SANS 401 ACTUAL EXAM 2026 |Complete
Questions and Guide Answers, 100% Verified
Graded A+
Save
Terms in this set (154)
In which directory can executable /usr/bin
programs that are part of the
operating system be found?
(/) (/var) (/lib) (/dev) (/usr/bin)
(/home)
INCORRECT ON PT
The Windows Firewall (WF) Keep Blocking
provides a popup when a new
service attempts to listen on your ( Explanation )
machine. Which of the following The three available options for Windows Firewall
should you train users to select are Keep Blocking, Unblock and Ask Me Later.
from a security perspective if they Keep Block does not allow the program to
are unsure of which option to acquire a listening port. You should train your
select? users to choose this option when there is any
doubt as to what they should do. There are no
(Keep Blocking) (Increase Security Safe Mode or Send Request to Admin options.
Level) (Safe Mode) (Send Request
to Administrator)
,Which Threat will be reduced when OS command injection
avoiding system calls from within a
web app? ( Explanation )
The primary way to avoid OS command injection
attacks is to avoid system calls from your web
application, especially when the system call is
built based on user input. In most cases, you
should be able to find a function or library within
your programming language that can perform
the same action.
How often by default does Every 90-120 minutes
Windows Group Policy check for
updated policies? ( Explanation )
When a computer boots up, it downloads the
(Once a day) (Within 30 minutes of GPO's assigned to it and executes them
an applied policy change) (Every automatically. Every 90-120 minutes thereafter,
quarter hour) (Every 90-120 the computer checks that none of the GPO's
minutes) assigned to it have changed, if any have, those
are downloaded and run automatically even if
INCORRECT ON PT the computer has not rebooted. 0-30minutes, 30-
60 minutes and 120-180 minutes are durations a
group policy could possibly be modified to use,
the standard duration used by Group Policy is
90-120 minutes.
,Which of the following best Layered controls
describes Defense-in-Depth?
( Explanation )
Layered controls - Separation of Defense-in-depth is best characterized by
duties - Hardened perimeter layered defenses. The idea is that any layer of
security - Risk management defense may eventually fail, but a Layered
Defense offers better protection. Risk
management, separation of duties, and hardened
perimeters are part of a layered defense but do
not describe the full concept of DiD.
Which of the following is Guideline
considered a recommended
practice but not a business ( Explanation )
requirement? Guidelines, unlike standards and policies, are not
mandatory. Guidelines are more of a
Guideline - Standard - Baseline - recommendation of how something should be
Procedure done.
INCORRECT ON PT
Which of the following is a Include bug fixes and security patches
characteristic of Quality Updates
for Windows? ( Explanation )
Quality Updates are smaller improvements to
Are released less frequently than already existing software on Windows systems,
Feature Updates - Support and include bug fixes and security fixes. They are
deferring installation on Home released about every 30 days, whereas Feature
edition devices - Include bug fixes Updates are released a couple of times a year
and security patches - Increment and increment the Windows version. Installation
the version of Windows of Quality Updates may be deferred for up to 30
days, except on Home edition devices.
, When does applying an encryption When the algorithm is not a group
algorithm multiple times provide
additional security? ( Explanation )
Whether an algorithm is a group is an important
When the algorithm is a group - statistical consideration. If it is a group, then
When the algorithm is not a group - applying the algorithm multiple times is a waste
The algorithm uses xor - The of time. In 1992, it was proven that DES is not a
algorithm is weak group, in fact, so encrypting multiple times with
DES is not equivalent to encrypting once.
INCORRECT ON PT
How is a TCP/IP Packet generated Application Layer -> Transport Layer -> Internet
as it moves down through the Layer -> Network Layer
TCP/IP stack?
( Explanation )
(Network Layer -> Transport Layer - As a packet is generated the packet goes from
> Internet Layer -> Application Layer the Application Layer to the Transport Layer to
) (Network Layer -> Internet Layer - the Internet Layer and finally to the Network
> Transport Layer -> Application Layer.
