SANS SEC401 MODULE COMPREHENSIVE
EXAM 2026 QUESTIONS AND ANSWERS 100%
CORRECT
◉ TTP. Answer: Tactics
Techniques
Procedures
◉ Logical design (network architecture). Answer: Represents the logical
functions in the system
Putting the conceptional design on paper
Maps the components of the conceptual design via the use of a network
diagram
Next parts of the architecture understanding will leverage and build
upon this design step
Uses icons to depict workstations servers printers routers switches and
other devices connected to the network
,◉ Physical design (network architecture). Answer: Builds upon the
logical design by providing detailed aspects of the network components
Details might include: versions, patch levels, hardening configurations,
risk categorization, etc.
Physical design also considers physical risks such as network cable
location, risk of communication interception, etc.
Physical security can betray logical security controls
Details include OS version, patches, hardening configurations, risks,
physical security
◉ Communication Flow. Answer: Understanding Who accesses data ?
When (at what times) data is accessed ? How much data is accessed ?
Will lead to the development of a baseline - knowing normal allows
abormal to stand out.
Never a 'one and done'. Continual updating is necessary.
◉ Threat Agents. Answer: Opportunistic
,Organized cyber crime
Advanced Persistent Threats (nation states)
◉ Attacks Against Routers (5 examples). Answer: Denial of Service
Distributed Denial of Service
Packet Sniffing
Packet Misrouting
Routing Table Poisoning
◉ Attacks against switches (5 examples). Answer: CDP Information
Disclosure
MAC Flooding
DHCP Manipulation
, STP Manipulation
VLAN Hopping
◉ CDP Information Disclosure. Answer: Cisco Discovery Protocol is
used for switches to communicate about other devices are discoverable
on the network. Exploiting this protocol would give information about
types and versions of switches, OS, usernames and administrative
accounts on the switches, etc.
◉ MAC Flooding. Answer: Flooding the network with fake Media
Access Control (MAC) addresses may degrade the switch and force it
into downgrading into a hub, giving the attackers access to the overall
network.
◉ DHCP Manipulation. Answer: Dynamic Host Configuration Protocol
is used to communicate the network configuration to other devices on
the network. An attacker could monitor this protocol and respond to
DHCP requests sooner than the intended recipient, placing the attacker's
device in the middle of legitimate network traffic - a type of Machine in
the Middle position.
◉ STP Manipulation. Answer: Spanning Tree Protocol is used to ensure
that switches do not get stuck in a switch loop. The protocol is similar to
CDP and the attack is similar - the manipulation could lead a network
reconfiguration to cause a DoS or a MiTM.
EXAM 2026 QUESTIONS AND ANSWERS 100%
CORRECT
◉ TTP. Answer: Tactics
Techniques
Procedures
◉ Logical design (network architecture). Answer: Represents the logical
functions in the system
Putting the conceptional design on paper
Maps the components of the conceptual design via the use of a network
diagram
Next parts of the architecture understanding will leverage and build
upon this design step
Uses icons to depict workstations servers printers routers switches and
other devices connected to the network
,◉ Physical design (network architecture). Answer: Builds upon the
logical design by providing detailed aspects of the network components
Details might include: versions, patch levels, hardening configurations,
risk categorization, etc.
Physical design also considers physical risks such as network cable
location, risk of communication interception, etc.
Physical security can betray logical security controls
Details include OS version, patches, hardening configurations, risks,
physical security
◉ Communication Flow. Answer: Understanding Who accesses data ?
When (at what times) data is accessed ? How much data is accessed ?
Will lead to the development of a baseline - knowing normal allows
abormal to stand out.
Never a 'one and done'. Continual updating is necessary.
◉ Threat Agents. Answer: Opportunistic
,Organized cyber crime
Advanced Persistent Threats (nation states)
◉ Attacks Against Routers (5 examples). Answer: Denial of Service
Distributed Denial of Service
Packet Sniffing
Packet Misrouting
Routing Table Poisoning
◉ Attacks against switches (5 examples). Answer: CDP Information
Disclosure
MAC Flooding
DHCP Manipulation
, STP Manipulation
VLAN Hopping
◉ CDP Information Disclosure. Answer: Cisco Discovery Protocol is
used for switches to communicate about other devices are discoverable
on the network. Exploiting this protocol would give information about
types and versions of switches, OS, usernames and administrative
accounts on the switches, etc.
◉ MAC Flooding. Answer: Flooding the network with fake Media
Access Control (MAC) addresses may degrade the switch and force it
into downgrading into a hub, giving the attackers access to the overall
network.
◉ DHCP Manipulation. Answer: Dynamic Host Configuration Protocol
is used to communicate the network configuration to other devices on
the network. An attacker could monitor this protocol and respond to
DHCP requests sooner than the intended recipient, placing the attacker's
device in the middle of legitimate network traffic - a type of Machine in
the Middle position.
◉ STP Manipulation. Answer: Spanning Tree Protocol is used to ensure
that switches do not get stuck in a switch loop. The protocol is similar to
CDP and the attack is similar - the manipulation could lead a network
reconfiguration to cause a DoS or a MiTM.
