1|Page
SANS 401 ACTUAL EXAM NEWEST 2025
COMPLETE 200 QUESTIONS AND CORRECT
DETAILED ANSWERS (VERIFIED ANSWERS)
|ALREADY GRADED A+||BRAND NEW
VERSION!!
What tcpdump flag displays hex, ASCII, and the
Ethernet header? - .....ANSWER ...✔✔ -XX
What tcpdump flag allows us to turn off hostname and
port resolution? - .....ANSWER ...✔✔ -nn
What TCP flag is the only one set when initiating a
connection? - .....ANSWER ...✔✔ SYN
Which tool from the aircrack-ng suite captures wireless
frames? - .....ANSWER ...✔✔ airodump-ng
To crack WPA, you must capture a valid WPA
handshake? - .....ANSWER ...✔✔ True
,2|Page
What is the keyspace associated with WEP IVs? -
.....ANSWER ...✔✔ 2^
What user account is part of Windows Resource
Protection? - .....ANSWER ...✔✔ TrustedInstaller
What is the file system location where DLL files are
stored? - .....ANSWER ...✔✔ System32
What command is used to launch the graphical
PowerShell ISE editor? - .....ANSWER ...✔✔
powershell_ise.exe
What keyboard do we look for in secedit.exe log files
to find mismatches? - .....ANSWER ...✔✔ Mismatch
What command is used to open a text file in the
PowerShell ISE editor? - .....ANSWER ...✔✔ ise
What PowerShell commands show processes and
services - .....ANSWER ...✔✔ Get-Process and Get-
Service
,3|Page
What PowerShell command can export objects to a CSV
text file? - .....ANSWER ...✔✔ Export-Csv
What PowerShell command strips away properties we
don't care about? - .....ANSWER ...✔✔ Select-Object
What is the file used by John the Ripper to store
cracked passwords? - .....ANSWER ...✔✔ john.pot
What password cracking method uses GECOS
information? - .....ANSWER ...✔✔ Single
True or False: John the Ripper can crack any password
within 2 days? - .....ANSWER ...✔✔ False
What Cisco password type were we easily able to
decode with Cain? - .....ANSWER ...✔✔ Type-7
What is the name of the password database on
Windows? - .....ANSWER ...✔✔ SAM Database
What Windows hash type did we crack with Cain and
Abel? - .....ANSWER ...✔✔ NT or NTLM
, 4|Page
What Nmap option enables you to write results in XML
format? - .....ANSWER ...✔✔ -oX
Which Nmap scan type performs a Stealth Scan? -
.....ANSWER ...✔✔ -sS
In what language are NSE scripts written? - .....ANSWER
...✔✔ Lua
What is the name of the tool we used to display text
from the program? - .....ANSWER ...✔✔ strings
What message did we get during the buffer overflow? -
.....ANSWER ...✔✔ Segmentation fault
What do we prepend to a program to ensure it runs
from the current folder? - .....ANSWER ...✔✔ ./
What is the name of the function enabling this command
injection bug? - .....ANSWER ...✔✔ system
SANS 401 ACTUAL EXAM NEWEST 2025
COMPLETE 200 QUESTIONS AND CORRECT
DETAILED ANSWERS (VERIFIED ANSWERS)
|ALREADY GRADED A+||BRAND NEW
VERSION!!
What tcpdump flag displays hex, ASCII, and the
Ethernet header? - .....ANSWER ...✔✔ -XX
What tcpdump flag allows us to turn off hostname and
port resolution? - .....ANSWER ...✔✔ -nn
What TCP flag is the only one set when initiating a
connection? - .....ANSWER ...✔✔ SYN
Which tool from the aircrack-ng suite captures wireless
frames? - .....ANSWER ...✔✔ airodump-ng
To crack WPA, you must capture a valid WPA
handshake? - .....ANSWER ...✔✔ True
,2|Page
What is the keyspace associated with WEP IVs? -
.....ANSWER ...✔✔ 2^
What user account is part of Windows Resource
Protection? - .....ANSWER ...✔✔ TrustedInstaller
What is the file system location where DLL files are
stored? - .....ANSWER ...✔✔ System32
What command is used to launch the graphical
PowerShell ISE editor? - .....ANSWER ...✔✔
powershell_ise.exe
What keyboard do we look for in secedit.exe log files
to find mismatches? - .....ANSWER ...✔✔ Mismatch
What command is used to open a text file in the
PowerShell ISE editor? - .....ANSWER ...✔✔ ise
What PowerShell commands show processes and
services - .....ANSWER ...✔✔ Get-Process and Get-
Service
,3|Page
What PowerShell command can export objects to a CSV
text file? - .....ANSWER ...✔✔ Export-Csv
What PowerShell command strips away properties we
don't care about? - .....ANSWER ...✔✔ Select-Object
What is the file used by John the Ripper to store
cracked passwords? - .....ANSWER ...✔✔ john.pot
What password cracking method uses GECOS
information? - .....ANSWER ...✔✔ Single
True or False: John the Ripper can crack any password
within 2 days? - .....ANSWER ...✔✔ False
What Cisco password type were we easily able to
decode with Cain? - .....ANSWER ...✔✔ Type-7
What is the name of the password database on
Windows? - .....ANSWER ...✔✔ SAM Database
What Windows hash type did we crack with Cain and
Abel? - .....ANSWER ...✔✔ NT or NTLM
, 4|Page
What Nmap option enables you to write results in XML
format? - .....ANSWER ...✔✔ -oX
Which Nmap scan type performs a Stealth Scan? -
.....ANSWER ...✔✔ -sS
In what language are NSE scripts written? - .....ANSWER
...✔✔ Lua
What is the name of the tool we used to display text
from the program? - .....ANSWER ...✔✔ strings
What message did we get during the buffer overflow? -
.....ANSWER ...✔✔ Segmentation fault
What do we prepend to a program to ensure it runs
from the current folder? - .....ANSWER ...✔✔ ./
What is the name of the function enabling this command
injection bug? - .....ANSWER ...✔✔ system
