1|Page
SANS 401 GSEC Exam| comprehensive
Q&A for certification success 2026
Separation of Duties - correct-answer -Break critical tasks across multiple people
to limit exposure points
Rotation of Duties - correct-answer -Change jobs on a regular basis
Single Sign-On - correct-answer -Log on once and the credentials are carried with
the user to simplify user management
Password Hash Strength determined by - correct-answer -Quality of Algorithm,
Key Length, CPU Cycles, Character set support, Password Length
Salt - correct-answer -Bytes or numbers added to hash to further create more
possible passwords
,2|Page
Incident - correct-answer -An adverse event in an information system and/or
network, or threat of the occurrence of such event
Event - correct-answer -Any observable occurrence in a system and/or network
Incident Handling Steps (6) - correct-answer -Preparation
Identification
Containment
Eradication
Recovery
Lesson's Learned
Chain of Custody - correct-answer -Document evidence items and its custody,
transfer, and disposition
Real Evidence - correct-answer -Is the tangible items. Seized Computer, USB,
Printout, etc.
,3|Page
Direct Evidence - correct-answer -What the handler actually saw, not what the
handler surmised
Command Injection - correct-answer -Attacker sends OS commands as form or
other input and adds additional code for malicious cause
Buffer Overflows - correct-answer -Program allocate a certain amount of buffer
space to perform operations
SQL Injection - correct-answer -Inserting SQL into a field which is executed on the
backend of the database. Poor input validation
Cross-Site Scripting - correct-answer -Allowing JavaScript to be entered into entry
field and executing to steal cookies and session data
Return on Investment (ROI | ROSI) - correct-answer -The financial benefit or
return received from a given amount of money or capital invest into product
, 4|Page
Social Engineering - correct-answer -Attempts to manipulate or trick a person into
providing information or access
Network Mapping (hping) - correct-answer -Enables port scanning and spoofing
simultaneously by crafting packets and analyzing the return. Test firewall rules,
remote OS fingerprinting, audit TCP/IP stacks
Port Scanning (nmap) - correct-answer -Network mapper that can give
information about a network/device in order to understand open ports, services,
etc.
Kismet - correct-answer -Linux WLAN analysis tool which is completely passive
and won't be detected with use
SSL/TLS - correct-answer -Protocol for encrypting network traffic which operates
on port 443
Secure Coding Essentials - correct-answer -Validate all user input
Handle errors and do not display errors to end users
SANS 401 GSEC Exam| comprehensive
Q&A for certification success 2026
Separation of Duties - correct-answer -Break critical tasks across multiple people
to limit exposure points
Rotation of Duties - correct-answer -Change jobs on a regular basis
Single Sign-On - correct-answer -Log on once and the credentials are carried with
the user to simplify user management
Password Hash Strength determined by - correct-answer -Quality of Algorithm,
Key Length, CPU Cycles, Character set support, Password Length
Salt - correct-answer -Bytes or numbers added to hash to further create more
possible passwords
,2|Page
Incident - correct-answer -An adverse event in an information system and/or
network, or threat of the occurrence of such event
Event - correct-answer -Any observable occurrence in a system and/or network
Incident Handling Steps (6) - correct-answer -Preparation
Identification
Containment
Eradication
Recovery
Lesson's Learned
Chain of Custody - correct-answer -Document evidence items and its custody,
transfer, and disposition
Real Evidence - correct-answer -Is the tangible items. Seized Computer, USB,
Printout, etc.
,3|Page
Direct Evidence - correct-answer -What the handler actually saw, not what the
handler surmised
Command Injection - correct-answer -Attacker sends OS commands as form or
other input and adds additional code for malicious cause
Buffer Overflows - correct-answer -Program allocate a certain amount of buffer
space to perform operations
SQL Injection - correct-answer -Inserting SQL into a field which is executed on the
backend of the database. Poor input validation
Cross-Site Scripting - correct-answer -Allowing JavaScript to be entered into entry
field and executing to steal cookies and session data
Return on Investment (ROI | ROSI) - correct-answer -The financial benefit or
return received from a given amount of money or capital invest into product
, 4|Page
Social Engineering - correct-answer -Attempts to manipulate or trick a person into
providing information or access
Network Mapping (hping) - correct-answer -Enables port scanning and spoofing
simultaneously by crafting packets and analyzing the return. Test firewall rules,
remote OS fingerprinting, audit TCP/IP stacks
Port Scanning (nmap) - correct-answer -Network mapper that can give
information about a network/device in order to understand open ports, services,
etc.
Kismet - correct-answer -Linux WLAN analysis tool which is completely passive
and won't be detected with use
SSL/TLS - correct-answer -Protocol for encrypting network traffic which operates
on port 443
Secure Coding Essentials - correct-answer -Validate all user input
Handle errors and do not display errors to end users
