SANS SEC 275 EXAM QUESTIONS AND
ANSWERS 100% PASS
/ qn - ANS Don't launch with a graphical user interface.
/i - ANS Don't try to run as administrator, run as a normal user instead (this won't matter
because of AlwaysInstallElevated).
/quiet - ANS Don't show the user any messages.
1024?! - ANS 1 kilobyte = 1024 bytes. IEC introduced KiB instead: 1 byte is 8 bits. 1 kibibyte
(KiB) is 1024 bytes. 1 mebibyte (MiB) is 1024 kibibytes. 1 gibibyte (GiB) is 1024 mebibytes. 1
tebibyte (TiB) is 1024 gibibytes.
Active Directory - ANS A system that allows the server to communicate with Windows
desktops, allowing the administrator to easily configure all the connected desktops from one
location, amongst other uses which we will cover in future modules. Active Directory allows
administrators to configure settings on Windows desktops that are connected to a Windows
server.
Adding a new user - ANS Adding a new user is as simple as running: net user /add
<username> <password> This command will create a new user and set the password to what
you specified. You can do so much more when creating users this way, such as configuring
account expiry and setting times where the account can log on.
Add-ins - ANS Microsoft Word allows for third parties to write 'add-ins', which extend the
functionality of Microsoft Word.
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,Advanced Memory Forensics with Volatility - ANS Volatility is one of the most widely used
memory forensics tools. Useful Volatility commands: imageinfo - vol.py or volatility -f
memdump.mem imageinfo
Aliases - ANS PowerShell comes with several aliases set up for common cmdlets. cat, cd, dir,
ls, rm
Alternate Number Bases - ANS We are very used to counting in base 10, but other number
bases like base 16 (hex) or base 2 (binary) are incredibly useful in computing.
Alternative Search Engines - ANS No two search engines are the same. Alternative Search
Engines - Google, Bing, Yahoo, DuckDuckGo, archive.org
AlwaysInstall Elevated - ANS Some administrators will configure this so that users can install
software on their computers without administrator approval.
Analytics - ANS Collecting stats and analysing interactions on a web server.
Anti Forensics - ANS Cyber criminals improve and modify their operational security (OpSec) in
order to avoid being caught. NotPetya is part of the Petya family of encrypting ransomware that
targets Microsoft Windows based systems.
APFS - ANS The Apple File System supports permissions and encryption, and duplicate files
can be stored without using additional space, with changes to one copy of a file being saved as a
delta (the difference between the old file and the new file) to lower space requirements.
Application Layer - ANS An example of an application layer protocol is something like HTTP or
FTP. HTTP GET request is an application layer protocol because the web browser will form the
request necessary for displaying a page or submitting a form.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,apropos - ANS The 'apropos' tool is used to search man pages for keywords, usually to find
the 'appropriate' tool to use in a particular situation. The 'apropos' command is used to find the
'appropriate' tool for a particular job.
apt-get - ANS The apt command is incredibly useful to rapidly find, install, or remove
software. The way 'apt' works is by having a list of 'sources'; these are servers which contain
information about available packages, download links and version information. 'apt update' only
updates the list of available packages.
Arguments - ANS The 'argc' variable is an integer which contains the number of arguments
passed to the program when it was executed. The 'argv' array contains the data passed in.
Arithmetic Logic Unit (ALU) - ANS The Arithmetic Logic Unit is the part of the CPU responsible
for performing arithmetic and logical operations.
ARP - ANS The Address Resolution Protocol translates IP addresses to MAC addresses for
transmission purposes. ARP is only for the local network.
ARP Cache - ANS ARP (address resolution protocol) is a protocol used on local networks to
map IP addresses to MAC addresses. When a computer receives an ARP response, it saves it
into the ARP cache.
ARP Spoofing / Poisoning - ANS The flaw in the ARP protocol comes because, if an ARP
response is sent to a computer, it will store that value in its ARP cache even if it didn't make an
ARP request asking for a response.
Arrays - ANS In C, you have to specify the type of the array when you create it, and it can only
ever hold that type of data. You can't mix and match within the same array.
AS - ANS The AS keyword is used to assign an alias to a table or field.They are used to make
long SQL statements more readable, more descriptive or set the table headings for a query to
make the results more descriptive.
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, ASCII - ANS American Standard Code for Information Interchange. A table that maps binary to
characters. Originally 7 bits wide for up 127 characters. Now is 8 bits wide and up to 255
characters.
ASLR - ANS Address Space Layout Randomisation is a protection that involves randomising
the memory addresses that a program gets loaded into on each run.
Assertions - ANS The assert function will cause the program to crash with the error message
we provided if a condition is not met.
Asymmetric cryptography - ANS Asymmetric cryptography, you have two keys, a public and a
private. You can lock the message with whichever one you would like, but you must unlock it
with the opposite key.
Asymmetric Encryption - ANS Asymmetric encryption: every party generates two encryption
keys: one is private and one is public. The public encryption key is the one you send to whoever
needs to communicate with you securely. The private encryption key should remain private only
to you.
Audio Steganography - ANS Audio steganography is a technique used to embed secret
messages into digital audio. There are various methods of audio steganography, such as LSB and
Echo Hiding.
Authoritative Name Servers - ANS A name server that is authoritative for a domain is one
that controls the mapping between the domain name and the IP address. It has the final say on
where the domain points.
Authoritative nameserver - ANS The authoritative nameserver will retrieve the specific IP
address of the origin server for the provided web domain name, which the resolver will pass
back to the client.
Automatically Decoding Encoding - ANS The purpose of encoding is to enable us to fit data
that we need to store or transmit within a set of constraints that are suitable to the storage or
transmission medium. Encoding is often used with encryption to make the results transmissible.
