SANS SEC401 Module Quizzes | Detailed
Review Guide with Exam Questions and
Verified Solutions | Grade A+
‣ What tcpdump flag allows us to turn off hostname and port resolution?
Answer: -nn
‣ What TCP flag is the only one set when initiating a connection?
Answer: SYN
‣ Which tool from the aircrack-ng suite captures wireless frames?
Answer: airodump-ng
‣ To crack WPA, you must capture a valid WPA handshake? Answer:
True
‣ What is the keyspace associated with WEP IVs? Answer: 2^
‣ What user account is part of Windows Resource Protection? Answer:
TrustedInstaller
‣ What is the file system location where DLL files are stored? Answer:
System32
,‣ What command is used to launch the graphical PowerShell ISE editor?
Answer: powershell_ise.exe
‣ What keyboard do we look for in secedit.exe log files to find
mismatches? Answer: Mismatch
‣ What command is used to open a text file in the PowerShell ISE
editor? Answer: ise
‣ What PowerShell commands show processes and services Answer:
Get-Process and Get-Service
‣ What PowerShell command can export objects to a CSV text file?
Answer: Export-Csv
‣ What PowerShell command strips away properties we don't care
about? Answer: Select-Object
‣ What is the file used by John the Ripper to store cracked passwords?
Answer: john.pot
‣ What password cracking method uses GECOS information? Answer:
Single
,‣ True or False: John the Ripper can crack any password within 2 days?
Answer: False
‣ What Cisco password type were we easily able to decode with Cain?
Answer: Type-7
‣ What is the name of the password database on Windows? Answer:
SAM Database
‣ What Windows hash type did we crack with Cain and Abel? Answer:
NT or NTLM
‣ What Nmap option enables you to write results in XML format?
Answer: -oX
‣ Which Nmap scan type performs a Stealth Scan? Answer: -sS
‣ In what language are NSE scripts written? Answer: Lua
‣ What is the name of the tool we used to display text from the program?
Answer: strings
‣ What message did we get during the buffer overflow? Answer:
Segmentation fault
, ‣ What do we prepend to a program to ensure it runs from the current
folder? Answer: ./
‣ What is the name of the function enabling this command injection bug?
Answer: system
‣ True or False? You need to use the | symbol to append on an additional
command? Answer: False
‣ What command did you use to go to the restricted shell? Answer: rbash
‣ Which hping3 option performs IP source address spoofing? Answer: -a
‣ True or False? hping3 can transfer files covertly? Answer: True
‣ Using the "-t" flag with hping3, what can we set the value for? Answer:
TTL
‣ Using the Pre-Scale option increases the host size by how many times?
Answer: 4
‣ What is the name of the GUI you can use to manage GPG? Answer:
GNU Privacy Assistant
Review Guide with Exam Questions and
Verified Solutions | Grade A+
‣ What tcpdump flag allows us to turn off hostname and port resolution?
Answer: -nn
‣ What TCP flag is the only one set when initiating a connection?
Answer: SYN
‣ Which tool from the aircrack-ng suite captures wireless frames?
Answer: airodump-ng
‣ To crack WPA, you must capture a valid WPA handshake? Answer:
True
‣ What is the keyspace associated with WEP IVs? Answer: 2^
‣ What user account is part of Windows Resource Protection? Answer:
TrustedInstaller
‣ What is the file system location where DLL files are stored? Answer:
System32
,‣ What command is used to launch the graphical PowerShell ISE editor?
Answer: powershell_ise.exe
‣ What keyboard do we look for in secedit.exe log files to find
mismatches? Answer: Mismatch
‣ What command is used to open a text file in the PowerShell ISE
editor? Answer: ise
‣ What PowerShell commands show processes and services Answer:
Get-Process and Get-Service
‣ What PowerShell command can export objects to a CSV text file?
Answer: Export-Csv
‣ What PowerShell command strips away properties we don't care
about? Answer: Select-Object
‣ What is the file used by John the Ripper to store cracked passwords?
Answer: john.pot
‣ What password cracking method uses GECOS information? Answer:
Single
,‣ True or False: John the Ripper can crack any password within 2 days?
Answer: False
‣ What Cisco password type were we easily able to decode with Cain?
Answer: Type-7
‣ What is the name of the password database on Windows? Answer:
SAM Database
‣ What Windows hash type did we crack with Cain and Abel? Answer:
NT or NTLM
‣ What Nmap option enables you to write results in XML format?
Answer: -oX
‣ Which Nmap scan type performs a Stealth Scan? Answer: -sS
‣ In what language are NSE scripts written? Answer: Lua
‣ What is the name of the tool we used to display text from the program?
Answer: strings
‣ What message did we get during the buffer overflow? Answer:
Segmentation fault
, ‣ What do we prepend to a program to ensure it runs from the current
folder? Answer: ./
‣ What is the name of the function enabling this command injection bug?
Answer: system
‣ True or False? You need to use the | symbol to append on an additional
command? Answer: False
‣ What command did you use to go to the restricted shell? Answer: rbash
‣ Which hping3 option performs IP source address spoofing? Answer: -a
‣ True or False? hping3 can transfer files covertly? Answer: True
‣ Using the "-t" flag with hping3, what can we set the value for? Answer:
TTL
‣ Using the Pre-Scale option increases the host size by how many times?
Answer: 4
‣ What is the name of the GUI you can use to manage GPG? Answer:
GNU Privacy Assistant
