SANS SEC530 EXAMINATION TEST 2026
QUESTIONS WITH ANSWERS GRADED A+
◉ Which of the following Cisco IOS commands is used to shut the port
down automatically when the maximum number of MAC addresses is
exceeded?
A) switchport port-security violation shutdown
B) switchport port-security limit rate source-mac-shutdown
C) switchport port-security violation auto-shutdown
D) switchport port-security mac-exceed-port-shutdown. Answer: A)
switchport port-security violation shutdown
◉ What is a common failing associated with focusing only on
compliance-drive security?
A) Compliance-driven security tends to focus only on hardening internal
systems.
B) Compliance-driven security tends to focus only on hardening the
perimeter.
,C) Compliance-driven security tends to be costly in terms of solutions
and resources.
D) Compliance-driven security tends to fail in the face of a persistent
adversary. Answer: D) Compliance-driven security tends to fail in the
face of a persistent adversary.
◉ Which of the following is described by Lockheed Martin as a
countermeasure action to the Kill Chain?
A) Disrupt
B) Prevent
C) React
D) Remove. Answer: A) Disrupt
◉ What is an easy to implement and effective control an organization
can leverage to make pivoting more difficult for an attacker?
A) WPA2
B) P2P patching
C) Private VLAN
D) VPN. Answer: C) Private VLAN
◉ Which type of private VLAN ports may only communicate with
promiscuous ports?
,A) Isolated
B) Promiscuous
C) Network
D) Community. Answer: A) Isolated
◉ Which of the following wireless standards supports up to 1300 Mbps?
A) 802.11b
B) 802.11ac
C) 802.11n
D) 802.11w. Answer: B) 802.11ac
◉ In which phase of the security architecture design lifecycle is threat
modeling and attack surface analysis conducted?
A) Scan
B) Discover and Assess
C) Plan
D) Design. Answer: C) Plan
, ◉ Which of the following is the best practice to mitigate against the
Cisco Discovery Protocol (CDP) information leakage attack?
A) Disable the CDP unless expressly required.
B) No mitigations are needed since CDP is secure by default.
C) Schedule the CDP patch regularly.
D) Enable the SECDP feature in the CDP to secure the CDP. Answer: A)
Disable the CDP unless expressly required.
◉ Which of the following prevents physical access to the network when
plugging in an unauthorized device?
A) MAC address filtering
B) Packet filtering firewall
C) Background checks
D) Two-factor authentication. Answer: A) MAC address filtering
◉ What would be one of the first steps for a security architect when
building or redesigning a security architecture to secure an organization?
A) Remove unnecessary egress traffic
B) Perform a perimeter pen test
C) Deploy patches to external systems
QUESTIONS WITH ANSWERS GRADED A+
◉ Which of the following Cisco IOS commands is used to shut the port
down automatically when the maximum number of MAC addresses is
exceeded?
A) switchport port-security violation shutdown
B) switchport port-security limit rate source-mac-shutdown
C) switchport port-security violation auto-shutdown
D) switchport port-security mac-exceed-port-shutdown. Answer: A)
switchport port-security violation shutdown
◉ What is a common failing associated with focusing only on
compliance-drive security?
A) Compliance-driven security tends to focus only on hardening internal
systems.
B) Compliance-driven security tends to focus only on hardening the
perimeter.
,C) Compliance-driven security tends to be costly in terms of solutions
and resources.
D) Compliance-driven security tends to fail in the face of a persistent
adversary. Answer: D) Compliance-driven security tends to fail in the
face of a persistent adversary.
◉ Which of the following is described by Lockheed Martin as a
countermeasure action to the Kill Chain?
A) Disrupt
B) Prevent
C) React
D) Remove. Answer: A) Disrupt
◉ What is an easy to implement and effective control an organization
can leverage to make pivoting more difficult for an attacker?
A) WPA2
B) P2P patching
C) Private VLAN
D) VPN. Answer: C) Private VLAN
◉ Which type of private VLAN ports may only communicate with
promiscuous ports?
,A) Isolated
B) Promiscuous
C) Network
D) Community. Answer: A) Isolated
◉ Which of the following wireless standards supports up to 1300 Mbps?
A) 802.11b
B) 802.11ac
C) 802.11n
D) 802.11w. Answer: B) 802.11ac
◉ In which phase of the security architecture design lifecycle is threat
modeling and attack surface analysis conducted?
A) Scan
B) Discover and Assess
C) Plan
D) Design. Answer: C) Plan
, ◉ Which of the following is the best practice to mitigate against the
Cisco Discovery Protocol (CDP) information leakage attack?
A) Disable the CDP unless expressly required.
B) No mitigations are needed since CDP is secure by default.
C) Schedule the CDP patch regularly.
D) Enable the SECDP feature in the CDP to secure the CDP. Answer: A)
Disable the CDP unless expressly required.
◉ Which of the following prevents physical access to the network when
plugging in an unauthorized device?
A) MAC address filtering
B) Packet filtering firewall
C) Background checks
D) Two-factor authentication. Answer: A) MAC address filtering
◉ What would be one of the first steps for a security architect when
building or redesigning a security architecture to secure an organization?
A) Remove unnecessary egress traffic
B) Perform a perimeter pen test
C) Deploy patches to external systems
