SEC401 WORKBOOK ACTUAL SANS 401 GSEC EXAM

SEC401 WORKBOOK ACTUAL / SANS 401 GSEC EXAM

QUESTIONS AND VERIFIED ANSWERS PASSED

Identity ----Answers---Who you claim to be

Authentication ----Answers---A process by which you prove you are who you say you are. Something you know, have, are.

Authorization ----Answers---Determines what someone has access to or is allowed to do after authentication

Accountability ----Answers---Deals with knowing who did what and when

Least Privilege ----Answers---Diving the least amount of access needed to do a job

Need to Know ----Answers---Give access only when it is needed and take it away when it's not

Separation of Duties ----Answers---Break critical tasks across multiple people to limit exposure points

Rotation of Duties ----Answers---Change jobs on a regular basis 1 / 4

Single Sign-On ----Answers---Log on once and the credentials are carried with the user to simplify user management

Password Hash Strength determined by ----Answers--- Quality of Algorithm, Key Length, CPU Cycles, Character set support, Password Length

Salt ----Answers---Bytes or numbers added to hash to further create more possible passwords

Incident ----Answers---An adverse event in an information system and/or network, or threat of the occurrence of such event

Event ----Answers---Any observable occurrence in a system and/or network

Incident Handling Steps (6) ----Answers---Preparation Identification Containment Eradication Recovery Lesson's Learned

• / 4

Chain of Custody ----Answers---Document evidence items and its custody, transfer, and disposition

Real Evidence ----Answers---Is the tangible items. Seized Computer, USB, Printout, etc.

Direct Evidence ----Answers---What the handler actually saw, not what the handler surmised

Command Injection ----Answers---Attacker sends OS commands as form or other input and adds additional code for malicious cause

Buffer Overflows ----Answers---Program allocate a certain amount of buffer space to perform operations

SQL Injection ----Answers---Inserting SQL into a field which is executed on the backend of the database. Poor input validation

Cross-Site Scripting ----Answers---Allowing JavaScript to be entered into entry field and executing to steal cookies and session data

Return on Investment (ROI | ROSI) ----Answers---The financial benefit or return received from a given amount of money or capital invest into product 3 / 4

Social Engineering ----Answers---Attempts to manipulate or trick a person into providing information or access

Network Mapping (hping) ----Answers---Enables port scanning and spoofing simultaneously by crafting packets and analyzing the return. Test firewall rules, remote OS fingerprinting, audit TCP/IP stacks

Port Scanning (nmap) ----Answers---Network mapper that can give information about a network/device in order to understand open ports, services, etc.

Kismet ----Answers---Linux WLAN analysis tool which is completely passive and won't be detected with use

SSL/TLS ----Answers---Protocol for encrypting network traffic which operates on port 443

Secure Coding Essentials ----Answers---Validate all user input Handle errors and do not display errors to end users

Need for SID's and Cookies ----Answers---HTTP is stateless

Reasons for a SIEM ----Answers---Monitor web content and file integrity

• / 4