SANS 401 GSEC Exam, SEC401 Exam Coverage
Workbook
The SANS SEC401 GSEC Exam evaluates
foundational cybersecurity knowledge and
practical skills in securing systems and
networks. It focuses on core security
principles, including access control,
authentication, cryptography basics,
network security, and common attack
techniques and defenses.
It also covers system hardening, incident
response fundamentals, security policies,
risk management, and basic security
operations. The exam and workbook
emphasize applying best practices in real-
world environments, aligned with training
from the SANS Institute, with a strong focus
, on protecting systems, detecting threats,
and maintaining overall information security.
What tcpdump flag allows us to -nn
turn off hostname and port
resolution?
What TCP flag is the only one SYN
set when initiating a
connection?
What tcpdump flag displays -XX
hex, ASCII, and the Ethernet
header?
Which tool from the aircrack-ng airodump-ng
suite captures wireless frames?
,To crack WPA, you must capture True
a valid WPA handshake?
What is the keyspace associated 2^
with WEP IVs?
What user account is part of TrustedInstaller
Windows Resource Protection?
What is the file system location System32
where DLL files are stored?
What command is used to powershell_ise.exe
launch the graphical PowerShell
ISE editor?
, What keyboard do we look for Mismatch
in secedit.exe log files to find
mismatches?
What command is used to open ise
a text file in the PowerShell ISE
editor?
What PowerShell commands Get-Process and Get-Service
show processes and services
What PowerShell command can Export-Csv
export objects to a CSV text
file?
Workbook
The SANS SEC401 GSEC Exam evaluates
foundational cybersecurity knowledge and
practical skills in securing systems and
networks. It focuses on core security
principles, including access control,
authentication, cryptography basics,
network security, and common attack
techniques and defenses.
It also covers system hardening, incident
response fundamentals, security policies,
risk management, and basic security
operations. The exam and workbook
emphasize applying best practices in real-
world environments, aligned with training
from the SANS Institute, with a strong focus
, on protecting systems, detecting threats,
and maintaining overall information security.
What tcpdump flag allows us to -nn
turn off hostname and port
resolution?
What TCP flag is the only one SYN
set when initiating a
connection?
What tcpdump flag displays -XX
hex, ASCII, and the Ethernet
header?
Which tool from the aircrack-ng airodump-ng
suite captures wireless frames?
,To crack WPA, you must capture True
a valid WPA handshake?
What is the keyspace associated 2^
with WEP IVs?
What user account is part of TrustedInstaller
Windows Resource Protection?
What is the file system location System32
where DLL files are stored?
What command is used to powershell_ise.exe
launch the graphical PowerShell
ISE editor?
, What keyboard do we look for Mismatch
in secedit.exe log files to find
mismatches?
What command is used to open ise
a text file in the PowerShell ISE
editor?
What PowerShell commands Get-Process and Get-Service
show processes and services
What PowerShell command can Export-Csv
export objects to a CSV text
file?
