SEC401 Workbook, SANS 401 GSEC Exam
QUESTIONS WITH COMPLETE 100%
VERIFIED SOLUTIONS 2024/2025
What tcpdump flag displays hex, ASCII, and the Ethernet header?
-XX
What tcpdump flag allows us to turn off hostname and port resolution?
-nn
What TCP flag is the only one set when initiating a connection?
SYN
Which tool from the aircrack-ng suite captures wireless frames?
airodump-ng
To crack WPA, you must capture a valid WPA handshake?
True
What is the keyspace associated with WEP IVs?
2^
What user account is part of Windows Resource Protection?
TrustedInstaller
What is the file system location where DLL files are stored?
System32
What command is used to launch the graphical PowerShell ISE editor?
powershell_ise.exe
What keyboard do we look for in secedit.exe log files to find mismatches?
Mismatch
What command is used to open a text file in the PowerShell ISE editor?
ise
What PowerShell commands show processes and services
Get-Process and Get-Service
What PowerShell command can export objects to a CSV text file?
Export-Csv
What PowerShell command strips away properties we don't care about?
Select-Object
What is the file used by John the Ripper to store cracked passwords?
john.pot
What password cracking method uses GECOS information?
,Single
True or False: John the Ripper can crack any password within 2 days?
False
What Cisco password type were we easily able to decode with Cain?
Type-7
What is the name of the password database on Windows?
SAM Database
What Windows hash type did we crack with Cain and Abel?
NT or NTLM
What Nmap option enables you to write results in XML format?
-oX
Which Nmap scan type performs a Stealth Scan?
-sS
In what language are NSE scripts written?
Lua
What is the name of the tool we used to display text from the program?
strings
What message did we get during the buffer overflow?
Segmentation fault
What do we prepend to a program to ensure it runs from the current folder?
./
What is the name of the function enabling this command injection bug?
system
True or False? You need to use the | symbol to append on an additional command?
False
What command did you use to go to the restricted shell?
rbash
Which hping3 option performs IP source address spoofing?
-a
True or False? hping3 can transfer files covertly?
True
Using the "-t" flag with hping3, what can we set the value for?
TTL
Using the Pre-Scale option increases the host size by how many times?
4
What is the name of the GUI you can use to manage GPG?
GNU Privacy Assistant
,What encrypts the hash used in a digital signature?
Sender's private key
True or False? Snort can read existing tcpdump PCAP files?
True
Sourcefire was acquired by what well-known company?
Cisco Systems
What is the Snort signature syntax to examine application layer data?
content
What is it called when two different files produce the same hash?
Collision
What is the name of the commercial integrity checking tool mentioned?
Tripwire
Network Topology
The Physical/Logical shape of a network
Logical Topology
Gives the description for the physical layout, shows VLAN's and where they are placed on the physical
topology
Trunk Port
Connects packets that travel to all VLAN's on a switch
Baseband Systems
Transmits one signal on the medium (fiber, copper, etc)
Broadband
Form of multiplexing to join multiple signals on a medium
Ethernet
Designed as baseband system that can be used in multiplexing
CSMA/CD
Carrier Sense Multiple Access/ Collision Detection
Unicast
Broadcast for a single device
Multicast
Broadcast for a specific group or multiple devices
Broadcast
Message for everyone to receive and process
Hub
Broadcasts packets to every single port
Switch
Broadcasts packets to device found on a singular port
,Content Addressable Memory (CAM)
Is a table that contains the MAC address and port associated to that MAC Address
Virtual LAN (VLAN)
Splitting a switch in which certain ports can only talk to certain ports (Segment networks within a switch)
Multiprotocol Label Switching (MPLS)
A different way of switching packets that can be used on a dedicated line
802.1x
Network Access Control that is a layer 2 authentication (Credentialed Question of 2FA)
A security appliance should be set in place when
There is a change in trust level in the network
Protocol
is an agreement or rules of engagement for how computer networks communicate
OSI Protocol Stack (7)
Layer 7) Application
Layer 6) Presentation
Layer 5) Session
Layer 4) Transport
Layer 3) Network
Layer 2) Data Link
Layer 1) Physical
Application Layer 7 OSI Stack
Browsers, FTP, HTTP, SCP
Presentation Layer 6 OSI Stack
Makes data presentable to the application or user (ASCII)
Session Layer 5 OSI Stack
Handles the establishment/maintenance of connections between systems
Transport Layer 4 OSI Stack
Determines that application the packet should be sent to through port numbers (Web on 80,443)
Network Layer 3 OSI Stack
Moving packets from one network to another network, uses logical addressing instead of physical
addressing
Data Link Layer 2 OSI Stack
Takes a packet and frames it suitable for transmission
Physical Layer 1 OSI Stack
Network cable, electromagnetic radiation
TCP/IP Protocol Stack (4)
,Layer 4) Application
Layer 3) Transport (TCP/UDP)
Layer 2) Internet (IP)
Layer 1) Network
Network Address in: 10.1.2.0/24 Subnet
10.1.2.0
Broadcast Address in: 10.1.2.0/24 Subnet
10.1.2.255
Class A CIDR Addressing (Mask, IP Range)
N.H.H.H, 255.0.0.0 - 1-127
10.0.0.0/8
16.7 Million IP's
Class B CIDR Addressing (Mask, IP Range)
N.N.H.H, 255.255.0.0 - 128-191
172.16.0.0/16
65,536 IP's
Class C CIDR Addressing (Mask, IP Range)
N.N.N.H, 255.255.255.0 - 192-223
192.168.1.0/24
256 IP's
Address that broadcasts to current network
255.255.255.255
ARP (Address Resolution Protocol)
Required to go from Layer 2 to 3, broadcasts to a network querying for an IP Address, once found, sends
it back to requesting MAC
DNS (Domain Name System)
Name to an IP Address (TCP/UDP 53)
Layer 3 Network Protocols
ICMP (Ping and Traceroute)
Layer 4 Transport Protocols
TCP (Connection) and UDP (Connectionless)
3-Way Handshake (TCP)
A: SYN
B: SYN ACK
A: ACK
Closing a TCP Session
, A: FIN
B: ACK
B: FIN
A: ACK
Sniffer
Program and/or device that monitors data traveling over a network
Bluetooth current Encryption
AES, vulnerabilities in the Application layer
802.11b supports up to
11 Mbps at 2.4 GHz
802.11a supports up to
54 Mbps at 5 GHz
802.11g supports up to
22/54 Mbps at 2.4 GHz
802.11n supports up to
54-600 Mbps at 5 GHz
802.11ac supports up to
1300 Mbps at 5 GHz
802.11i
Authentication at Layer 2, provides strong encryption, replay protection and integrity protection - WPA2
Wireless Encryption Standards
WEP -> WPA -> WPA2
Defense-in-Depth
Multiple levels of protection deployed in an environment in order to further protect all layers of the OSI
Model and critical assets
Risk=
Threats * Vulnerabilties
Threat
Potential to do harm to a System
Vulnerability
Ability for the threat to cause harm to a system
CIA (Confidentiality)
Information is available only to those who need access to it
CIA (Integrity)
No unauthorized changes to the file
CIA (Availability)
Data is available when you need/want it
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TheHUB26. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $18.49. You're not tied to anything after your purchase.