SANS - SEC530 Exam Questions and
100% Verified Answers |2026/ 2027
Updated |A+ Graded| Brand New
Version!!!
What is the name of the routine process in which database information is identified? - CORRECT
ANSWER -Content Discovery
What is the name for the process of obscuring database information? - CORRECT ANSWER -Data
Masking
What is a DAM? What is a DBF? - CORRECT ANSWER -Database Activity Monitoring
and
Database Firewall
What are some of the benefits of database firewalls? - CORRECT ANSWER -1) Can be deployed
locally with minimal performance impact.
2) Acts as a reverse proxy in front of the database.
3) Allows for passive monitoring.
,What is user context awareness, in terms of database firewalls? - CORRECT ANSWER -User
context awareness is a database firewall feature that checks individual user permissions when a
query is made.
What is application awareness, in terms of database firewalls? - CORRECT ANSWER -Application
awareness is a database firewall feature that checks which applications are being used when a
query is made.
What are database *record* *limits*? - CORRECT ANSWER -Record limits are thresholds for
database requests. If a request to the database exceeds a threshold, then an alert is generated
and a limiting action may occur.
Examples include: Limit by session, limit by aggregate sessions within a time frame, or even limit
by all sources per time frame.
T/F:
The following Windows rule would deny access to C:\test\subfolder
DENY user1 on C:\test - CORRECT ANSWER -False.
This access would be allowed, because *explicit* Windows permissions take precedence over
*inherited* permissions.
What is the Windows group policy path for special object rights? - CORRECT ANSWER -
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights
,When enabled in Windows, what does Audit Object Access record? - CORRECT ANSWER -1)
Actions to files
2) Actions to folders
3) Printer access
4) AD object changes
...and more.
What is Windows *VSS* and whats does it do? - CORRECT ANSWER -Volume Shadow Copy
Service is background copying service that records changes on disk, in case a rollback is needed.
Which Windows file does ransomware usually seek to remove? - CORRECT ANSWER -
vssadmin.exe
This is the Volume Shadow Copy Service file, which could be used to restore encrypted files.
What is the numerical value for *read* premission in Linux environments? - CORRECT ANSWER -
4
What is the numerical value for *write* permission in Linux environments? - CORRECT ANSWER
-2
, What is the numerical value for *execute* permission in Linux environments? - CORRECT
ANSWER -1
What is the numerical value for *read* plus *write* permission in Linux environments? -
CORRECT ANSWER -6
What is the numerical value for *read* plus *write* plus *execute* permission in Linux
environments? - CORRECT ANSWER -7
What does the following Linux file permission mean?
*741* - CORRECT ANSWER -Owner has *r/w/x* (read/write/execute)
Group has *r* (read)
Everyone has *x* (execute)
What security consideration must be made with *SUID* file permission or *SGID* file
permission in Linux environments? - CORRECT ANSWER -SUID executes a file has the file owner.
SGID executes a file has the file group owner.
What does the *sticky* *bit* do for Linux files? - CORRECT ANSWER -The sticky bit prevents files
from being removed by anyone other than the root or the file owner.
100% Verified Answers |2026/ 2027
Updated |A+ Graded| Brand New
Version!!!
What is the name of the routine process in which database information is identified? - CORRECT
ANSWER -Content Discovery
What is the name for the process of obscuring database information? - CORRECT ANSWER -Data
Masking
What is a DAM? What is a DBF? - CORRECT ANSWER -Database Activity Monitoring
and
Database Firewall
What are some of the benefits of database firewalls? - CORRECT ANSWER -1) Can be deployed
locally with minimal performance impact.
2) Acts as a reverse proxy in front of the database.
3) Allows for passive monitoring.
,What is user context awareness, in terms of database firewalls? - CORRECT ANSWER -User
context awareness is a database firewall feature that checks individual user permissions when a
query is made.
What is application awareness, in terms of database firewalls? - CORRECT ANSWER -Application
awareness is a database firewall feature that checks which applications are being used when a
query is made.
What are database *record* *limits*? - CORRECT ANSWER -Record limits are thresholds for
database requests. If a request to the database exceeds a threshold, then an alert is generated
and a limiting action may occur.
Examples include: Limit by session, limit by aggregate sessions within a time frame, or even limit
by all sources per time frame.
T/F:
The following Windows rule would deny access to C:\test\subfolder
DENY user1 on C:\test - CORRECT ANSWER -False.
This access would be allowed, because *explicit* Windows permissions take precedence over
*inherited* permissions.
What is the Windows group policy path for special object rights? - CORRECT ANSWER -
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights
,When enabled in Windows, what does Audit Object Access record? - CORRECT ANSWER -1)
Actions to files
2) Actions to folders
3) Printer access
4) AD object changes
...and more.
What is Windows *VSS* and whats does it do? - CORRECT ANSWER -Volume Shadow Copy
Service is background copying service that records changes on disk, in case a rollback is needed.
Which Windows file does ransomware usually seek to remove? - CORRECT ANSWER -
vssadmin.exe
This is the Volume Shadow Copy Service file, which could be used to restore encrypted files.
What is the numerical value for *read* premission in Linux environments? - CORRECT ANSWER -
4
What is the numerical value for *write* permission in Linux environments? - CORRECT ANSWER
-2
, What is the numerical value for *execute* permission in Linux environments? - CORRECT
ANSWER -1
What is the numerical value for *read* plus *write* permission in Linux environments? -
CORRECT ANSWER -6
What is the numerical value for *read* plus *write* plus *execute* permission in Linux
environments? - CORRECT ANSWER -7
What does the following Linux file permission mean?
*741* - CORRECT ANSWER -Owner has *r/w/x* (read/write/execute)
Group has *r* (read)
Everyone has *x* (execute)
What security consideration must be made with *SUID* file permission or *SGID* file
permission in Linux environments? - CORRECT ANSWER -SUID executes a file has the file owner.
SGID executes a file has the file group owner.
What does the *sticky* *bit* do for Linux files? - CORRECT ANSWER -The sticky bit prevents files
from being removed by anyone other than the root or the file owner.
