3/2/26, 2:10 PM SANS 401 Practice Exam
SANS 401 Practice Exam Test Bank Questions & Accurate
Answers Most Recent Exam Actual Complete Questions And
Correct Answers (Verified Answers) Already Graded A+ |
Guaranteed Success!! Newest Exam | Just Released!! 2026-
2027
In which directory can executable programs that are part of the operating system be
found?
(/) (/var) (/lib) (/dev) (/usr/bin) (/home)
INCORRECT ON PT
/usr/bin
/ 1/95
,3/2/26, 2:10 PM SANS 401 Practice Exam
The Windows Firewall (WF) provides a popup when a new service attempts to
listen on your machine. Which of the following should you train users to select
from a security perspective if they are unsure of which option to select?
(Keep Blocking) (Increase Security Level) (Safe Mode) (Send Request to Administrator)
Keep
Blocking (
Explanation )
The three available options for Windows Firewall are Keep Blocking, Unblock
and Ask Me Later. Keep Block does not allow the program to acquire a listening
port. You should train your users to choose this option when there is any doubt
as to what they should do. There are no Safe Mode or Send Request to Admin
options.
Which Threat will be reduced when avoiding system calls from within a web app?
OS command
injection (
Explanation )
The primary way to avoid OS command injection attacks is to avoid system
calls from your web application, especially when the system call is built
based on user input. In most cases, you should be able to find a function or
library within your programming language that can perform the same
action.
/ 2/95
,3/2/26, 2:10 PM SANS 401 Practice Exam
How often by default does Windows Group Policy check for updated policies?
(Once a day) (Within 30 minutes of an applied policy change) (Every quarter
hour) (Every 90-120 minutes)
INCORRECT ON PT
Every 90-120
minutes (
Explanation )
When a computer boots up, it downloads the GPO's assigned to it and
executes them automatically. Every 90-120 minutes thereafter, the computer
checks that none of the GPO's assigned to it have changed, if any have, those
are downloaded and run automatically even if the computer has not rebooted.
0-30minutes, 30-60 minutes and 120-180 minutes are durations a group
policy could possibly be modified to use, the standard duration used by Group
Policy is 90-120 minutes.
Which of the following best describes Defense-in-Depth?
Layered controls - Separation of duties - Hardened perimeter security - Risk
management
Layered
controls (
Explanation )
Defense-in-depth is best characterized by layered defenses. The idea is that any
layer of defense may eventually fail, but a Layered Defense offers better
protection. Risk management, separation of duties, and hardened perimeters
are part of a layered defense but do not describe the full concept of DiD.
/ 3/95
, 3/2/26, 2:10 PM SANS 401 Practice Exam
Which of the following is considered a recommended practice but not a business
requirement?
Guideline - Standard - Baseline - Procedure
INCORRECT ON PT
Guideline
( Explanation )
Guidelines, unlike standards and policies, are not mandatory. Guidelines are more of a
recommendation of how something should be done.
Which of the following is a characteristic of Quality Updates for Windows?
Are released less frequently than Feature Updates - Support deferring
installation on Home edition devices - Include bug fixes and security patches -
Increment the version of Windows
Include bug fixes and security
patches ( Explanation )
Quality Updates are smaller improvements to already existing software on
Windows systems, and include bug fixes and security fixes. They are released
about every 30 days, whereas Feature Updates are released a couple of times a
year and increment the Windows version. Installation of Quality Updates may
be deferred for up to 30 days, except on Home edition devices.
/ 4/95
SANS 401 Practice Exam Test Bank Questions & Accurate
Answers Most Recent Exam Actual Complete Questions And
Correct Answers (Verified Answers) Already Graded A+ |
Guaranteed Success!! Newest Exam | Just Released!! 2026-
2027
In which directory can executable programs that are part of the operating system be
found?
(/) (/var) (/lib) (/dev) (/usr/bin) (/home)
INCORRECT ON PT
/usr/bin
/ 1/95
,3/2/26, 2:10 PM SANS 401 Practice Exam
The Windows Firewall (WF) provides a popup when a new service attempts to
listen on your machine. Which of the following should you train users to select
from a security perspective if they are unsure of which option to select?
(Keep Blocking) (Increase Security Level) (Safe Mode) (Send Request to Administrator)
Keep
Blocking (
Explanation )
The three available options for Windows Firewall are Keep Blocking, Unblock
and Ask Me Later. Keep Block does not allow the program to acquire a listening
port. You should train your users to choose this option when there is any doubt
as to what they should do. There are no Safe Mode or Send Request to Admin
options.
Which Threat will be reduced when avoiding system calls from within a web app?
OS command
injection (
Explanation )
The primary way to avoid OS command injection attacks is to avoid system
calls from your web application, especially when the system call is built
based on user input. In most cases, you should be able to find a function or
library within your programming language that can perform the same
action.
/ 2/95
,3/2/26, 2:10 PM SANS 401 Practice Exam
How often by default does Windows Group Policy check for updated policies?
(Once a day) (Within 30 minutes of an applied policy change) (Every quarter
hour) (Every 90-120 minutes)
INCORRECT ON PT
Every 90-120
minutes (
Explanation )
When a computer boots up, it downloads the GPO's assigned to it and
executes them automatically. Every 90-120 minutes thereafter, the computer
checks that none of the GPO's assigned to it have changed, if any have, those
are downloaded and run automatically even if the computer has not rebooted.
0-30minutes, 30-60 minutes and 120-180 minutes are durations a group
policy could possibly be modified to use, the standard duration used by Group
Policy is 90-120 minutes.
Which of the following best describes Defense-in-Depth?
Layered controls - Separation of duties - Hardened perimeter security - Risk
management
Layered
controls (
Explanation )
Defense-in-depth is best characterized by layered defenses. The idea is that any
layer of defense may eventually fail, but a Layered Defense offers better
protection. Risk management, separation of duties, and hardened perimeters
are part of a layered defense but do not describe the full concept of DiD.
/ 3/95
, 3/2/26, 2:10 PM SANS 401 Practice Exam
Which of the following is considered a recommended practice but not a business
requirement?
Guideline - Standard - Baseline - Procedure
INCORRECT ON PT
Guideline
( Explanation )
Guidelines, unlike standards and policies, are not mandatory. Guidelines are more of a
recommendation of how something should be done.
Which of the following is a characteristic of Quality Updates for Windows?
Are released less frequently than Feature Updates - Support deferring
installation on Home edition devices - Include bug fixes and security patches -
Increment the version of Windows
Include bug fixes and security
patches ( Explanation )
Quality Updates are smaller improvements to already existing software on
Windows systems, and include bug fixes and security fixes. They are released
about every 30 days, whereas Feature Updates are released a couple of times a
year and increment the Windows version. Installation of Quality Updates may
be deferred for up to 30 days, except on Home edition devices.
/ 4/95
