SANS SEC 301 FINAL EXAM
QUESTIONS WITH CORRECT
SOLUTIONS||100% GUARANTEED
PASS|| UPDATED 2026/2027
SYLLABUS||ALREADY A+
GRADED||<<RECENT VERSION>>
The BlueSecure RF sensor was designed to detect rogue access points and peer-to-
peer (ad hoc) clients as soon as they appear on the network. Used with BlueSecure
software, the system scans for a variety of suspicious activities such as war driving
attacks. (Image courtesy of Bluesocket Inc., www.bluesocket.com) - ANSWER ✓
Wireless Intrusion Detection
An examination of networks and computer systems by an independent consultant.
It determines an organization's vulnerability to criminal invasion (hackers, viruses,
arson, etc.) as well as natural disasters (fire, tornados, earthquakes, etc.). See
security scan, security suite and information security. - ANSWER ✓ security audit
(1) A server on the Web that supports a security protocol, which is typically SSL.
Order forms with credit card numbers and other sensitive data transmitted to and
from a Web server must be encrypted for the user's protection. Even if a third party
were able to capture the transmission, it would be extremely difficult to decipher
the data. See SSL, security protocol and cryptography.
(2) A Web server used only for employees in a local network that is fortified
against attack from the public Internet. See firewall. - ANSWER ✓ secure Web
server
The primary method for keeping a computer secure from intruders. A firewall
allows or blocks traffic into and out of a private network or the user's computer.
Firewalls are widely used to give users secure access to the Internet as well as to
separate a company's public Web server from its internal network. Firewalls are
,also used to keep internal network segments secure; for example, the accounting
network might be vulnerable to snooping from within the enterprise.
In the home, a personal firewall typically comes with or is installed in the user's
computer (see Windows Firewall). Personal firewalls may also detect outbound
traffic to guard against spyware, which could be sending your surfing habits to a
Web site. They alert you when software makes an outbound request for the first
time (see spyware).
In the organization, a firewall can be a stand-alone machine (see firewall
appliance) or software in a router or se - ANSWER ✓ firewall
is an umbrella term that encompasses:
- Asset identification/valuation
-threat analysis
- vulnerability analysis
- likelihood and impact
- gap analysis
- safeguard/countermeasure identification and implementation
Add all these factors together to determine the level of risk:
- determine if level of risk is too high (will always be residual risk)
- to make that determination: use the "standard of due care" - ANSWER ✓ Risk
mgmt
anything that can do anything bad to our stuff - ANSWER ✓ threat
anything that allows the threat to happen - ANSWER ✓ vulnerability
how likely is it to happen and how bad will it be - ANSWER ✓ likelihood and
impact
anything to lessen or mititgate a vulnerability - ANSWER ✓
countermeasure/safeguard
here is our risk; here are our countermeasures. What is the gap between? and how
can we close the gap? - ANSWER ✓ gap analysis
Prudent Man Rule:
- Did the org act as a prudent man would act in protecting assets
,Due Dilligence:
- The industry best practices followed in meeting due care
- Whay you have to show in court to prove due care is met
Due Care:
- a legal standard
- actions that a reasonalbe person would exercise to protect assets - ANSWER ✓
Risk mgmt is performed in part due to the legal obligation of the company: and
therefore the Senior Manager
Only senior mgmt of an org can decide on the acceptable level of risk. CEO,
Commander, Director, Secretary. The security manager (CISO) advises only. -
ANSWER ✓ Risk Mgmt Decision Maker
remember the intangible value - ANSWER ✓ Asset Value (AV)
0% to 100% loss to AV
- Percentage of asset value loss if a risk is realized (a percentage) - ANSWER ✓
Exposure Factor (EF)
AV * EF%
- What does it cost each time the threat materializes - ANSWER ✓ Single Loss
Expectancy (SLE)
Based on research
