source based on authorized IP addresses?
A) DomainKeys Identified Mail
B) Mailer Exchange
C) Sender Policy Framework
D) Host Info - ✔✔C) Sender Policy Framework
✔✔Which of the following network device configuration auditing tools is free, currently
maintained, and available for use by any organization?
A) Nipper Studio
B) CISecurity's CIS-CAT Pro
C) CISecurity's Router Audit Tool
D) Nipper-ng - ✔✔D) Nipper-ng
✔✔Which of the following best practices is applicable to all versions of SNMP?
A) Use easy to remember community strings.
B) Use encryption.
C) Disable single DES encryption.
D) Disable SNMP write access if possible. - ✔✔D) Disable SNMP write access if
possible.
✔✔Which of the following must be in place to allow an unauthenticated attacker to
perform admin password reset on a Cisco switch?
A) Trunk port access and the ability to cause the device to crash or restart.
B) Console port access and the ability to cause the device to crash or restart.
C) Unauthenticated attacker has no ability to perform admin password reset.
D) Parallel port access and the knowledge of the default password reset PIN. - ✔✔B)
Console port access and the ability to cause the device to crash or restart.
✔✔Which address is critical for performing IPv6 scanning?
A) IPv6 loopback
B) IPv6 multicast address
C) IPv6 global unicast
D) IPv6 link-local - ✔✔B) IPv6 multicast address
