SEC401 WORKBOOK, SANS 401 GSEC
EXAM
What is the name of the GUI you can use to manage GPG? - ANSWERS-GNU
Privacy Assistant
What encrypts the hash used in a digital signature? - ANSWERS-Sender's private
key
True or False? Snort can read existing tcpdump PCAP files? - ANSWERS-True
Sourcefire was acquired by what well-known company? - ANSWERS-Cisco Systems
What is the Snort signature syntax to examine application layer data? - ANSWERS-
content
What is it called when two different files produce the same hash? - ANSWERS-
Collision
What is the name of the commercial integrity checking tool mentioned? -
ANSWERS-Tripwire
,What tcpdump flag displays hex, ASCII, and the Ethernet header? - ANSWERS--XX
What tcpdump flag allows us to turn off hostname and port resolution? -
ANSWERS--nn
What TCP flag is the only one set when initiating a connection? - ANSWERS-SYN
Which tool from the aircrack-ng suite captures wireless frames? - ANSWERS-
airodump-ng
To crack WPA, you must capture a valid WPA handshake? - ANSWERS-True
What is the keyspace associated with WEP IVs? - ANSWERS-2^
What user account is part of Windows Resource Protection? - ANSWERS-
TrustedInstaller
What is the file system location where DLL files are stored? - ANSWERS-System32
What command is used to launch the graphical PowerShell ISE editor? -
ANSWERS-powershell_ise.exe
,What keyboard do we look for in secedit.exe log files to find mismatches? -
ANSWERS-Mismatch
What command is used to open a text file in the PowerShell ISE editor? -
ANSWERS-ise
What PowerShell commands show processes and services - ANSWERS-Get-
Process and Get-Service
What PowerShell command can export objects to a CSV text file? - ANSWERS-
Export-Csv
What PowerShell command strips away properties we don't care about? -
ANSWERS-Select-Object
What is the file used by John the Ripper to store cracked passwords? - ANSWERS-
john.pot
What password cracking method uses GECOS information? - ANSWERS-Single
True or False: John the Ripper can crack any password within 2 days? - ANSWERS-
False
, What Cisco password type were we easily able to decode with Cain? - ANSWERS-
Type-7
What is the name of the password database on Windows? - ANSWERS-SAM
Database
What Windows hash type did we crack with Cain and Abel? - ANSWERS-NT or
NTLM
What Nmap option enables you to write results in XML format? - ANSWERS--oX
Which Nmap scan type performs a Stealth Scan? - ANSWERS--sS
In what language are NSE scripts written? - ANSWERS-Lua
What is the name of the tool we used to display text from the program? -
ANSWERS-strings
What message did we get during the buffer overflow? - ANSWERS-Segmentation
fault
What do we prepend to a program to ensure it runs from the current folder? -
ANSWERS-./
EXAM
What is the name of the GUI you can use to manage GPG? - ANSWERS-GNU
Privacy Assistant
What encrypts the hash used in a digital signature? - ANSWERS-Sender's private
key
True or False? Snort can read existing tcpdump PCAP files? - ANSWERS-True
Sourcefire was acquired by what well-known company? - ANSWERS-Cisco Systems
What is the Snort signature syntax to examine application layer data? - ANSWERS-
content
What is it called when two different files produce the same hash? - ANSWERS-
Collision
What is the name of the commercial integrity checking tool mentioned? -
ANSWERS-Tripwire
,What tcpdump flag displays hex, ASCII, and the Ethernet header? - ANSWERS--XX
What tcpdump flag allows us to turn off hostname and port resolution? -
ANSWERS--nn
What TCP flag is the only one set when initiating a connection? - ANSWERS-SYN
Which tool from the aircrack-ng suite captures wireless frames? - ANSWERS-
airodump-ng
To crack WPA, you must capture a valid WPA handshake? - ANSWERS-True
What is the keyspace associated with WEP IVs? - ANSWERS-2^
What user account is part of Windows Resource Protection? - ANSWERS-
TrustedInstaller
What is the file system location where DLL files are stored? - ANSWERS-System32
What command is used to launch the graphical PowerShell ISE editor? -
ANSWERS-powershell_ise.exe
,What keyboard do we look for in secedit.exe log files to find mismatches? -
ANSWERS-Mismatch
What command is used to open a text file in the PowerShell ISE editor? -
ANSWERS-ise
What PowerShell commands show processes and services - ANSWERS-Get-
Process and Get-Service
What PowerShell command can export objects to a CSV text file? - ANSWERS-
Export-Csv
What PowerShell command strips away properties we don't care about? -
ANSWERS-Select-Object
What is the file used by John the Ripper to store cracked passwords? - ANSWERS-
john.pot
What password cracking method uses GECOS information? - ANSWERS-Single
True or False: John the Ripper can crack any password within 2 days? - ANSWERS-
False
, What Cisco password type were we easily able to decode with Cain? - ANSWERS-
Type-7
What is the name of the password database on Windows? - ANSWERS-SAM
Database
What Windows hash type did we crack with Cain and Abel? - ANSWERS-NT or
NTLM
What Nmap option enables you to write results in XML format? - ANSWERS--oX
Which Nmap scan type performs a Stealth Scan? - ANSWERS--sS
In what language are NSE scripts written? - ANSWERS-Lua
What is the name of the tool we used to display text from the program? -
ANSWERS-strings
What message did we get during the buffer overflow? - ANSWERS-Segmentation
fault
What do we prepend to a program to ensure it runs from the current folder? -
ANSWERS-./
