1
SANS SEC 401 MODULE QUIZES LATEST VERSION -2025/2026-
100+ QUESTIONS AND VERIFIED ANSWERS ALL THE BEST
Threat enumeration is a part of the overall concept known as threat intelligence,
which helps to understand the TTP of adversaries. Which of the TTPs is a high-
level description?
a) Tactics
b) Procedures
c) Tools
d) Techniques
a) Tactics
- book 1, page 29
Which of the following IEEE 802.11 amendments currently operates in the 5 GHz
frequency range and allows for a minimum of 1 Gbps bandwidth in a multi-link
scenario?
a) 802.11n
b) 802.11bg
c) 802.11ax
d) 802.11ac
d) 802.11ac
- book 1, page 179
Which of the following is true regarding a TCP/IP packet being generated as it
travels down the stack?
, 2
a) Each layer removes the previous header and adds its own.
b) The packet directly connects to the peer layer on the target device.
c) Each layer removes a header.
d) Each layer adds a header.
d) Each layer adds a header.
Which of the following IEEE 802.11 amendments was created to deliver the
feature set required to handle the upcoming strain that will be put on WLAN?
a) 802.11ax
b) 802.11bg
c) 802.11n
d) 802.11ac
a) 802.11ax
- book 1, page 181
Which part of IEEE 802 specifically defines the set of protocols for implementing
wireless local area networks?
a) IEEE 802.1
b) IEEE 802.3
c) IEEE 802.11
d) IEEE 802.1x
c) IEEE 802.11
- book 1, page 171
, 3
Which of the following TCP packet flags indicates that a connection is being shut
down in a graceful fashion?
a) URG
b) FIN
c) ACK
d) RST
b) FIN
- book 1, page 89
In what type of isolation violation does a malicious actor leverage a compromised
VM to execute code on the host computer?
a) VM escape
b) VM resource overloading
c) VM hyperjacking
d) VM sprawl
a) VM escape
- book 1, page 119
Which of the following describes the responsibility for security in a cloud
environment?
a) No responsibility for security
b) Full responsibility of cloud provider
c) Shared responsibility between the cloud provider and cloud subscriber
, 4
d) Full responsibility of cloud subscriber
c) Shared responsibility between the cloud provider and cloud subscriber
- book 1, page 137
What is the term for an individual, organization, or group who is capable and
motivated to carry out an attack?
a) Threat agent
b) Threat proxy
c) Hacktivist
d) Nation state
a) Threat agent
- book 1, page 30
Which of the following layers of the OSI protocol stack handles the establishment
and maintenance of connections?
a) Network
b) Session
c) Presentation
d) Transport
b) Session
- book 1, page 56
What is a method adopted by IEEE 802.11n that results in higher bandwidth?
a) Multiple input single output
SANS SEC 401 MODULE QUIZES LATEST VERSION -2025/2026-
100+ QUESTIONS AND VERIFIED ANSWERS ALL THE BEST
Threat enumeration is a part of the overall concept known as threat intelligence,
which helps to understand the TTP of adversaries. Which of the TTPs is a high-
level description?
a) Tactics
b) Procedures
c) Tools
d) Techniques
a) Tactics
- book 1, page 29
Which of the following IEEE 802.11 amendments currently operates in the 5 GHz
frequency range and allows for a minimum of 1 Gbps bandwidth in a multi-link
scenario?
a) 802.11n
b) 802.11bg
c) 802.11ax
d) 802.11ac
d) 802.11ac
- book 1, page 179
Which of the following is true regarding a TCP/IP packet being generated as it
travels down the stack?
, 2
a) Each layer removes the previous header and adds its own.
b) The packet directly connects to the peer layer on the target device.
c) Each layer removes a header.
d) Each layer adds a header.
d) Each layer adds a header.
Which of the following IEEE 802.11 amendments was created to deliver the
feature set required to handle the upcoming strain that will be put on WLAN?
a) 802.11ax
b) 802.11bg
c) 802.11n
d) 802.11ac
a) 802.11ax
- book 1, page 181
Which part of IEEE 802 specifically defines the set of protocols for implementing
wireless local area networks?
a) IEEE 802.1
b) IEEE 802.3
c) IEEE 802.11
d) IEEE 802.1x
c) IEEE 802.11
- book 1, page 171
, 3
Which of the following TCP packet flags indicates that a connection is being shut
down in a graceful fashion?
a) URG
b) FIN
c) ACK
d) RST
b) FIN
- book 1, page 89
In what type of isolation violation does a malicious actor leverage a compromised
VM to execute code on the host computer?
a) VM escape
b) VM resource overloading
c) VM hyperjacking
d) VM sprawl
a) VM escape
- book 1, page 119
Which of the following describes the responsibility for security in a cloud
environment?
a) No responsibility for security
b) Full responsibility of cloud provider
c) Shared responsibility between the cloud provider and cloud subscriber
, 4
d) Full responsibility of cloud subscriber
c) Shared responsibility between the cloud provider and cloud subscriber
- book 1, page 137
What is the term for an individual, organization, or group who is capable and
motivated to carry out an attack?
a) Threat agent
b) Threat proxy
c) Hacktivist
d) Nation state
a) Threat agent
- book 1, page 30
Which of the following layers of the OSI protocol stack handles the establishment
and maintenance of connections?
a) Network
b) Session
c) Presentation
d) Transport
b) Session
- book 1, page 56
What is a method adopted by IEEE 802.11n that results in higher bandwidth?
a) Multiple input single output
