SANS 401 GSEC EXAM QUESTIONS ANSWERED CORRECTLY LATEST UPDATE 2026

SANS 401 GSEC EXAM QUESTIONS ANSWERED CORRECTLY LATEST UPDATE 2026 Network Topology - Answers The Physical/Logical shape of a network Logical Topology - Answers Gives the description for the physical layout, shows VLAN's and where they are placed on the physical topology Trunk Port - Answers Connects packets that travel to all VLAN's on a switch Baseband Systems - Answers Transmits one signal on the medium (fiber, copper, etc) Broadband - Answers Form of multiplexing to join multiple signals on a medium Ethernet - Answers Designed as baseband system that can be used in multiplexing CSMA/CD - Answers Carrier Sense Multiple Access/ Collision Detection Unicast - Answers Broadcast for a single device Multicast - Answers Broadcast for a specific group or multiple devices Broadcast - Answers Message for everyone to receive and process Hub - Answers Broadcasts packets to every single port Switch - Answers Broadcasts packets to device found on a singular port Content Addressable Memory (CAM) - Answers Is a table that contains the MAC address and port associated to that MAC Address Virtual LAN (VLAN) - Answers Splitting a switch in which certain ports can only talk to certain ports (Segment networks within a switch) Multiprotocol Label Switching (MPLS) - Answers A different way of switching packets that can be used on a dedicated line 802.1x - Answers Network Access Control that is a layer 2 authentication (Credentialed Question of 2FA) A security appliance should be set in place when - Answers There is a change in trust level in the network Protocol - Answers is an agreement or rules of engagement for how computer networks communicate OSI Protocol Stack (7) - Answers Layer 7) Application Layer 6) Presentation Layer 5) Session Layer 4) Transport Layer 3) Network Layer 2) Data Link Layer 1) Physical Application Layer 7 OSI Stack - Answers Browsers, FTP, HTTP, SCP Presentation Layer 6 OSI Stack - Answers Makes data presentable to the application or user (ASCII) Session Layer 5 OSI Stack - Answers Handles the establishment/maintenance of connections between systems Transport Layer 4 OSI Stack - Answers Determines that application the packet should be sent to through port numbers (Web on 80,443) Network Layer 3 OSI Stack - Answers Moving packets from one network to another network, uses logical addressing instead of physical addressing Data Link Layer 2 OSI Stack - Answers Takes a packet and frames it suitable for transmission Physical Layer 1 OSI Stack - Answers Network cable, electromagnetic radiation TCP/IP Protocol Stack (4) - Answers Layer 4) Application Layer 3) Transport (TCP/UDP) Layer 2) Internet (IP) Layer 1) Network Network Address in: 10.1.2.0/24 Subnet - Answers 10.1.2.0 Broadcast Address in: 10.1.2.0/24 Subnet - Answers 10.1.2.255 Class A CIDR Addressing (Mask, IP Range) - Answers N.H.H.H, 255.0.0.0 - 1-127 10.0.0.0/8 16.7 Million IP's Class B CIDR Addressing (Mask, IP Range) - Answers N.N.H.H, 255.255.0.0 - 128-191 172.16.0.0/16 65,536 IP's Class C CIDR Addressing (Mask, IP Range) - Answers N.N.N.H, 255.255.255.0 - 192-223 192.168.1.0/24 256 IP's Address that broadcasts to current network - Answers 255.255.255.255 ARP (Address Resolution Protocol) - Answers Required to go from Layer 2 to 3, broadcasts to a network querying for an IP Address, once found, sends it back to requesting MAC DNS (Domain Name System) - Answers Name to an IP Address (TCP/UDP 53) Layer 3 Network Protocols - Answers ICMP (Ping and Traceroute) Layer 4 Transport Protocols - Answers TCP (Connection) and UDP (Connectionless) 3-Way Handshake (TCP) - Answers A: SYN B: SYN ACK A: ACK Closing a TCP Session - Answers A: FIN B: ACK B: FIN A: ACK Sniffer - Answers Program and/or device that monitors data traveling over a network Bluetooth current Encryption - Answers AES, vulnerabilities in the Application layer 802.11b supports up to - Answers 11 Mbps at 2.4 GHz 802.11a supports up to - Answers 54 Mbps at 5 GHz 802.11g supports up to - Answers 22/54 Mbps at 2.4 GHz 802.11n supports up to - Answers 54-600 Mbps at 5 GHz 802.11ac supports up to - Answers 1300 Mbps at 5 GHz 802.11i - Answers Authentication at Layer 2, provides strong encryption, replay protection and integrity protection - WPA2 Wireless Encryption Standards - Answers WEP - WPA - WPA2 Defense-in-Depth - Answers Multiple levels of protection deployed in an environment in order to further protect all layers of the OSI Model and critical assets Risk= - Answers Threats * Vulnerabilties Threat - Answers Potential to do harm to a System Vulnerability - Answers Ability for the threat to cause harm to a system CIA (Confidentiality) - Answers Information is available only to those who need access to it CIA (Integrity) - Answers No unauthorized changes to the file CIA (Availability) - Answers Data is available when you need/want it Zero Day - Answers Vulnerability that is unknown Approaches