SANS SEC504 TOOLS – 2020 FINAL
EXAM QUESTIONS WITH CORRECT
SOLUTIONS||100% GUARANTEED
PASS|| UPDATED 2026/2027
SYLLABUS||ALREADY A+
GRADED||<<RECENT VERSION>>
NetworkMiner - ANSWER ✓ NetworkMiner is a passive network packet capture
tool in to detect operating systems, sessions, hostnames, and open ports.
NetworkMiner can also parse libpcap files for offline analysis and to regenerate
transmitted files sent over the network.
Ntdsutil - ANSWER ✓ Ntdsutil.exe is a command line tool that provides
management facilities for Active Directory Domain Services (AD DS) and Active
Directory Lightweight Directory Services (AD LDS). Widely used by attackers to
retrieve domain password hash data for processing with Impacket secretsdump.py.
passwd - ANSWER ✓ Passwd is a Linux utility to change your password or other
user's passwords when you have root privileges.
PowerView - ANSWER ✓ PowerView is a collection of PowerShell cmdlets for
interrogating Windows systems, including multiple scanning and enumeration
functions.
ProcDOT - ANSWER ✓ ProcDOT takes output from Process Monitor, and
optionally a PCAP file, and displays the events graphically.
Procdump - ANSWER ✓ Procdump is part of the SysInternals suite for Windows,
allowing an administrator to dump the memory from running processes. Procdump
is often used with Mimikatz for password and password hash retrieval.
, Process Explorer - ANSWER ✓ Process Explorer of a part of the Microsoft
SysInternals suite of tools, used for tracking process execution for Windows
executables.
Process Monitor (Procmon) - ANSWER ✓ Procmon is a component of the
Microsoft SysInternals suite of tools, used for real-time file system, Registry and
process monitoring. It replaces the two legacy SysInternals utilities, Filemon and
Regmon.
Ptunnel - ANSWER ✓ Ptunnel tunnels TCP connections through ICMP to
exfiltrate egress filters in some networks. ICMP tunneling. carries TCP
connections over ICMP Echo and Reply packets
Qualys VM - ANSWER ✓ Vulnerability identification and management tool.
Vulnerability Scanner
Rapid7 InsightVM - ANSWER ✓ Vulnerability management, assessment tool.
Real Intelligence Threat Analytics (RITA) - ANSWER ✓ RITA is an open-source
framework for network traffic analysis and threat hunting.
Reg - ANSWER ✓ The reg utility reads and writes to the Windows registry from
the command line.
Regshot - ANSWER ✓ Regshot is a snapshot recording tool for Windows. It
allows you to record a snapshot of the registry and optionally the file system at two
points in time. Regshot provides a high-level summary of the changes, showing the
registry keys that were added, removed, and modified. It will also summarize the
files that were added, removed, and modified.
Request Tracker for Incident Response (RTIR) - ANSWER ✓ RTIR is a free tool
for incident response management and tracking.
Responder - ANSWER ✓ Responder is an LLMNR, NBT-NS, and MDNS
poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication
server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and
Basic HTTP authentication. Responder is commonly used to steal authentication
credentials from Windows victims on the LAN through the LLMNR protocol.
EXAM QUESTIONS WITH CORRECT
SOLUTIONS||100% GUARANTEED
PASS|| UPDATED 2026/2027
SYLLABUS||ALREADY A+
GRADED||<<RECENT VERSION>>
NetworkMiner - ANSWER ✓ NetworkMiner is a passive network packet capture
tool in to detect operating systems, sessions, hostnames, and open ports.
NetworkMiner can also parse libpcap files for offline analysis and to regenerate
transmitted files sent over the network.
Ntdsutil - ANSWER ✓ Ntdsutil.exe is a command line tool that provides
management facilities for Active Directory Domain Services (AD DS) and Active
Directory Lightweight Directory Services (AD LDS). Widely used by attackers to
retrieve domain password hash data for processing with Impacket secretsdump.py.
passwd - ANSWER ✓ Passwd is a Linux utility to change your password or other
user's passwords when you have root privileges.
PowerView - ANSWER ✓ PowerView is a collection of PowerShell cmdlets for
interrogating Windows systems, including multiple scanning and enumeration
functions.
ProcDOT - ANSWER ✓ ProcDOT takes output from Process Monitor, and
optionally a PCAP file, and displays the events graphically.
Procdump - ANSWER ✓ Procdump is part of the SysInternals suite for Windows,
allowing an administrator to dump the memory from running processes. Procdump
is often used with Mimikatz for password and password hash retrieval.
, Process Explorer - ANSWER ✓ Process Explorer of a part of the Microsoft
SysInternals suite of tools, used for tracking process execution for Windows
executables.
Process Monitor (Procmon) - ANSWER ✓ Procmon is a component of the
Microsoft SysInternals suite of tools, used for real-time file system, Registry and
process monitoring. It replaces the two legacy SysInternals utilities, Filemon and
Regmon.
Ptunnel - ANSWER ✓ Ptunnel tunnels TCP connections through ICMP to
exfiltrate egress filters in some networks. ICMP tunneling. carries TCP
connections over ICMP Echo and Reply packets
Qualys VM - ANSWER ✓ Vulnerability identification and management tool.
Vulnerability Scanner
Rapid7 InsightVM - ANSWER ✓ Vulnerability management, assessment tool.
Real Intelligence Threat Analytics (RITA) - ANSWER ✓ RITA is an open-source
framework for network traffic analysis and threat hunting.
Reg - ANSWER ✓ The reg utility reads and writes to the Windows registry from
the command line.
Regshot - ANSWER ✓ Regshot is a snapshot recording tool for Windows. It
allows you to record a snapshot of the registry and optionally the file system at two
points in time. Regshot provides a high-level summary of the changes, showing the
registry keys that were added, removed, and modified. It will also summarize the
files that were added, removed, and modified.
Request Tracker for Incident Response (RTIR) - ANSWER ✓ RTIR is a free tool
for incident response management and tracking.
Responder - ANSWER ✓ Responder is an LLMNR, NBT-NS, and MDNS
poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication
server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and
Basic HTTP authentication. Responder is commonly used to steal authentication
credentials from Windows victims on the LAN through the LLMNR protocol.