4 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
ANSWERS 100% PASS
/ qn - ANS Don't launch with a graphical user interface.
/i - ANS Don't try to run as administrator, run as a normal user instead (this won't matter
because of AlwaysInstallElevated).
/quiet - ANS Don't show the user any messages.
1024?! - ANS 1 kilobyte = 1024 bytes. IEC introduced KiB instead: 1 byte is 8 bits. 1 kibibyte
(KiB) is 1024 bytes. 1 mebibyte (MiB) is 1024 kibibytes. 1 gibibyte (GiB) is 1024 mebibytes. 1
tebibyte (TiB) is 1024 gibibytes.
Active Directory - ANS A system that allows the server to communicate with Windows
desktops, allowing the administrator to easily configure all the connected desktops from one
location, amongst other uses which we will cover in future modules. Active Directory allows
administrators to configure settings on Windows desktops that are connected to a Windows
server.
Adding a new user - ANS Adding a new user is as simple as running: net user /add
<username> <password> This command will create a new user and set the password to what
you specified. You can do so much more when creating users this way, such as configuring
account expiry and setting times where the account can log on.
Add-ins - ANS Microsoft Word allows for third parties to write 'add-ins', which extend the
functionality of Microsoft Word.
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,Advanced Memory Forensics with Volatility - ANS Volatility is one of the most widely used
memory forensics tools. Useful Volatility commands: imageinfo - vol.py or volatility -f
memdump.mem imageinfo
Aliases - ANS PowerShell comes with several aliases set up for common cmdlets. cat, cd, dir,
ls, rm
Alternate Number Bases - ANS We are very used to counting in base 10, but other number
bases like base 16 (hex) or base 2 (binary) are incredibly useful in computing.
Alternative Search Engines - ANS No two search engines are the same. Alternative Search
Engines - Google, Bing, Yahoo, DuckDuckGo, archive.org
AlwaysInstall Elevated - ANS Some administrators will configure this so that users can install
software on their computers without administrator approval.
Analytics - ANS Collecting stats and analysing interactions on a web server.
Anti Forensics - ANS Cyber criminals improve and modify their operational security (OpSec) in
order to avoid being caught. NotPetya is part of the Petya family of encrypting ransomware that
targets Microsoft Windows based systems.
APFS - ANS The Apple File System supports permissions and encryption, and duplicate files
can be stored without using additional space, with changes to one copy of a file being saved as a
delta (the difference between the old file and the new file) to lower space requirements.
Application Layer - ANS An example of an application layer protocol is something like HTTP or
FTP. HTTP GET request is an application layer protocol because the web browser will form the
request necessary for displaying a page or submitting a form.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,apropos - ANS The 'apropos' tool is used to search man pages for keywords, usually to find
the 'appropriate' tool to use in a particular situation. The 'apropos' command is used to find the
'appropriate' tool for a particular job.
apt-get - ANS The apt command is incredibly useful to rapidly find, install, or remove
software. The way 'apt' works is by having a list of 'sources'; these are servers which contain
information about available packages, download links and version information. 'apt update' only
updates the list of available packages.
Arguments - ANS The 'argc' variable is an integer which contains the number of arguments
passed to the program when it was executed. The 'argv' array contains the data passed in.
Arithmetic Logic Unit (ALU) - ANS The Arithmetic Logic Unit is the part of the CPU responsible
for performing arithmetic and logical operations.
ARP - ANS The Address Resolution Protocol translates IP addresses to MAC addresses for
transmission purposes. ARP is only for the local network.
ARP Cache - ANS ARP (address resolution protocol) is a protocol used on local networks to
map IP addresses to MAC addresses. When a computer receives an ARP response, it saves it
into the ARP cache.
ARP Spoofing / Poisoning - ANS The flaw in the ARP protocol comes because, if an ARP
response is sent to a computer, it will store that value in its ARP cache even if it didn't make an
ARP request asking for a response.
Arrays - ANS In C, you have to specify the type of the array when you create it, and it can only
ever hold that type of data. You can't mix and match within the same array.
AS - ANS The AS keyword is used to assign an alias to a table or field.They are used to make
long SQL statements more readable, more descriptive or set the table headings for a query to
make the results more descriptive.
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, ASCII - ANS American Standard Code for Information Interchange. A table that maps binary to
characters. Originally 7 bits wide for up 127 characters. Now is 8 bits wide and up to 255
characters.
ASLR - ANS Address Space Layout Randomisation is a protection that involves randomising
the memory addresses that a program gets loaded into on each run.
Assertions - ANS The assert function will cause the program to crash with the error message
we provided if a condition is not met.
Asymmetric cryptography - ANS Asymmetric cryptography, you have two keys, a public and a
private. You can lock the message with whichever one you would like, but you must unlock it
with the opposite key.
Asymmetric Encryption - ANS Asymmetric encryption: every party generates two encryption
keys: one is private and one is public. The public encryption key is the one you send to whoever
needs to communicate with you securely. The private encryption key should remain private only
to you.
Audio Steganography - ANS Audio steganography is a technique used to embed secret
messages into digital audio. There are various methods of audio steganography, such as LSB and
Echo Hiding.
Authoritative Name Servers - ANS A name server that is authoritative for a domain is one
that controls the mapping between the domain name and the IP address. It has the final say on
where the domain points.
Authoritative nameserver - ANS The authoritative nameserver will retrieve the specific IP
address of the origin server for the provided web domain name, which the resolver will pass
back to the client.
Automatically Decoding Encoding - ANS The purpose of encoding is to enable us to fit data
that we need to store or transmit within a set of constraints that are suitable to the storage or
transmission medium. Encoding is often used with encryption to make the results transmissible.
4 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
