SEC401 Workbook, SANS 401 GSEC Exam QUESTIONS A ND REVISED CORRECT ANSWERS >> ALREADY PASSED What tcpdump flag displays hex, ASCII, and the Ethernet header? - Answer --XX What tcpdump flag allows us to turn off hostname and port resolution? - Answer --nn What TCP flag is the only one set when initiating a connection? - Answer -SYN Which tool from the aircrack -ng suite captures wireless frames? - Answer -airodump -ng To crack WPA, you must capture a valid WPA handshake? - Answer -True What is the keyspace associated with WEP IVs? - Answer -2^ What user account is part of Windows Resource Protection? - Answer -TrustedInstaller What is the file system location where DLL files are stored? - Answer -System32 What command is used to launch the graphical PowerShell ISE editor? - Answer -
powershell_ise.exe What keyboard do we look for in secedit.exe log files to find mismatches? - Answer -
Mismatch What command is used to open a text file in the PowerShell ISE editor? - Answer -ise What PowerShell commands show processes and services - Answer -Get-Process and Get-Service What PowerShell command can export objects to a CSV text file? - Answer -Export -Csv What PowerShell command strips away properties we don't care about? - Answer -
Select -Object What is the file used by John the Ripper to store cracked passwords? - Answer -
john.pot What password cracking method uses GECOS information? - Answer -Single True or False: John the Ripper can crack any password within 2 days? - Answer -False What Cisc o password type were we easily able to decode with Cain? - Answer -Type -7 What is the name of the password database on Windows? - Answer -SAM Database What Windows hash type did we crack with Cain and Abel? - Answer -NT or NTLM What Nmap option enables you to write results in XML format? - Answer --oX Which Nmap scan type performs a Stealth Scan? - Answer --sS In what language are NSE scripts written? - Answer -Lua What is the name of the tool we used to display text from the program? - Answer -
string s What message did we get during the buffer overflow? - Answer -Segmentation fault What do we prepend to a program to ensure it runs from the current folder? - Answer -./ What is the name of the function enabling this command injection bug? - Answer -
system True or False? You need to use the | symbol to append on an additional command? - Answer -False What command did you use to go to the restricted shell? - Answer -rbash Which hping3 option performs IP source address spoofing? - Answer --a True or False? hping3 can transfer files covertly? - Answer -True Using the " -t" flag with hping3, what can we set the value for? - Answer -TTL Using the Pre -Scale option increases the host size by how many times? - Answer -4 What is the name of the GUI you can use to manage GPG? - Answer -GNU Privacy Assistant What encrypts the hash used in a digital signature? - Answer -Sender's private key True or False? Snort can read existing tcpdump PCAP files? - Answer -True Sourcefire was acquired by what well -known company? - Answer -Cisco Systems What is the Snort signature syntax to examine application layer data? - Answer -content What is it called when two different files produce the same hash? - Answer -Collision What is the name of the commercial inte grity checking tool mentioned? - Answer -
Tripwire Network Topology - Answer -The Physical/Logical shape of a network Logical Topology - Answer -Gives the description for the physical layout, shows VLAN's and where they are placed on the physical topology Trunk Port - Answer -Connects packets that travel to all VLAN's on a switch Baseband Systems - Answer -Transmits one signal on the medium (fiber, copper, etc) Broadband - Answer -Form of multiplexing to join multiple signals on a medium Ethernet - Answer -Designed as baseband system that can be used in multiplexing CSMA/CD - Answer -Carrier Sense Multiple Access/ Collision Detection Unicast - Answer -Broadcast for a single device Multicast - Answer -Broadcast for a specific group or mu ltiple devices Broadcast - Answer -Message for everyone to receive and process Hub - Answer -Broadcasts packets to every single port Switch - Answer -Broadcasts packets to device found on a singular port Content Addressable Memory (CAM) - Answer -Is a table that contains the MAC address and port associated to that MAC Address Virtual LAN (VLAN) - Answer -Splitting a switch in which certain ports can only talk to certain ports (Segment networks within a switch) Multiprotocol Label Switching (MPLS) - Answer -A different way of switching packets that can be used on a dedicated line 802.1x - Answer -Network Access Control that is a layer 2 authentication (Credentialed Question of 2FA) A security appliance should be set in place when - Answer -There is a change in trust level in the network Protocol - Answer -is an agreement or rules of engagement for how computer networks communicate
