SANS 410 COMPREHENSIVE STUDY
GUIDE 2026 FULL QUESTIONS AND
SOLUTIONS GRADED A+
◍ Industrial Control System (ICS).
Answer: A device, or set of devices, that manages, commands, directs, or
regulates the behavior of other devices or systems.
◍ Everyone can do everything they need to do and nothing more. Bradley
Manning - WikiLeaks Target - HVAC hack.
Answer: Principle of Least Privilege
◍ ICS technology drivers.
Answer: Reliability, efficiency, safety, and ease of use.
◍ The cornerstone of all security: Everyting done in security addresses one or
more of these three thingsConfidentiality, Integrity,
availabilityConfidentiality - Only those who need to access something can;
ties into principle of least privilegeIntegrity - data is edited correctly and by
the right people. Failure ex.: Delta $5 tickets round trip tickets to anywhere
Delta flies/attach on pricing databaseAvailability - If you cannot use it, why
do you have it?.
Answer: CIA Triad
◍ Discrete Process.
Answer: A process where a specified quantity of material moves as a unit
between workstations and each unit maintains it's unique identity.
◍ Batch Process.
Answer: A process that requires the mixing of raw materials, usually in a
heated vessel.
,◍ Pharmaceuticals and government, research.
Answer: Confidentiality
◍ Continuous Process.
Answer: A physical system that is represented through variables that are
smooth an uninterrupted in time.
◍ Hybrid Process.
Answer: reactive systems that intermix discrete and continuous processes
◍ Process Engineer.
Answer: Designs the systems and processes used in the control environment.
◍ Field Technician.
Answer: Maintains and repairs field devices
◍ Financials maintained in part by confidentiality.
Answer: Integrity
◍ eCommerce Ex. Amazon make $133,000/per minute thus denial of service
is critical business impact; power company need to keep lights on =
availability issue.
Answer: Availability
◍ Programmer.
Answer: Implements the individual steps of the process code and deploys
the code to the controllers.
◍ Authentication, Authorization, Accountability.
Answer: AAA
◍ Operator.
Answer: Works in the operations center remotely managing and controlling
the process
◍ Owner/Operators.
Answer: Purchases and uses the system. responsible for safe operation and
meeting regulations.
,◍ Integrator.
Answer: Design, configure, test, train, and refresh systems.
◍ Detailed steps to make policy happen.
Answer: Procedure
◍ programmable logic controller (PLC).
Answer: Computer based, solid-state devices that control industrial
equipment and processes.
◍ Policy, Procedure and Training.
Answer: PPT
◍ Users must know what policies and procedures say to follow them..
Answer: Training
◍ Remote terminal unit (RTU).
Answer: Is installed to report local system information and otherwise
communicate with the upstream supervisory system. Connection typically
made using RS-232 or RS-485
◍ Intelligent Electronic Device (IED).
Answer: Used in the power industry primarily, and have limited function,
but contain their own control logic and are usually micro-controller based.
◍ Digital Protective Relay (DPR).
Answer: Contains a micro-controller with the specific purpose of measuring
voltages and currents to determining whether a fault in the system exists.
◍ Phasor Measurement Unit (PMU).
Answer: Measure voltages and currents at principle intersecting locations on
a power grid and can output accurately timestamped voltage and current
phasors.
◍ Broad general statement of management's intent to protect information.
Answer: Policy
◍ A security professional needs to be:1/3 technologist1/3 manager1/3
lawyer-Tkhis is the perfect summation of the career field.-Technology
, supports security efforts-Management decisions (and budgets) drive
security-Legal issues mandate security requirements.
Answer: Security by Thirds
◍ Senior Mgmt:-Has legal responsibility to protect the assets of the org:That
give him the ultimate responsibility for security-Authority can be delegated
- responsibility cannot beData owner - person or office with primary
responsibility for data; owners determine classification, protective measures
and moreData custodian - the person/group that implement the controls;
make the decisions of the owner happensUsers - use data; are also
automatically data custodians.
Answer: Security Roles and Responsiblities
◍ safety of people.
Answer: Number 1 Goal of Security
◍ Communication Gateway.
Answer: Facilitates data acquitting, storage, transmission and protocol
conversion though the industrial data network. Widely used to apply
timestamp data to logs for locally connected RTUs
◍ years ago: teenagerstoday: we face organized crime and nation states-well
funded-highly motivateddisgruntled insider: difficult to counter; tends to be
subtle; often damaging or even devastatingAccidental insider: common; also
tend to be subtle; in aggregate - even ore damagingOutsider threat source -
inside threat actor: a growing proble, the current most-common attack
vector2014 - 47% of
U. S. adults had private data compromised in a breach (NBC News)FBI can
prove it was North Korea that attacked Sony.
Answer: Nature of the Threat
◍ verify identity; is Keith really Keith?(1) Verifying the integrity of a
transmitted message. See message integrity, e-mail authentication and MA
C. (2) Verifying the identity of a user logging into a network. Passwords,
digital certificates, smart cards and biometrics can be used to prove the
identity of the client to the network. Passwords and digital certificates can
GUIDE 2026 FULL QUESTIONS AND
SOLUTIONS GRADED A+
◍ Industrial Control System (ICS).
