SANS SEC401 MODULE QUIZZES
COMPREHENSIVE STUDY GUIDE 2026
FULL QUESTIONS AND SOLUTIONS
GRADED A+
>> Risk management framework
Answer: Structured approach to identifying and addressing security risks
>> Risk
Answer: Probability of a threat exploiting a vulnerability causing harm
>> Vulnerability
Answer: Weakness that could be exploited — software, configuration,
human
>> Threat
Answer: Potential cause of harm — attacker, natural disaster, accident
>> Risk assessment
Answer: Identifying threats, vulnerabilities, and potential impact
>> Qualitative risk assessment
Answer: Descriptive risk analysis — high, medium, low ratings
>> Quantitative risk assessment
Answer: Numerical risk analysis — dollar values
>> ALE
, Answer: Annualized Loss Expectancy — SLE × ARO — expected annual
loss
>> SLE
Answer: Single Loss Expectancy — asset value × exposure factor
>> ARO
Answer: Annualized Rate of Occurrence — how often threat expected per
year
>> Exposure factor
Answer: Percentage of asset value lost in a single incident
>> Risk treatment
Answer: Options — accept, avoid, transfer, mitigate
>> Risk acceptance
Answer: Acknowledging risk and choosing not to address it — documented
decision
>> Risk avoidance
Answer: Eliminating the activity creating the risk
>> Risk transfer
Answer: Shifting risk to another party — insurance, contract
>> Risk mitigation
Answer: Implementing controls to reduce likelihood or impact of risk
>> Residual risk
COMPREHENSIVE STUDY GUIDE 2026
FULL QUESTIONS AND SOLUTIONS
GRADED A+
>> Risk management framework
Answer: Structured approach to identifying and addressing security risks
>> Risk
Answer: Probability of a threat exploiting a vulnerability causing harm
>> Vulnerability
Answer: Weakness that could be exploited — software, configuration,
human
>> Threat
Answer: Potential cause of harm — attacker, natural disaster, accident
>> Risk assessment
Answer: Identifying threats, vulnerabilities, and potential impact
>> Qualitative risk assessment
Answer: Descriptive risk analysis — high, medium, low ratings
>> Quantitative risk assessment
Answer: Numerical risk analysis — dollar values
>> ALE
, Answer: Annualized Loss Expectancy — SLE × ARO — expected annual
loss
>> SLE
Answer: Single Loss Expectancy — asset value × exposure factor
>> ARO
Answer: Annualized Rate of Occurrence — how often threat expected per
year
>> Exposure factor
Answer: Percentage of asset value lost in a single incident
>> Risk treatment
Answer: Options — accept, avoid, transfer, mitigate
>> Risk acceptance
Answer: Acknowledging risk and choosing not to address it — documented
decision
>> Risk avoidance
Answer: Eliminating the activity creating the risk
>> Risk transfer
Answer: Shifting risk to another party — insurance, contract
>> Risk mitigation
Answer: Implementing controls to reduce likelihood or impact of risk
>> Residual risk