- How often will a threat occur on an annual basis
- ARO examples: 0.0 (never), 0.04 (every 25 years), 0.5 (every other year), 1.0
(one a year) to 2.0 (twice a year), etc - ANSWER ✓ Annual Rate of Occurrence
(ARO)
SLE * ARO
- SLE annualized - ANSWER ✓ Annual Loss Expectancy (ALE)
Fire in a building:
- EF: fire est. to damage 25% of building (EF*25%)
- SLE: Building is valued at $100,000
$100K * 25% EF = $25L SLE
- ARO: Insurance data leads to an expectation of fire once every 10 yrs:
, One every 10 yrs give us an ARO of 0.1
- ALE: SLE of $25K * ARO of 0.1 = $2,500 ALE
-justification to spend $2,500/yr on fire suppression
Does not take into account loss of life, liability threat, lost production, etc. -
ANSWER ✓ Risk Formula Calculations
25% spend 10% of their time:
- company has 1,000 employess
- company has a $50 weighted rate
1,000 employees * 25% = 250 people
40 hr wk *10% = 4 hrs/per
4 hr * 250 people = 1,000 hours/ week SLE
$50,000/week * 50 week work year = -$2,500,000 - ANSWER ✓ Cost
Justification
- Qualitative Risk Assessment = Quantity of $$$ (use AV, EF, SLE, ARO and
ALE calculations)
- Qualititive Risk Assessment = Quality of Risk
Use qualitative to determine top threats, then quantitative to cost justify
countermeasures - ANSWER ✓ Quantitative vs Qualitative
- Identify and value all assets:
Both tangible and intangible
- Estimate potential loss per threat:
Both physical and logical (loss of data) damage
- Perform threat analysis:
Attempt to determine the likelihood and impact of the threat
- Derive annual loss potential:
Using Qualitative Risk formulas
- Reduce, transfer, avoid or accept risk:
It the C-Suite business decision - ANSWER ✓ - Qualititive Risk Assessment
Steps
Quantitative RA tries to assign hard costs to risk.
Qualitative places risk into severity scales.
- Utilizes a team of SMEs to evaluate each threat scenario, determine impact,
likelihood using various methods: Delphi, brainstorming, storyboarding focus
QUESTIONS WITH CORRECT
SOLUTIONS||100% GUARANTEED
PASS|| UPDATED 2026/2027
SYLLABUS||ALREADY A+
GRADED||<<RECENT VERSION>>
The BlueSecure RF sensor was designed to detect rogue access points and peer-to-
peer (ad hoc) clients as soon as they appear on the network. Used with BlueSecure
software, the system scans for a variety of suspicious activities such as war driving
attacks. (Image courtesy of Bluesocket Inc., www.bluesocket.com) - ANSWER ✓
Wireless Intrusion Detection
An examination of networks and computer systems by an independent consultant.
It determines an organization's vulnerability to criminal invasion (hackers, viruses,
arson, etc.) as well as natural disasters (fire, tornados, earthquakes, etc.). See
security scan, security suite and information security. - ANSWER ✓ security audit
(1) A server on the Web that supports a security protocol, which is typically SSL.
Order forms with credit card numbers and other sensitive data transmitted to and
from a Web server must be encrypted for the user's protection. Even if a third party
were able to capture the transmission, it would be extremely difficult to decipher
the data. See SSL, security protocol and cryptography.
(2) A Web server used only for employees in a local network that is fortified
against attack from the public Internet. See firewall. - ANSWER ✓ secure Web
server
The primary method for keeping a computer secure from intruders. A firewall
allows or blocks traffic into and out of a private network or the user's computer.
Firewalls are widely used to give users secure access to the Internet as well as to
separate a company's public Web server from its internal network. Firewalls are
,also used to keep internal network segments secure; for example, the accounting
network might be vulnerable to snooping from within the enterprise.
In the home, a personal firewall typically comes with or is installed in the user's
computer (see Windows Firewall). Personal firewalls may also detect outbound
traffic to guard against spyware, which could be sending your surfing habits to a
Web site. They alert you when software makes an outbound request for the first
time (see spyware).