Answer: A device, or set of devices, that manages, commands, directs, or
regulates the behavior of other devices or systems.
◍ Everyone can do everything they need to do and nothing more. Bradley
Manning - WikiLeaks Target - HVAC hack.
Answer: Principle of Least Privilege
◍ ICS technology drivers.
Answer: Reliability, efficiency, safety, and ease of use.
◍ The cornerstone of all security: Everyting done in security addresses one or
more of these three thingsConfidentiality, Integrity,
availabilityConfidentiality - Only those who need to access something can;
ties into principle of least privilegeIntegrity - data is edited correctly and by
the right people. Failure ex.: Delta $5 tickets round trip tickets to anywhere
Delta flies/attach on pricing databaseAvailability - If you cannot use it, why
do you have it?.
Answer: CIA Triad
◍ Discrete Process.
Answer: A process where a specified quantity of material moves as a unit
between workstations and each unit maintains it's unique identity.
◍ Batch Process.
Answer: A process that requires the mixing of raw materials, usually in a
heated vessel.
,◍ Pharmaceuticals and government, research.
Answer: Confidentiality
◍ Continuous Process.
Answer: A physical system that is represented through variables that are
smooth an uninterrupted in time.
◍ Hybrid Process.
Answer: reactive systems that intermix discrete and continuous processes
◍ Process Engineer.
Answer: Designs the systems and processes used in the control environment.
◍ Field Technician.
Answer: Maintains and repairs field devices
◍ Financials maintained in part by confidentiality.
Answer: Integrity
◍ eCommerce Ex. Amazon make $133,000/per minute thus denial of service
is critical business impact; power company need to keep lights on =
availability issue.
Answer: Availability
◍ Programmer.
Answer: Implements the individual steps of the process code and deploys
the code to the controllers.
◍ Authentication, Authorization, Accountability.
Answer: AAA
◍ Operator.
Answer: Works in the operations center remotely managing and controlling
the process
◍ Owner/Operators.
Answer: Purchases and uses the system. responsible for safe operation and
meeting regulations.
,◍ Integrator.
Answer: Design, configure, test, train, and refresh systems.
◍ Detailed steps to make policy happen.
Answer: Procedure
◍ programmable logic controller (PLC).
Answer: Computer based, solid-state devices that control industrial
equipment and processes.
◍ Policy, Procedure and Training.
Answer: PPT
◍ Users must know what policies and procedures say to follow them..
Answer: Training
◍ Remote terminal unit (RTU).
Answer: Is installed to report local system information and otherwise
communicate with the upstream supervisory system. Connection typically
made using RS-232 or RS-485
◍ Intelligent Electronic Device (IED).
Answer: Used in the power industry primarily, and have limited function,
but contain their own control logic and are usually micro-controller based.
◍ Digital Protective Relay (DPR).
Answer: Contains a micro-controller with the specific purpose of measuring
voltages and currents to determining whether a fault in the system exists.
◍ Phasor Measurement Unit (PMU).
Answer: Measure voltages and currents at principle intersecting locations on
a power grid and can output accurately timestamped voltage and current
phasors.
◍ Broad general statement of management's intent to protect information.
Answer: Policy
◍ A security professional needs to be:1/3 technologist1/3 manager1/3
lawyer-Tkhis is the perfect summation of the career field.-Technology
, supports security efforts-Management decisions (and budgets) drive
security-Legal issues mandate security requirements.
Answer: Security by Thirds
◍ Senior Mgmt:-Has legal responsibility to protect the assets of the org:That
give him the ultimate responsibility for security-Authority can be delegated
- responsibility cannot beData owner - person or office with primary
responsibility for data; owners determine classification, protective measures
and moreData custodian - the person/group that implement the controls;
make the decisions of the owner happensUsers - use data; are also
automatically data custodians.
Answer: Security Roles and Responsiblities
◍ safety of people.
Answer: Number 1 Goal of Security
◍ Communication Gateway.
Answer: Facilitates data acquitting, storage, transmission and protocol
conversion though the industrial data network. Widely used to apply
timestamp data to logs for locally connected RTUs
◍ years ago: teenagerstoday: we face organized crime and nation states-well
funded-highly motivateddisgruntled insider: difficult to counter; tends to be
subtle; often damaging or even devastatingAccidental insider: common; also
tend to be subtle; in aggregate - even ore damagingOutsider threat source -
inside threat actor: a growing proble, the current most-common attack
vector2014 - 47% of
U. S. adults had private data compromised in a breach (NBC News)FBI can
prove it was North Korea that attacked Sony.
Answer: Nature of the Threat
◍ verify identity; is Keith really Keith?(1) Verifying the integrity of a
transmitted message. See message integrity, e-mail authentication and MA
C. (2) Verifying the identity of a user logging into a network. Passwords,
digital certificates, smart cards and biometrics can be used to prove the
identity of the client to the network. Passwords and digital certificates can
