2/14/26, 9:21 AM SEC301 Review Questions
SANS SEC301 ACTUAL EXAM REVIEW 2026-2027
\COMPLETE QUESTIONS AND CORRECT
ANSWERS\VERIFIED 100% ALREADY GRADED
A+\LATEST UPDATE
What is the most fundamental purpose of a firewall?
A. Controlling where internal users are allowed to go on the Internet.
B. To keep the person off your network tat does not belong there.
C. Performing Network Address Translation (NAT)
D. Compartmentalization
To keep the person off your network tat does not belong there.
What mechanism do you use to dictate what traffic is allowed and what
traffic is denied?
A. Every firewall is different
B. Written Policy
C. Firewall Rules
D. Firewalls do this automatically
Firewall Rules
/ 1/39
,2/14/26, 9:21 AM SEC301 Review Questions
Which traffic type goes through a proxy firewall?
A. Any traffic allowed by the firewall rules
B. Traffic from inside the network to the Internet
C. Network Address Translated traffic
D. No traffic goes through a proxy
No traffic goes through a proxy
Which traffic type goes through a stateful inspection firewall?
A. Any traffic allowed by the firewall rules
B. Traffic from inside the network to the Internet
C. Network Address Translated Traffic
D. No traffic goes through a stateful inspection firewall
Any traffic allowed by the firewall rules
What is the underlying core technology behind stateful inspection?
A. Proxying
B. Packet Filtering
C. Network Address Translation
D. Stateful inspection is its own technology
Packet Filtering
/ 2/39
,2/14/26, 9:21 AM SEC301 Review Questions
What type of systems do you put in the DMZ?
A. A DMZ has no servers, just client PCs
B. Servers with sensitive data only
C. Firewalls
D. Public Access Systems
Public Access Systems
When is it justified to put public access servers on an internal network?
A. Never
B. As long as they are fully patched
C. When that is the most convenient way to access them
D. We always do that
Never
What is the acronym for an automated system that watches for signs of an
attack called?
A. DNS
B. IPS
C. ISP
D. IDS
IDS
/ 3/39
, 2/14/26, 9:21 AM SEC301 Review Questions
What does "A reason given in justification that is not the real reason"
define?
A. Pretexting
B. Lying
C. Manipulation
D. Obfuscating
Pretexting
Hiding the real source IP address is commonly referred to as
A. IP hiding
B. IP Spoofing
C. That is not possible
D. ARP Spoofing
IP Spoofing
What does the acronym MitM stand for?
A. Man-in-the-middle
B. Mission-Impossible-the-movie
C. Missing Threat Management
D. Modern TCP Management
Man-in-the-middle
/ 4/39
SANS SEC301 ACTUAL EXAM REVIEW 2026-2027
\COMPLETE QUESTIONS AND CORRECT
ANSWERS\VERIFIED 100% ALREADY GRADED
A+\LATEST UPDATE
What is the most fundamental purpose of a firewall?
A. Controlling where internal users are allowed to go on the Internet.
B. To keep the person off your network tat does not belong there.
C. Performing Network Address Translation (NAT)
D. Compartmentalization
To keep the person off your network tat does not belong there.
What mechanism do you use to dictate what traffic is allowed and what
traffic is denied?
A. Every firewall is different
B. Written Policy
C. Firewall Rules
D. Firewalls do this automatically
Firewall Rules
/ 1/39
,2/14/26, 9:21 AM SEC301 Review Questions
Which traffic type goes through a proxy firewall?
A. Any traffic allowed by the firewall rules
B. Traffic from inside the network to the Internet
C. Network Address Translated traffic
D. No traffic goes through a proxy
No traffic goes through a proxy
Which traffic type goes through a stateful inspection firewall?
A. Any traffic allowed by the firewall rules
B. Traffic from inside the network to the Internet
C. Network Address Translated Traffic
D. No traffic goes through a stateful inspection firewall
Any traffic allowed by the firewall rules
What is the underlying core technology behind stateful inspection?
A. Proxying
B. Packet Filtering
C. Network Address Translation
D. Stateful inspection is its own technology
Packet Filtering
/ 2/39
,2/14/26, 9:21 AM SEC301 Review Questions
What type of systems do you put in the DMZ?
A. A DMZ has no servers, just client PCs
B. Servers with sensitive data only
C. Firewalls
D. Public Access Systems
Public Access Systems
When is it justified to put public access servers on an internal network?
A. Never
B. As long as they are fully patched
C. When that is the most convenient way to access them
D. We always do that
Never
What is the acronym for an automated system that watches for signs of an
attack called?
A. DNS
B. IPS
C. ISP
D. IDS
IDS
/ 3/39
, 2/14/26, 9:21 AM SEC301 Review Questions
What does "A reason given in justification that is not the real reason"
define?
A. Pretexting
B. Lying
C. Manipulation
D. Obfuscating
Pretexting
Hiding the real source IP address is commonly referred to as
A. IP hiding
B. IP Spoofing
C. That is not possible
D. ARP Spoofing
IP Spoofing
What does the acronym MitM stand for?
A. Man-in-the-middle
B. Mission-Impossible-the-movie
C. Missing Threat Management
D. Modern TCP Management
Man-in-the-middle
/ 4/39
