Sans 401: Data Security Technologies exam questions, Exams of Advanced Education

Sans 401: Data Security Technologies exam questions

Typology: Exams

2025/2026

Available from 05/11/2026

tizian-mwangi
tizian-mwangi 🇺🇸

4.1

(8)

29K documents

1 / 18

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 / 18
Sans 401: Data Security Technologies exam
questions
1.
Rotation
Subsitution:
The following example shows which kind of cipher operation?CAT
becomes PNG-PNG becomes CAT (Book 4 Page 18)
Permutatio
n
XOR
operation
Rotation
substitution
One-
way operation
2.
ECC:
Which of the following cryptographic algorithms is best suited for an application that requires
high security
and high speed; despite very limited space and power resources (such as with a smart card)? (Book 4
Page 74)
RSA
IDE
A
3DE
S
ECC
3.
Confirm the cryptographic hashes cannot be modfied: After storing the
cryptographic
hashes of critical files in a secure location, what is the next step in the process of file integrity checking?
(Book 4 Page
202)
Alert
on
new
files
within
critical
directories.
At set intervals, rerun cryptographic hashes on the specified files.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12

Partial preview of the text

Download Sans 401: Data Security Technologies exam questions and more Exams Advanced Education in PDF only on Docsity!

1 / 18

Sans 401: Data Security Technologies exam

questions

  1. Rotation Subsitution: The following example shows which kind of cipher operation?CAT becomes PNG-PNG becomes CAT (Book 4 Page 18) Permutatio n XOR operation Rotation substitution One- way operation
  2. ECC: Which of the following cryptographic algorithms is best suited for an application that requires high security and high speed; despite very limited space and power resources (such as with a smart card)? (Book 4 Page 74) RSA IDE A 3DE S ECC
  3. Confirm the cryptographic hashes cannot be modfied: After storing the cryptographic hashes of critical files in a secure location, what is the next step in the process of file integrity checking? (Book 4 Page 202) Alert on new files within critical directories. At set intervals, rerun cryptographic hashes on the specified files.

2 / 18 Confirm that cryptographic hashes cannot be modified. Compare new hashes against the original.

  1. GPG: Which of the following provides secure e-mail abilities such as digitally signed email and encrypted email? (Book 4 Page 104) EFS Veracrypt GPG BitLocker
  2. It requires monitoring and maintenance: Which of the following is true of IDS? (Book 4 Page 149) It requires monitoring and maintenance. t protects from an attack. It replaces firewalls. It does not need trained analysts.
  3. False Positive: What is the correct classification when an IDS triggers malicious activity alerts that are determined to be benign/normal activity? (Book 4 Page 150) True negative False positive True positive False negative
  4. ECC and SHA1: Which of the following ciphers would provide for nonrepudiation of an e-mail that you compose and are about to send? (Book 4 Page 13) Difle-Hellman and AES- 256 ECC and SHA

4 / 18 Application proxy gateway Stateless packet filter Stateful application gateway Stateful packet filter

  1. It is fairly easy to detect the use of cryptography but difficult to detect the use of steganography: Which of the following is true with respect to cryptography and steganography? (Book 4 Page 40) It is diflcult to detect the use of either cryptography or steganography. It is fairly easy to detect the use of cryptography but diflcult to detect the use of steganography. It is fairly easy to detect the use of steganography but diflcult to detect the use of cryptography. It is fairly easy to detect the use of both cryptography and steganography.
  2. VPN: What is a cheaper, more flexible alternative to private circuits connection that assures confidentiality in transit over a public, untrusted network? (Book 4 Page 88) WEP VPN WPA 2 Trunking
  3. Non-repudiation: A combination of asymmetric and hashing algorithms is used to meet the requirements of which of the following fundamental goals of cryptography? (Book 4 Page

Confidentialit y Authenticatio n Non-

5 / 18 repudiation Authorization

  1. The fact that you use full disk encryption on all drives: Which of the following reduces the risk of information exposure to a third party on a properly shut down mobile device that was forgotten on a train? (Book 4 Page The fact that you disabled the guest account. The fact that you use full disk encryption on all drives. The fact that you are required to use an IPsec VPN. The fact that your files have been digitally signed.
  2. It cannot be fooled with an ACK scan: Which of the following is true regarding a stateful firewall? (Book 4 Page 144) It cannot be fooled with an ACK scan. It inspects the application data to allow or deny network traflc. It is generally slower than an application layer firewall. It allows the unidirectional flow of information out of a secure network.
  3. Meet-in-the-middle attack: Double DES is susceptible to which of the following attacks? (Book 4 Page 66) Elliptic curve sniflng attack Integrity broker weakness attack Authentication bypass attack Meet-in-the- middle attack
  4. The HIDS produces a one-way hash of the file, saves it in a database, and regularly compares the stored hash to the file's current hash value: How does an HIDS verify the integrity of a file to ensure it was not modified? (Book 4 Page 201) The HIDS produces a one-way hash of the file, saves it in a database, and regularly compares the stored

7 / 18

DE

S

AE

S

IDE

A

Blowfish

  1. injection: In stenography, one creative way to hide comments inside an actual GIF is to use what kind of method? (Book 4 Page Injection Substitution LSB Redundant Pattern Encoding
  2. TCP traffic to destination port 80 from source TCP port 80: Which of the following scenarios would cause a protocol analysis IDS to generate an alert? (Book 4 Page

