SANS 401 Practice Exam
Save
In which directory can /usr/bin
executable programs that
are part of the operating
system be found?
(/) (/var) (/lib) (/dev)
(/usr/bin) (/home)
INCORRECT ON PT
The Windows Firewall Keep Blocking
(WF) provides a popup
when a new service ( Explanation )
attempts to listen on your The three available options for Windows Firewall are
machine. Which of the Keep Blocking, Unblock and Ask Me Later. Keep
following should you train Block does not allow the program to acquire a
users to select from a listening port. You should train your users to choose
security perspective if this option when there is any doubt as to what they
they are unsure of which should do. There are no Safe Mode or Send Request
option to select? to Admin options.
(Keep Blocking) (Increase
Security Level) (Safe
Mode) (Send Request to
Administrator)
, OS command injection
( Explanation )
Which Threat will be The primary way to avoid OS command injection
reduced when avoiding attacks is to avoid system calls from your web
system calls from within a application, especially when the system call is built
web app? based on user input. In most cases, you should be
able to find a function or library within your
programming language that can perform the same
action.
Every 90-120 minutes
How often by default
does Windows Group
( Explanation )
Policy check for updated
When a computer boots up, it downloads the GPO's
policies?
assigned to it and executes them automatically. Every
90-120 minutes thereafter, the computer checks that
(Once a day) (Within 30
none of the GPO's assigned to it have changed, if any
minutes of an applied
have, those are downloaded and run automatically
policy change) (Every
even if the computer has not rebooted. 0-30minutes,
quarter hour) (Every 90-
30-60 minutes and 120-180 minutes are durations a
120 minutes)
group policy could possibly be modified to use, the
standard duration used by Group Policy is 90-120
INCORRECT ON PT
minutes.
Which of the following Layered controls
best describes Defense-
in-Depth? ( Explanation )
Defense-in-depth is best characterized by layered
Layered controls - defenses. The idea is that any layer of defense may
Separation of duties - eventually fail, but a Layered Defense offers better
Hardened perimeter protection. Risk management, separation of duties,
security - Risk and hardened perimeters are part of a layered
management defense but do not describe the full concept of DiD.
,Which of the following is Guideline
considered a
recommended practice ( Explanation )
but not a business Guidelines, unlike standards and policies, are not
requirement? mandatory. Guidelines are more of a recommendation
of how something should be done.
Guideline - Standard -
Baseline - Procedure
INCORRECT ON PT
Which of the following is a Include bug fixes and security patches
characteristic of Quality
Updates for Windows? ( Explanation )
Quality Updates are smaller improvements to already
Are released less existing software on Windows systems, and include
frequently than Feature bug fixes and security fixes. They are released about
Updates - Support every 30 days, whereas Feature Updates are released
deferring installation on a couple of times a year and increment the Windows
Home edition devices - version. Installation of Quality Updates may be
Include bug fixes and deferred for up to 30 days, except on Home edition
security patches - devices.
Increment the version of
Windows
When does applying an When the algorithm is not a group
encryption algorithm
multiple times provide ( Explanation )
additional security? Whether an algorithm is a group is an important
statistical consideration. If it is a group, then applying
When the algorithm is a the algorithm multiple times is a waste of time. In 1992,
group - When the it was proven that DES is not a group, in fact, so
algorithm is not a group - encrypting multiple times with DES is not equivalent
The algorithm uses xor - to encrypting once.
The algorithm is weak
INCORRECT ON PT
, How is a TCP/IP Packet Application Layer -> Transport Layer -> Internet Layer
generated as it moves -> Network Layer
down through the TCP/IP
stack? ( Explanation )
As a packet is generated the packet goes from the
(Network Layer -> Application Layer to the Transport Layer to the
Transport Layer -> Internet Internet Layer and finally to the Network Layer.
Layer -> Application Layer
) (Network Layer ->
Internet Layer -> Transport
Layer -> Application Layer)
(Application Layer ->
Transport Layer -> Internet
Layer -> Network Layer)
(Application Layer ->
Internet Layer -> Transport
Layer -> Network Layer)
Save
In which directory can /usr/bin
executable programs that
are part of the operating
system be found?
