SANS SEC 301 COMPREHENSIVE TEST 2026
FULL QUESTIONS AND ANSWERS EXPERT
VERIFIED A+
●● Of the three control types in Risk Management, which deals with
authentication?
Preventive
Corrective
Responsive
Detective.
Answer: Preventive
Control types help lower risk in an organization. Authentication is a type
of preventative control because its goal is to keep people from accessing
your information systems if they are not authorized to do so. This type
of prevention is an ideal in security. Book 1 Page 18
●● What are the elements of the CIA Triad?
Confidentiality, Integrity, Availability
Confidentiality, Integrity, Authorization
Cryptography, Impersonation, Authorization
Cryptography, Integrity, Authorization.
Answer: Confidentiality, Integrity, Availability
,The CIA Triad consists of Confidentiality, Integrity, and Availability.
This is one of the cornerstones of all security. The principles behind CIA
are straightforward:• Confidentiality: Only those who need access to
something have access to it.• Integrity: Data is kept pristine, meaning it
is modified only by the correct people, in the correct way, and with the
correct information.• Availability: If you are unable to use it, why do you
have it? Whether it be a piece of data, a server, or any other resource, it
has to be available when we need it, or it does us no good. Book 1 Page
9
●● What can be used to lessen or mitigate system vulnerabilities?
Threat assessment
Countermeasures
Gap analysis
Passwords.
Answer: Countermeasures
A countermeasure is anything that can lessen or mitigate a vulnerability.
Countermeasures, sometimes called safeguards or controls, are any
measure taken to reduce or "mitigate" a problem. They can be
categorized as either Administrative, Technical or Physical. Book 1 Page
18
●● An analyst is reviewing log output as part of an investigation. The
logs include a hex value of 0xB5. What is the value of 0x?
,Low order bit
No value
Decimal base 10
Zero octet.
Answer: No value
0x## is a notation to show that what follows is hex. 0x has no value. The
characters "B5" represent the hex value being referenced. Each hex
character is one nibble of a binary byte. The first hex character is the
most significate nibble, and the second character is the least significant.
However, the 0x## has no value. Book 1 Page 47
●● At its most basic level, what is the one and only thing a computer can
do?
Add
Reason
Store data
Translate.
Answer: Add
When you really boil a computer's functionality down to the most basic
possible level, you find that a computer can do precisely one thing: it
can add. The computer sees a string of ones and zeros. The ones have a
particular value depending on the exact placement. (The system ignores
, zeros as simply placeholders.) The computer adds the values represented
by the location of the ones to come up with a specific value. Book 1
Page 36
●● What is the fundamental difference between the Internet of Things
(IoT) and the Industrial Internet of Things (IIoT)?
IoT manipulates data; IIoT manipulates physical objects
IoT is only in the home; IIoT is only in organizations
IoT manipulates physical objects; IIoT manipulates data
IoT functions at the Network layer; IIoT functions at the Transport layer.
Answer: IoT manipulates data; IIoT manipulates physical objects
Any device connected to the internet is part of the Internet of Things
(IoT) and the larger category of this is Industrial Internet of Things
(IIoT). The main distinction between the two is what they most
commonly manipulate. IoT devices deal with information technology
(IT). These devices manipulate data in some way. IIoT devices deal
more in the realm of operational technology (OT). They manipulate
physical objects. Book 1 Page 129
●● In computing, what is a "Boolean Expression"?
A series of eight bytes
The output of artificial intelligence chatbot
A shorthand method of writing hexadecimal values
FULL QUESTIONS AND ANSWERS EXPERT
VERIFIED A+
●● Of the three control types in Risk Management, which deals with
authentication?
Preventive
Corrective
Responsive
Detective.
Answer: Preventive
Control types help lower risk in an organization. Authentication is a type
of preventative control because its goal is to keep people from accessing
your information systems if they are not authorized to do so. This type
of prevention is an ideal in security. Book 1 Page 18
●● What are the elements of the CIA Triad?
Confidentiality, Integrity, Availability
Confidentiality, Integrity, Authorization
Cryptography, Impersonation, Authorization
Cryptography, Integrity, Authorization.
Answer: Confidentiality, Integrity, Availability
,The CIA Triad consists of Confidentiality, Integrity, and Availability.
This is one of the cornerstones of all security. The principles behind CIA
are straightforward:• Confidentiality: Only those who need access to
something have access to it.• Integrity: Data is kept pristine, meaning it
is modified only by the correct people, in the correct way, and with the
correct information.• Availability: If you are unable to use it, why do you
have it? Whether it be a piece of data, a server, or any other resource, it
has to be available when we need it, or it does us no good. Book 1 Page
9
●● What can be used to lessen or mitigate system vulnerabilities?
Threat assessment
Countermeasures
Gap analysis
Passwords.
Answer: Countermeasures
A countermeasure is anything that can lessen or mitigate a vulnerability.
Countermeasures, sometimes called safeguards or controls, are any
measure taken to reduce or "mitigate" a problem. They can be
categorized as either Administrative, Technical or Physical. Book 1 Page
18
●● An analyst is reviewing log output as part of an investigation. The
logs include a hex value of 0xB5. What is the value of 0x?
,Low order bit
No value
Decimal base 10
Zero octet.
Answer: No value
0x## is a notation to show that what follows is hex. 0x has no value. The
characters "B5" represent the hex value being referenced. Each hex
character is one nibble of a binary byte. The first hex character is the
most significate nibble, and the second character is the least significant.
However, the 0x## has no value. Book 1 Page 47
●● At its most basic level, what is the one and only thing a computer can
do?
Add
Reason
Store data
Translate.
Answer: Add
When you really boil a computer's functionality down to the most basic
possible level, you find that a computer can do precisely one thing: it
can add. The computer sees a string of ones and zeros. The ones have a
particular value depending on the exact placement. (The system ignores
, zeros as simply placeholders.) The computer adds the values represented
by the location of the ones to come up with a specific value. Book 1
Page 36
●● What is the fundamental difference between the Internet of Things
(IoT) and the Industrial Internet of Things (IIoT)?
IoT manipulates data; IIoT manipulates physical objects
IoT is only in the home; IIoT is only in organizations
IoT manipulates physical objects; IIoT manipulates data
IoT functions at the Network layer; IIoT functions at the Transport layer.
Answer: IoT manipulates data; IIoT manipulates physical objects
Any device connected to the internet is part of the Internet of Things
(IoT) and the larger category of this is Industrial Internet of Things
(IIoT). The main distinction between the two is what they most
commonly manipulate. IoT devices deal with information technology
(IT). These devices manipulate data in some way. IIoT devices deal
more in the realm of operational technology (OT). They manipulate
physical objects. Book 1 Page 129
●● In computing, what is a "Boolean Expression"?
A series of eight bytes
The output of artificial intelligence chatbot
A shorthand method of writing hexadecimal values