powershell_ise.exe What keyboard do we look for in secedit.exe log files to find mismatches? - Answer -
Mismatch What command is used to open a text file in the PowerShell ISE editor? - Answer -ise What PowerShell commands show processes and services - Answer -Get-Process and Get-Service What PowerShell command can export objects to a CSV text file? - Answer -Export -Csv What PowerShell command strips away properties we don't care about? - Answer -
Select -Object What is the file used by John the Ripper to store cracked passwords? - Answer -
john.pot What password cracking method uses GECOS information? - Answer -Single True or False: John the Ripper can crack any password within 2 days? - Answer -False What Cisc o password type were we easily able to decode with Cain? - Answer -Type -7 What is the name of the password database on Windows? - Answer -SAM Database What Windows hash type did we crack with Cain and Abel? - Answer -NT or NTLM What Nmap option enables you to write results in XML format? - Answer --oX Which Nmap scan type performs a Stealth Scan? - Answer --sS In what language are NSE scripts written? - Answer -Lua What is the name of the tool we used to display text from the program? - Answer -
string s What message did we get during the buffer overflow? - Answer -Segmentation fault What do we prepend to a program to ensure it runs from the current folder? - Answer -./ What is the name of the function enabling this command injection bug? - Answer -
system True or False? You need to use the | symbol to append on an additional command? - Answer -False What command did you use to go to the restricted shell? - Answer -rbash Which hping3 option performs IP source address spoofing? - Answer --a True or False? hping3 can transfer files covertly? - Answer -True Using the " -t" flag with hping3, what can we set the value for? - Answer -TTL Using the Pre -Scale option increases the host size by how many times? - Answer -4 What is the name of the GUI you can use to manage GPG? - Answer -GNU Privacy Assistant What encrypts the hash used in a digital signature? - Answer -Sender's private key True or False? Snort can read existing tcpdump PCAP files? - Answer -True Sourcefire was acquired by what well -known company? - Answer -Cisco Systems What is the Snort signature syntax to examine application layer data? - Answer -content What is it called when two different files produce the same hash? - Answer -Collision What is the name of the commercial inte grity checking tool mentioned? - Answer -
Tripwire Network Topology - Answer -The Physical/Logical shape of a network Logical Topology - Answer -Gives the description for the physical layout, shows VLAN's and where they are placed on the physical topology Trunk Port - Answer -Connects packets that travel to all VLAN's on a switch Baseband Systems - Answer -Transmits one signal on the medium (fiber, copper, etc) Broadband - Answer -Form of multiplexing to join multiple signals on a medium Ethernet - Answer -Designed as baseband system that can be used in multiplexing CSMA/CD - Answer -Carrier Sense Multiple Access/ Collision Detection Unicast - Answer -Broadcast for a single device Multicast - Answer -Broadcast for a specific group or mu ltiple devices Broadcast - Answer -Message for everyone to receive and process Hub - Answer -Broadcasts packets to every single port Switch - Answer -Broadcasts packets to device found on a singular port Content Addressable Memory (CAM) - Answer -Is a table that contains the MAC address and port associated to that MAC Address Virtual LAN (VLAN) - Answer -Splitting a switch in which certain ports can only talk to certain ports (Segment networks within a switch) Multiprotocol Label Switching (MPLS) - Answer -A different way of switching packets that can be used on a dedicated line 802.1x - Answer -Network Access Control that is a layer 2 authentication (Credentialed Question of 2FA) A security appliance should be set in place when - Answer -There is a change in trust level in the network Protocol - Answer -is an agreement or rules of engagement for how computer networks communicate