(/) (/var) (/lib) (/dev)
(/usr/bin) (/home)
INCORRECT ON PT
The Windows Firewall Keep Blocking
(WF) provides a popup
when a new service ( Explanation )
attempts to listen on your The three available options for Windows Firewall are
machine. Which of the Keep Blocking, Unblock and Ask Me Later. Keep
following should you train Block does not allow the program to acquire a
users to select from a listening port. You should train your users to choose
security perspective if this option when there is any doubt as to what they
they are unsure of which should do. There are no Safe Mode or Send Request
option to select? to Admin options.
(Keep Blocking) (Increase
Security Level) (Safe
Mode) (Send Request to
Administrator)
, OS command injection
( Explanation )
Which Threat will be The primary way to avoid OS command injection
reduced when avoiding attacks is to avoid system calls from your web
system calls from within a application, especially when the system call is built
web app? based on user input. In most cases, you should be
able to find a function or library within your
programming language that can perform the same
action.
Every 90-120 minutes
How often by default
does Windows Group
( Explanation )
Policy check for updated
When a computer boots up, it downloads the GPO's
policies?
assigned to it and executes them automatically. Every
90-120 minutes thereafter, the computer checks that
(Once a day) (Within 30
none of the GPO's assigned to it have changed, if any
minutes of an applied
have, those are downloaded and run automatically
policy change) (Every
even if the computer has not rebooted. 0-30minutes,
quarter hour) (Every 90-
30-60 minutes and 120-180 minutes are durations a
120 minutes)
group policy could possibly be modified to use, the
standard duration used by Group Policy is 90-120
INCORRECT ON PT
minutes.
Which of the following Layered controls
best describes Defense-
in-Depth? ( Explanation )
Defense-in-depth is best characterized by layered
Layered controls - defenses. The idea is that any layer of defense may
Separation of duties - eventually fail, but a Layered Defense offers better
Hardened perimeter protection. Risk management, separation of duties,
security - Risk and hardened perimeters are part of a layered
management defense but do not describe the full concept of DiD.
,Which of the following is Guideline
considered a
recommended practice ( Explanation )
but not a business Guidelines, unlike standards and policies, are not
requirement? mandatory. Guidelines are more of a recommendation
of how something should be done.
Guideline - Standard -
Baseline - Procedure
INCORRECT ON PT
Which of the following is a Include bug fixes and security patches
characteristic of Quality
Updates for Windows? ( Explanation )
Quality Updates are smaller improvements to already
Are released less existing software on Windows systems, and include
frequently than Feature bug fixes and security fixes. They are released about
Updates - Support every 30 days, whereas Feature Updates are released
deferring installation on a couple of times a year and increment the Windows
Home edition devices - version. Installation of Quality Updates may be
Include bug fixes and deferred for up to 30 days, except on Home edition
security patches - devices.
Increment the version of
Windows
When does applying an When the algorithm is not a group
encryption algorithm
multiple times provide ( Explanation )
additional security? Whether an algorithm is a group is an important
statistical consideration. If it is a group, then applying
When the algorithm is a the algorithm multiple times is a waste of time. In 1992,
group - When the it was proven that DES is not a group, in fact, so
algorithm is not a group - encrypting multiple times with DES is not equivalent
The algorithm uses xor - to encrypting once.
The algorithm is weak
INCORRECT ON PT
, How is a TCP/IP Packet Application Layer -> Transport Layer -> Internet Layer
generated as it moves -> Network Layer
down through the TCP/IP
stack? ( Explanation )
As a packet is generated the packet goes from the
(Network Layer -> Application Layer to the Transport Layer to the
Transport Layer -> Internet Internet Layer and finally to the Network Layer.
Layer -> Application Layer
) (Network Layer ->
Internet Layer -> Transport
Layer -> Application Layer)
(Application Layer ->
Transport Layer -> Internet
Layer -> Network Layer)
(Application Layer ->
Internet Layer -> Transport
Layer -> Network Layer)
