SEC401 Workbook, SANS 401 GSEC Exam SET QUESTIONS
AND REVISED ANSWERS >> ALREADY PASSED
What tcpdump flag displays hex, ASCII, and the Ethernet header? - --XX
- What tcpdump flag allows us to turn off hostname and port resolution? - --
nn
- What TCP flag is the only one set when initiating a connection? - -SYN
- Which tool from the aircrack-ng suite captures wireless frames? - -
airodump-ng
- To crack WPA, you must capture a valid WPA handshake? - -True
- What is the keyspace associated with WEP IVs? - -2^
- What user account is part of Windows Resource Protection? - -
TrustedInstaller
- What is the file system location where DLL files are stored? - -System32
- What command is used to launch the graphical PowerShell ISE editor? - -
powershell_ise.exe
- What keyboard do we look for in secedit.exe log files to find mismatches? -
-Mismatch
- What command is used to open a text file in the PowerShell ISE editor? - -
ise
- What PowerShell commands show processes and services - -Get-Process
and Get-Service
- What PowerShell command can export objects to a CSV text file? - -Export-
Csv
- What PowerShell command strips away properties we don't care about? - -
Select-Object
- What is the file used by John the Ripper to store cracked passwords? - -
john.pot
- What password cracking method uses GECOS information? - -Single
, - True or False: John the Ripper can crack any password within 2 days? - -
False
- What Cisco password type were we easily able to decode with Cain? - -
Type-7
- What is the name of the password database on Windows? - -SAM Database
- What Windows hash type did we crack with Cain and Abel? - -NT or NTLM
- What Nmap option enables you to write results in XML format? - --oX
- Which Nmap scan type performs a Stealth Scan? - --sS
- In what language are NSE scripts written? - -Lua
- What is the name of the tool we used to display text from the program? - -
strings
- What message did we get during the buffer overflow? - -Segmentation
fault
- What do we prepend to a program to ensure it runs from the current
folder? - -./
- What is the name of the function enabling this command injection bug? - -
system
- True or False? You need to use the | symbol to append on an additional
command? - -False
- What command did you use to go to the restricted shell? - -rbash
- Which hping3 option performs IP source address spoofing? - --a
- True or False? hping3 can transfer files covertly? - -True
- Using the "-t" flag with hping3, what can we set the value for? - -TTL
- Using the Pre-Scale option increases the host size by how many times? - -
4
- What is the name of the GUI you can use to manage GPG? - -GNU Privacy
Assistant
- What encrypts the hash used in a digital signature? - -Sender's private key
, - True or False? Snort can read existing tcpdump PCAP files? - -True
- Sourcefire was acquired by what well-known company? - -Cisco Systems
- What is the Snort signature syntax to examine application layer data? - -
content
- What is it called when two different files produce the same hash? - -
Collision
- What is the name of the commercial integrity checking tool mentioned? - -
Tripwire
- Network Topology - -The Physical/Logical shape of a network
- Logical Topology - -Gives the description for the physical layout, shows
VLAN's and where they are placed on the physical topology
- Trunk Port - -Connects packets that travel to all VLAN's on a switch
- Baseband Systems - -Transmits one signal on the medium (fiber, copper,
etc)
- Broadband - -Form of multiplexing to join multiple signals on a medium
- Ethernet - -Designed as baseband system that can be used in multiplexing
- CSMA/CD - -Carrier Sense Multiple Access/ Collision Detection
- Unicast - -Broadcast for a single device
- Multicast - -Broadcast for a specific group or multiple devices
- Broadcast - -Message for everyone to receive and process
- Hub - -Broadcasts packets to every single port
- Switch - -Broadcasts packets to device found on a singular port
- Content Addressable Memory (CAM) - -Is a table that contains the MAC
address and port associated to that MAC Address
- Virtual LAN (VLAN) - -Splitting a switch in which certain ports can only talk
to certain ports (Segment networks within a switch)
AND REVISED ANSWERS >> ALREADY PASSED
What tcpdump flag displays hex, ASCII, and the Ethernet header? - --XX
- What tcpdump flag allows us to turn off hostname and port resolution? - --
nn
- What TCP flag is the only one set when initiating a connection? - -SYN
- Which tool from the aircrack-ng suite captures wireless frames? - -
airodump-ng
- To crack WPA, you must capture a valid WPA handshake? - -True
- What is the keyspace associated with WEP IVs? - -2^
- What user account is part of Windows Resource Protection? - -
TrustedInstaller
- What is the file system location where DLL files are stored? - -System32
- What command is used to launch the graphical PowerShell ISE editor? - -
powershell_ise.exe
- What keyboard do we look for in secedit.exe log files to find mismatches? -
-Mismatch
- What command is used to open a text file in the PowerShell ISE editor? - -
ise
- What PowerShell commands show processes and services - -Get-Process
and Get-Service
- What PowerShell command can export objects to a CSV text file? - -Export-
Csv
- What PowerShell command strips away properties we don't care about? - -
Select-Object
- What is the file used by John the Ripper to store cracked passwords? - -
john.pot
- What password cracking method uses GECOS information? - -Single
, - True or False: John the Ripper can crack any password within 2 days? - -
False
- What Cisco password type were we easily able to decode with Cain? - -
Type-7
- What is the name of the password database on Windows? - -SAM Database
- What Windows hash type did we crack with Cain and Abel? - -NT or NTLM
- What Nmap option enables you to write results in XML format? - --oX
- Which Nmap scan type performs a Stealth Scan? - --sS
- In what language are NSE scripts written? - -Lua
- What is the name of the tool we used to display text from the program? - -
strings
- What message did we get during the buffer overflow? - -Segmentation
fault
- What do we prepend to a program to ensure it runs from the current
folder? - -./
- What is the name of the function enabling this command injection bug? - -
system
- True or False? You need to use the | symbol to append on an additional
command? - -False
- What command did you use to go to the restricted shell? - -rbash
- Which hping3 option performs IP source address spoofing? - --a
- True or False? hping3 can transfer files covertly? - -True
- Using the "-t" flag with hping3, what can we set the value for? - -TTL
- Using the Pre-Scale option increases the host size by how many times? - -
4
- What is the name of the GUI you can use to manage GPG? - -GNU Privacy
Assistant
- What encrypts the hash used in a digital signature? - -Sender's private key
, - True or False? Snort can read existing tcpdump PCAP files? - -True
- Sourcefire was acquired by what well-known company? - -Cisco Systems
- What is the Snort signature syntax to examine application layer data? - -
content
- What is it called when two different files produce the same hash? - -
Collision
- What is the name of the commercial integrity checking tool mentioned? - -
Tripwire
- Network Topology - -The Physical/Logical shape of a network
- Logical Topology - -Gives the description for the physical layout, shows
VLAN's and where they are placed on the physical topology
- Trunk Port - -Connects packets that travel to all VLAN's on a switch
- Baseband Systems - -Transmits one signal on the medium (fiber, copper,
etc)
- Broadband - -Form of multiplexing to join multiple signals on a medium
- Ethernet - -Designed as baseband system that can be used in multiplexing
- CSMA/CD - -Carrier Sense Multiple Access/ Collision Detection
- Unicast - -Broadcast for a single device
- Multicast - -Broadcast for a specific group or multiple devices
- Broadcast - -Message for everyone to receive and process
- Hub - -Broadcasts packets to every single port
- Switch - -Broadcasts packets to device found on a singular port
- Content Addressable Memory (CAM) - -Is a table that contains the MAC
address and port associated to that MAC Address
- Virtual LAN (VLAN) - -Splitting a switch in which certain ports can only talk
to certain ports (Segment networks within a switch)
