100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
SANS 401 Practice Exam questions and answers SANS 401 Practice Exam questions and answers SANS 401 Practice Exam questions and answers $17.99   Add to cart

Exam (elaborations)

SANS 401 Practice Exam questions and answers SANS 401 Practice Exam questions and answers SANS 401 Practice Exam questions and answers

 24 views  0 purchase
  • Course
  • GFACT Certification
  • Institution
  • GFACT Certification

SANS 401 Practice Exam questions and answers SANS 401 Practice Exam questions and answers SANS 401 Practice Exam questions and answers SANS 401 Practice Exam questions and answers

Preview 4 out of 75  pages

  • August 8, 2024
  • 75
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • sans 401 practice exam
  • GFACT Certification
  • GFACT Certification
avatar-seller
Davieacademia
SANS 401 Practice Exam questions and
answers

1. In which directory can executable programs that are part of the
operating system be found?

(/) (/var) (/lib) (/dev) (/usr/bin) (/home)

INCORRECT ON PT: /usr/bin

2. The Windows Firewall (WF) provides a popup when a new service
attempts to listen on your machine. Which of the following should you
train users to select from a security perspective if they are unsure of
which option to select?

(Keep Blocking) (Increase Security Level) (Safe Mode) (Send Request to
Administrator): Keep Blocking

( Explanation )
The three available options for Windows Firewall are Keep Blocking,
Unblock and Ask Me Later. Keep Block does not allow the program to
acquire a listening port. You should train your users to choose this option
when there is any doubt as to what they should do. There are no Safe
Mode or Send Request to Admin options.
3. Which Threat will be reduced when avoiding system calls from
within a web app?: OS command injection

( Explanation )




,The primary way to avoid OS command injection attacks is to avoid
system calls from your web application, especially when the system call is
built based on user input. In most cases, you should be able to find a
function or library within your programming language that can perform
the same action.
4. How often by default does Windows Group Policy check for
updated policies?

(Once a day) (Within 30 minutes of an applied policy change) (Every
quarter hour) (Every 90-120 minutes)

INCORRECT ON PT: Every 90-120 minutes

( Explanation )
When a computer boots up, it downloads the GPO's assigned to it and
executes them automatically. Every 90-120 minutes thereafter, the
computer checks that none of the GPO's assigned to it have changed, if
any have, those are downloaded and run automatically even if the
computer has not rebooted. 0-30minutes, 30-60 minutes and 120-180
minutes are durations a group policy could possibly be modified to use,
the standard duration used by Group Policy is 90-120 minutes.

5. Which of the following best describes Defense-in-Depth?

Layered controls - Separation of duties - Hardened perimeter security -
Risk management: Layered controls

( Explanation )
Defense-in-depth is best characterized by layered defenses. The idea is
that any layer of defense may eventually fail, but a Layered Defense
offers better protection. Risk management, separation of duties, and



,hardened perimeters are part of a layered defense but do not describe the
full concept of DiD.
6. Which of the following is considered a recommended practice but not
a business requirement?

Guideline - Standard - Baseline - Procedure

INCORRECT ON PT: Guideline

( Explanation )
Guidelines, unlike standards and policies, are not mandatory. Guidelines
are more of a recommendation of how something should be done.
7. Which of the following is a characteristic of Quality Updates for
Windows?

Are released less frequently than Feature Updates - Support deferring
installation on Home edition devices - Include bug fixes and security
patches - Increment the version of Windows: Include bug fixes and
security patches

( Explanation )
Quality Updates are smaller improvements to already existing software
on Windows systems, and include bug fixes and security fixes. They are
released about every 30 days, whereas Feature Updates are released a
couple of times a year and increment the Windows version. Installation of
Quality Updates may be deferred for up to 30 days, except on Home
edition devices.
8. When does applying an encryption algorithm multiple times provide
additional security?

When the algorithm is a group - When the algorithm is not a group - The
algorithm uses xor - The algorithm is weak


, INCORRECT ON PT: When the algorithm is not a group

( Explanation )
Whether an algorithm is a group is an important statistical consideration.
If it is a group, then applying the algorithm multiple times is a waste of
time. In 1992, it was proven that DES is not a group, in fact, so encrypting
multiple times with DES is not equivalent to encrypting once.
9. How is a TCP/IP Packet generated as it moves down through the
TCP/IP stack?

(Network Layer -> Transport Layer -> Internet Layer -> Application
Layer ) (Network Layer -> Internet Layer -> Transport Layer ->
Application Layer) (Application Layer -> Transport Layer -> Internet
Layer -> Network Layer) (Application Layer -> Internet Layer ->
Transport Layer -> Network Layer): Application Layer -> Transport
Layer -> Internet Layer -> Network Layer

( Explanation )
As a packet is generated the packet goes from the Application Layer to the
Transport Layer to the Internet Layer and finally to the Network Layer.
10. Which type of event classification is missed by a NIDS and has the
most potential to be a serious event?

True positive - False positive - True negative - False negative: False
negative ( Explanation )
• False negative: A false negative event is when the IDS identifies data as
benign when, in fact, it is malicious. A false negative does not generate
an alert for the analyst and therefore these can be dangerous because the
analyst cannot take action.• True negative: A true negative event is what
we want the IDS to see, the cases where data does not indicate any
malicious activity, and the data is correct. In the case of a true negative,

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Davieacademia. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $17.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67866 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$17.99
  • (0)
  Add to cart