TCP port 53 traflc between a user workstation and your DNS server TCP acknowledgement number 30452 after sequence 30451 is transmitted. TCP traflc to destination port 80 from source TCP port 80 A TTL value of 126 in an IP packet that follows a previous packet with a TTL value of 127

  1. PKI: Which of the following is a system of functionality for the creation, maintenance, and revocation of certificates? (Book 4 Page 109) PKI KPI PM I PG P
  2. Anti-spoofing: What control prevents network addressing defined behind an interface from sourcing to

8 / 18 another interface? (Book 4 Page 141) Source manipulation prevention Trusted address routing Network whitelisting Anti-spoofing

  1. XOR: Widely used in cryptography, what is the name of the Boolean function where the output is TRUE (1) if the inputs are ditterent, and the output is FALSE (0) if the inputs are the same. (Book 4 Page 17) XOR NOR XNO R NAN D
  2. Network intrusion detection system: What network security device can alert on a potential attack, but not take any corrective actions to stop it? (Book 4 Page 134) Network Intrusion Prevention System Layer 7 Firewall Network intrusion detection system Next-gen unified threat management device
  3. Encryption: When considering cryptography, which of the following describes the transformation of plain-text into cipher-text? (Book 4 Page 8) Encryption Encapsulatio n Decryption Cryptanalysi s
  4. Firewall: What device acts as a router with a filtering ruleset that protects systems from

10 / 18 Passive analysis Inclusive analysis Active analysis Anomaly analysis

  1. Anomaly analysis: What type of analysis is used on IDS that requires it to have an understanding of normal, flag unexpected conditions as suspicious, and can catch zero-day exploits? (Book 4 Page 156) Application analysis Signature analysis Protocol analysis Anomaly analysis
  2. Hash: Which of the following cryptosystems implements one-way transformations? (Book 4 Page 24) Hash Dissymmetric Symmetric Asymmetric
  3. Control the damage: While prevention is always ideal, breaches are going to occur. What is the ultimate goal of endpoint security? (Book 4 Page 190) Control the access. Monitor the services. Control the damage. Track the assets.
  4. Create an image of normal activity and behaviors during different

11 / 18 times: How do you establish a baseline? (Book 4 Page 193) Create an image of normal activity and behaviors during minimal traflc times. Create an image of normal activity and behaviors during ditterent times. Create an image of normal activity and behaviors during peak traflc times. Create an image of host activity with all network services blocked.

  1. OCSP: Which protocol can be used to determine whether a certificate is valid by providing the certificate's serial number? (Book 4 Page 118) OCSP CRL OCV P CVP
  2. Host-based intrusion detection software installed on the SFTP server: A file containing sensitive data is stored on an SFTP server and available for download by trusted individuals. Permissions are configured on the file to prevent users from modifying its contents. Which of the following solutions is most likely to alert administrators first if the integrity of the file is breached? (Book 4 Page 207) Network-based intrusion detection system placed in user workstation VLANs Host-based intrusion detection software installed on the trusted users' workstations Network-based intrusion detection system placed in the SFTP server's VLAN

13 / 18

  1. AES: Which of the following algorithms was chosen by NIST in 2001 as the oflcial replacement for DES? (Book 4 Page 68) RSA AES 3DE S IDEA
  2. A one to two second delay compared to a private network: Which of the following is considered a drawback of using VPN technology? (Book 4 Page 90) Connect easily and cheaply to the Internet Create two internet connection points A one to two second delay compared to a private network Encrypt traflc over the internet
  3. Confidentiality: Which of the following is provided by Encapsulated Security Payload (ESP) but not by Authentication Header (AH) IPsec protocols? (Book 4 Page 94) Quality of service Origin authentication Data integrity Confidentiality
  4. : After storing the cryptographic hashes of critical files in a secure location, what is the next step in the process of file integrity checking? (Book 4 Page Confirm that cryptographic hashes cannot be modified. At set intervals, rerun cryptographic hashes on the specified files. Alert on new files within critical directories.

14 / 18 Compare new hashes against the original.

  1. Creating a picture of how a system normally looks and behaves: What is the purpose of a baseline? (Book 4 Page 192) Creating a picture of how a system normally looks and behaves Quickly identifying unapproved scans from external networks

16 / 18 between the original IP header and the encrypted data. The original header is used for routing to the destination

17 / 18 The original IP header is unencrypted, while the data are encrypted; a new IPsec trailer is appended after the encrypted data. A new IP header is created for routing to the destination. The original IP header and data are encrypted; a new IPsec header is prepended. The original encrypted IP header is used for routing to the destination

  1. El Gamal: Which of following is a cipher built upon the intractability of the discrete logarithm problem over finite fields? (Book 4 Page 60) DES El Gamal RSA ECDSA
  2. Symmetric: Which of the following crypto methods requires a single key to both encrypt and decrypt? (Book 4 Page 25) Symmetric encryption Hashing Asymmetric encryption Digital signatures
  3. Exclusive analysis: Which of the following describes the method of alerting that uses a list of events that can be ignored and raises an alert for events not on the list? (Book 4 Page 203) Keyword analysis Inclusive analysis Hybrid analysis Exclusive