SANS SEC530 TEST BANK 2026 QUESTIONS
WITH SOLUTIONS GRADED A+
◉ NGFW Application Control. Answer: Attempts to identify an
application based on ANY information. Can be DNS queries, TLS fields,
ports or IP's, application signatures, filenames, and URL's
◉ What does allowing multiple packets for application control
introduce? Answer: The possibility of malicious use where data can be
allowed in or out of a network.
◉ How can you work on implementing a default deny rule on a firewall?
Answer: Create a mockup default deny rule that is set to allow, and then
analyze the rule to see what legitimate traffic is being held.
◉ What ports should be used first as quick wins on a firewall? Answer:
25 - SMTP
53 - DNS
123 -NTP
465 - SMTP over TLS
993 - Secure IMAP
995 - Secure POP3
, ◉ Why may traffic come from a geoblocked country? Answer: CDN,
cloud hosting, business partners
◉ Is automation an architecture decision? Answer: Yes
◉ Are there legal considerations to SSL decryption? Answer: Yes;
GDPR and PCI-DSS systems have the need for encryption end-to-end
which can be interrupted by an SSL inspection algorithm.
◉ Network Security Monitoring. Answer: Deals with data in motion,
switching the mentality to monitoring to find sources of evil in alerts and
anomalies.
◉ Alerts provide the ________ point for an investigation.. Answer:
Initial
◉ What might happen if you overload a switch mirror port? Answer:
The TCAM table will be overloaded, and traffic will be dropped.
◉ Tool: Security Onion. Answer: An open source, full fledged open
source network security monitor.
WITH SOLUTIONS GRADED A+
◉ NGFW Application Control. Answer: Attempts to identify an
application based on ANY information. Can be DNS queries, TLS fields,
ports or IP's, application signatures, filenames, and URL's
◉ What does allowing multiple packets for application control
introduce? Answer: The possibility of malicious use where data can be
allowed in or out of a network.
◉ How can you work on implementing a default deny rule on a firewall?
Answer: Create a mockup default deny rule that is set to allow, and then
analyze the rule to see what legitimate traffic is being held.
◉ What ports should be used first as quick wins on a firewall? Answer:
25 - SMTP
53 - DNS
123 -NTP
465 - SMTP over TLS
993 - Secure IMAP
995 - Secure POP3
, ◉ Why may traffic come from a geoblocked country? Answer: CDN,
cloud hosting, business partners
◉ Is automation an architecture decision? Answer: Yes
◉ Are there legal considerations to SSL decryption? Answer: Yes;
GDPR and PCI-DSS systems have the need for encryption end-to-end
which can be interrupted by an SSL inspection algorithm.
◉ Network Security Monitoring. Answer: Deals with data in motion,
switching the mentality to monitoring to find sources of evil in alerts and
anomalies.
◉ Alerts provide the ________ point for an investigation.. Answer:
Initial
◉ What might happen if you overload a switch mirror port? Answer:
The TCAM table will be overloaded, and traffic will be dropped.
◉ Tool: Security Onion. Answer: An open source, full fledged open
source network security monitor.