Layer) (Application Layer ->
Transport Layer -> Internet Layer ->
Network Layer) (Application Layer -
> Internet Layer -> Transport Layer -
> Network Layer)
Questions and Guide Answers, 100% Verified
Graded A+
Save
Terms in this set (154)
In which directory can executable /usr/bin
programs that are part of the
operating system be found?
(/) (/var) (/lib) (/dev) (/usr/bin)
(/home)
INCORRECT ON PT
The Windows Firewall (WF) Keep Blocking
provides a popup when a new
service attempts to listen on your ( Explanation )
machine. Which of the following The three available options for Windows Firewall
should you train users to select are Keep Blocking, Unblock and Ask Me Later.
from a security perspective if they Keep Block does not allow the program to
are unsure of which option to acquire a listening port. You should train your
select? users to choose this option when there is any
doubt as to what they should do. There are no
(Keep Blocking) (Increase Security Safe Mode or Send Request to Admin options.
Level) (Safe Mode) (Send Request
to Administrator)
,Which Threat will be reduced when OS command injection
avoiding system calls from within a
web app? ( Explanation )
The primary way to avoid OS command injection
attacks is to avoid system calls from your web
application, especially when the system call is
built based on user input. In most cases, you
should be able to find a function or library within
your programming language that can perform
the same action.
How often by default does Every 90-120 minutes
Windows Group Policy check for
updated policies? ( Explanation )
When a computer boots up, it downloads the
(Once a day) (Within 30 minutes of GPO's assigned to it and executes them
an applied policy change) (Every automatically. Every 90-120 minutes thereafter,
quarter hour) (Every 90-120 the computer checks that none of the GPO's
minutes) assigned to it have changed, if any have, those
are downloaded and run automatically even if
INCORRECT ON PT the computer has not rebooted. 0-30minutes, 30-
60 minutes and 120-180 minutes are durations a
group policy could possibly be modified to use,
the standard duration used by Group Policy is
90-120 minutes.
,Which of the following best Layered controls
describes Defense-in-Depth?
( Explanation )
Layered controls - Separation of Defense-in-depth is best characterized by
duties - Hardened perimeter layered defenses. The idea is that any layer of
security - Risk management defense may eventually fail, but a Layered
Defense offers better protection. Risk
management, separation of duties, and hardened
perimeters are part of a layered defense but do
not describe the full concept of DiD.
Which of the following is Guideline
considered a recommended
practice but not a business ( Explanation )
requirement? Guidelines, unlike standards and policies, are not
mandatory. Guidelines are more of a
Guideline - Standard - Baseline - recommendation of how something should be
Procedure done.
INCORRECT ON PT
Which of the following is a Include bug fixes and security patches
characteristic of Quality Updates
for Windows? ( Explanation )
Quality Updates are smaller improvements to
Are released less frequently than already existing software on Windows systems,
Feature Updates - Support and include bug fixes and security fixes. They are
deferring installation on Home released about every 30 days, whereas Feature
edition devices - Include bug fixes Updates are released a couple of times a year
and security patches - Increment and increment the Windows version. Installation
the version of Windows of Quality Updates may be deferred for up to 30
days, except on Home edition devices.
, When does applying an encryption When the algorithm is not a group
algorithm multiple times provide
additional security? ( Explanation )
Whether an algorithm is a group is an important
When the algorithm is a group - statistical consideration. If it is a group, then
When the algorithm is not a group - applying the algorithm multiple times is a waste
The algorithm uses xor - The of time. In 1992, it was proven that DES is not a
algorithm is weak group, in fact, so encrypting multiple times with
DES is not equivalent to encrypting once.
INCORRECT ON PT
How is a TCP/IP Packet generated Application Layer -> Transport Layer -> Internet
as it moves down through the Layer -> Network Layer
TCP/IP stack?
( Explanation )
(Network Layer -> Transport Layer - As a packet is generated the packet goes from
> Internet Layer -> Application Layer the Application Layer to the Transport Layer to
) (Network Layer -> Internet Layer - the Internet Layer and finally to the Network
> Transport Layer -> Application Layer.
Layer) (Application Layer ->
Transport Layer -> Internet Layer ->
Network Layer) (Application Layer -
> Internet Layer -> Transport Layer -
> Network Layer)