to Defense-in-Depth - Answers Uniform Protection Protected Enclaves Information Centric Threat Vector Analysis Viruses - Answers Not Self-Propagating, external means of transport Worm - Answers Self-propagating, code that looks for systems and tries to access Trojan - Answers Tries to be useful software but contains malware Logic Bomb - Answers Executes when certain conditions are met Policy - Answers Protects the organizations, the people, and the information Procedure - Answers Detailed steps to be followed by users, system operations personnel, or others to accomplish a specific task Standard - Answers Organizational that specifies uniform use of specific technologies or parameters Baseline - Answers A more specific implementation of a standard Guidline - Answers A suggestion or set of best practices NDA - Answers Protects sensitive information, individuals must keep it confidential Copyright - Answers Everything created has an implied copyright Business Continuity Planning - Answers Is a strategic plan focusing on the availability of critical business processes. Prepare and Mitigate Disaster Recovery Plan - Answers Covers the recovery of IT systems in the event of a disruption or disaster. Respond and Recover Identity - Answers Who you claim to be Authentication - Answers A process by which you prove you are who you say you are. Something you know, have, are. Authorization - Answers Determines what someone has access to or is allowed to do after authentication Accountability - Answers Deals with knowing who did what and when Least Privilege - Answers Diving the least amount of access needed to do a job Need to Know - Answers Give access only when it is needed and take it away when it's not Separation of Duties - Answers Break critical tasks across multiple people to limit exposure points Rotation of Duties - Answers Change jobs on a regular basis Single Sign-On - Answers Log on once and the credentials are carried with the user to simplify user management Password Hash Strength determined by - Answers Quality of Algorithm, Key Length, CPU Cycles, Character set support, Password Length Salt - Answers Bytes or numbers added to hash to further create more possible passwords Incident - Answers An adverse event in an information system and/or network, or threat of the occurrence of such event Event - Answers Any observable occurrence in a system and/or network Incident Handling Steps (6) - Answers Preparation Identification Containment Eradication Recovery Lesson's Learned Chain of Custody - Answers Document evidence items and its custody, transfer, and disposition Real Evidence - Answers Is the tangible items. Seized Computer, USB, Printout, etc. Direct Evidence - Answers What the handler actually saw, not what the handler surmised Command Injection - Answers Attacker sends OS commands as form or other input and adds additional code for malicious cause Buffer Overflows - Answers Program allocate a certain amount of buffer space to perform operations SQL Injection - Answers Inserting SQL into a field which is executed on the backend of the database. Poor input validation Cross-Site Scripting - Answers Allowing JavaScript to be entered into entry field and executing to steal cookies and session data Return on Investment (ROI | ROSI) - Answers The financial benefit or return received from a given amount of money or capital invest into product Social Engineering - Answers Attempts to manipulate or trick a person into providing information or access Network Mapping (hping) - Answers Enables port scanning and spoofing simultaneously by crafting packets and analyzing the return. Test firewall rules, remote OS fingerprinting, audit TCP/IP stacks Port Scanning (nmap) - Answers Network mapper that can give information about a network/device in order to understand open ports, services, etc. Kismet - Answers Linux WLAN analysis tool which is completely passive and won't be detected with use SSL/TLS - Answers Protocol for encrypting network traffic which operates on port 443 Secure Coding Essentials - Answers Validate all user input Handle errors and do not display errors to end users Need for SID's and Cookies - Answers HTTP is stateless Reasons for a SIEM - Answers Monitor web content and file integrity Track performance and look for trends and anomalies Firewalls - Answers A router with a filtering ruleset which reduces risks by protecting systems from attempts to exploit vulnerabilities. Stateless Packet Filter - Answers Low-end firewall: Enhanced security and very fast. Can be bypassed by attackers by sending only ACK packets, no SYN. How often is ACK packet set in TCP connection - Answers All of them except for the first packet of 3-way handshake (SYN only) Proxy - Answers Maintains complete TCP connection state and sequencing through two connections Data Diode - Answers Is a semiconductor device with two terminals, typically allowing the flow of current in one direction only