In the organization, a firewall can be a stand-alone machine (see firewall
appliance) or software in a router or se - ANSWER ✓ firewall
is an umbrella term that encompasses:
- Asset identification/valuation
-threat analysis
- vulnerability analysis
- likelihood and impact
- gap analysis
- safeguard/countermeasure identification and implementation
Add all these factors together to determine the level of risk:
- determine if level of risk is too high (will always be residual risk)
- to make that determination: use the "standard of due care" - ANSWER ✓ Risk
mgmt
anything that can do anything bad to our stuff - ANSWER ✓ threat
anything that allows the threat to happen - ANSWER ✓ vulnerability
how likely is it to happen and how bad will it be - ANSWER ✓ likelihood and
impact
anything to lessen or mititgate a vulnerability - ANSWER ✓
countermeasure/safeguard
here is our risk; here are our countermeasures. What is the gap between? and how
can we close the gap? - ANSWER ✓ gap analysis
Prudent Man Rule:
- Did the org act as a prudent man would act in protecting assets
,Due Dilligence:
- The industry best practices followed in meeting due care
- Whay you have to show in court to prove due care is met
Due Care:
- a legal standard
- actions that a reasonalbe person would exercise to protect assets - ANSWER ✓
Risk mgmt is performed in part due to the legal obligation of the company: and
therefore the Senior Manager
Only senior mgmt of an org can decide on the acceptable level of risk. CEO,
Commander, Director, Secretary. The security manager (CISO) advises only. -
ANSWER ✓ Risk Mgmt Decision Maker
remember the intangible value - ANSWER ✓ Asset Value (AV)
0% to 100% loss to AV
- Percentage of asset value loss if a risk is realized (a percentage) - ANSWER ✓
Exposure Factor (EF)
AV * EF%
- What does it cost each time the threat materializes - ANSWER ✓ Single Loss
Expectancy (SLE)
Based on research
- How often will a threat occur on an annual basis
- ARO examples: 0.0 (never), 0.04 (every 25 years), 0.5 (every other year), 1.0
(one a year) to 2.0 (twice a year), etc - ANSWER ✓ Annual Rate of Occurrence
(ARO)
SLE * ARO
- SLE annualized - ANSWER ✓ Annual Loss Expectancy (ALE)
Fire in a building:
- EF: fire est. to damage 25% of building (EF*25%)
- SLE: Building is valued at $100,000
$100K * 25% EF = $25L SLE
- ARO: Insurance data leads to an expectation of fire once every 10 yrs:
, One every 10 yrs give us an ARO of 0.1
- ALE: SLE of $25K * ARO of 0.1 = $2,500 ALE
-justification to spend $2,500/yr on fire suppression
Does not take into account loss of life, liability threat, lost production, etc. -
ANSWER ✓ Risk Formula Calculations
25% spend 10% of their time:
- company has 1,000 employess
- company has a $50 weighted rate
1,000 employees * 25% = 250 people
40 hr wk *10% = 4 hrs/per
4 hr * 250 people = 1,000 hours/ week SLE
$50,000/week * 50 week work year = -$2,500,000 - ANSWER ✓ Cost
Justification
- Qualitative Risk Assessment = Quantity of $$$ (use AV, EF, SLE, ARO and
ALE calculations)
- Qualititive Risk Assessment = Quality of Risk
Use qualitative to determine top threats, then quantitative to cost justify
countermeasures - ANSWER ✓ Quantitative vs Qualitative
- Identify and value all assets:
Both tangible and intangible
- Estimate potential loss per threat:
Both physical and logical (loss of data) damage
- Perform threat analysis:
Attempt to determine the likelihood and impact of the threat
- Derive annual loss potential:
Using Qualitative Risk formulas
- Reduce, transfer, avoid or accept risk:
It the C-Suite business decision - ANSWER ✓ - Qualititive Risk Assessment
Steps
Quantitative RA tries to assign hard costs to risk.
Qualitative places risk into severity scales.
- Utilizes a team of SMEs to evaluate each threat scenario, determine impact,
likelihood using various methods: Delphi, brainstorming, storyboarding focus
