SANS SEC 301 FINAL EXAM SCRIPT 2026
COMPLETE QUESTIONS AND ANSWERS 100%
CORRECT
◉ The cornerstone of all security: Everyting done in security addresses
one or more of these three things
Confidentiality, Integrity, availability
Confidentiality - Only those who need to access something can; ties into
principle of least privilege
Integrity - data is edited correctly and by the right people. Failure ex.:
Delta $5 tickets round trip tickets to anywhere Delta flies/attach on
pricing database
Availability - If you cannot use it, why do you have it. Answer: CIA
Triad
◉ Pharmaceuticals and government, research. Answer: Confidentiality
◉ Financials maintained in part by confidentiality. Answer: Integrity
◉ eCommerce Ex. Amazon make $133,000/per minute thus denial of
service is critical business impact; power company need to keep lights
on = availability issue. Answer: Availability
,◉ Authentication, Authorization, Accountability. Answer: AAA
◉ Detailed steps to make policy happen. Answer: Procedure
◉ Policy, Procedure and Training. Answer: PPT
◉ Users must know what policies and procedures say to follow them.
Answer: Training
◉ Broad general statement of management's intent to protect
information. Answer: Policy
◉ A security professional needs to be:
1/3 technologist
1/3 manager
1/3 lawyer
-Tkhis is the perfect summation of the career field.
-Technology supports security efforts
-Management decisions (and budgets) drive security
-Legal issues mandate security requirements. Answer: Security by
Thirds
◉ Senior Mgmt:
,-Has legal responsibility to protect the assets of the org:
That give him the ultimate responsibility for security
-Authority can be delegated - responsibility cannot be
Data owner - person or office with primary responsibility for data;
owners determine classification, protective measures and more
Data custodian - the person/group that implement the controls; make the
decisions of the owner happens
Users - use data; are also automatically data custodians. Answer:
Security Roles and Responsiblities
◉ safety of people. Answer: Number 1 Goal of Security
◉ years ago: teenagers
today: we face organized crime and nation states
-well funded
-highly motivated
disgruntled insider: difficult to counter; tends to be subtle; often
damaging or even devastating
Accidental insider: common; also tend to be subtle; in aggregate - even
ore damaging
, Outsider threat source - inside threat actor: a growing proble, the current
most-common attack vector
2014 - 47% of U. S. adults had private data compromised in a breach
(NBC News)
FBI can prove it was North Korea that attacked Sony. Answer: Nature of
the Threat
◉ . Answer: Security Policy
◉ . Answer: Separation of Duties
◉ . Answer: Acceptable Use Policy
◉ verify identity; is Keith really Keith?
(1) Verifying the integrity of a transmitted message. See message
integrity, e-mail authentication and MAC.
(2) Verifying the identity of a user logging into a network. Passwords,
digital certificates, smart cards and biometrics can be used to prove the
identity of the client to the network. Passwords and digital certificates
can also be used to identify the network to the client. The latter is
COMPLETE QUESTIONS AND ANSWERS 100%
CORRECT
◉ The cornerstone of all security: Everyting done in security addresses
one or more of these three things
Confidentiality, Integrity, availability
Confidentiality - Only those who need to access something can; ties into
principle of least privilege
Integrity - data is edited correctly and by the right people. Failure ex.:
Delta $5 tickets round trip tickets to anywhere Delta flies/attach on
pricing database
Availability - If you cannot use it, why do you have it. Answer: CIA
Triad
◉ Pharmaceuticals and government, research. Answer: Confidentiality
◉ Financials maintained in part by confidentiality. Answer: Integrity
◉ eCommerce Ex. Amazon make $133,000/per minute thus denial of
service is critical business impact; power company need to keep lights
on = availability issue. Answer: Availability
,◉ Authentication, Authorization, Accountability. Answer: AAA
◉ Detailed steps to make policy happen. Answer: Procedure
◉ Policy, Procedure and Training. Answer: PPT
◉ Users must know what policies and procedures say to follow them.
Answer: Training
◉ Broad general statement of management's intent to protect
information. Answer: Policy
◉ A security professional needs to be:
1/3 technologist
1/3 manager
1/3 lawyer
-Tkhis is the perfect summation of the career field.
-Technology supports security efforts
-Management decisions (and budgets) drive security
-Legal issues mandate security requirements. Answer: Security by
Thirds
◉ Senior Mgmt:
,-Has legal responsibility to protect the assets of the org:
That give him the ultimate responsibility for security
-Authority can be delegated - responsibility cannot be
Data owner - person or office with primary responsibility for data;
owners determine classification, protective measures and more
Data custodian - the person/group that implement the controls; make the
decisions of the owner happens
Users - use data; are also automatically data custodians. Answer:
Security Roles and Responsiblities
◉ safety of people. Answer: Number 1 Goal of Security
◉ years ago: teenagers
today: we face organized crime and nation states
-well funded
-highly motivated
disgruntled insider: difficult to counter; tends to be subtle; often
damaging or even devastating
Accidental insider: common; also tend to be subtle; in aggregate - even
ore damaging
, Outsider threat source - inside threat actor: a growing proble, the current
most-common attack vector
2014 - 47% of U. S. adults had private data compromised in a breach
(NBC News)
FBI can prove it was North Korea that attacked Sony. Answer: Nature of
the Threat
◉ . Answer: Security Policy
◉ . Answer: Separation of Duties
◉ . Answer: Acceptable Use Policy
◉ verify identity; is Keith really Keith?
(1) Verifying the integrity of a transmitted message. See message
integrity, e-mail authentication and MAC.
(2) Verifying the identity of a user logging into a network. Passwords,
digital certificates, smart cards and biometrics can be used to prove the
identity of the client to the network. Passwords and digital certificates
can also be used to identify the network to the client. The latter is
