Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free SANS SEC504 Practice Exam with Questions & Answers | Set: 9

Questions 81

Victor is a novice Ethical Hacker. He is learning the hacking process, i.e., the steps taken by malicious hackers to perform hacking. Which of the following steps is NOT included in the hacking process?

Options:
A.

Scanning

B.

Preparation

C.

gaining access

D.

Reconnaissance

SANS SEC504 Premium Access
Questions 82

Which of the following techniques can be used to map 'open' or 'pass through' ports on a gateway?

Options:
A.

Traceport

B.

Tracefire

C.

Tracegate

D.

Traceroute

Questions 83

Which of the following incident response team members ensures that the policies of the organization are enforced during the incident response?

Options:
A.

Information Security representative

B.

Legal representative

C.

Human Resource

D.

Technical representative

Questions 84

The IT administrator wants to implement a stronger security policy. What are the four most important security priorities for PassGuide Software Systems Pvt. Ltd.?

Options:
A.

Providing secure communications between the overseas office and the headquarters.

B.

Implementing Certificate services on Texas office.

C.

Protecting employee data on portable computers.

D.

Providing two-factor authentication.

E.

Ensuring secure authentication.

F.

Preventing unauthorized network access.

G.

Providing secure communications between Washington and the headquarters office.

Questions 85

Maria works as a professional Ethical Hacker. She has been assigned the project of testing the security of www.gentech.com. She is using dumpster diving to gather information about Gentech Inc.

In which of the following steps of malicious hacking does dumpster diving come under?

Options:
A.

Multi-factor authentication

B.

Role-based access control

C.

Mutual authentication

D.

Reconnaissance

Questions 86

Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denialof-service, or unauthorized changes to system hardware, software, or data?

Options:
A.

Disaster Recovery Plan

B.

Cyber Incident Response Plan

C.

Crisis Communication Plan

D.

Occupant Emergency Plan

Questions 87

You run the following PHP script:

<?php $name = mysql_real_escape_string($_POST["name"]);

$password = mysql_real_escape_string($_POST["password"]); ?>

What is the use of the mysql_real_escape_string() function in the above script.

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

It can be used to mitigate a cross site scripting attack.

B.

It can be used as a countermeasure against a SQL injection attack.

C.

It escapes all special characters from strings $_POST["name"] and $_POST["password"] except ' and ".

D.

It escapes all special characters from strings $_POST["name"] and $_POST["password"].

Questions 88

US Garments wants all encrypted data communication between corporate office and remote location.

They want to achieve following results:

l Authentication of users

l Anti-replay

l Anti-spoofing

l IP packet encryption

They implemented IPSec using Authentication Headers (AHs). Which results does this solution provide?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

Anti-replay

B.

IP packet encryption

C.

Authentication of users

D.

Anti-spoofing

Questions 89

Which of the following attacks allows an attacker to retrieve crucial information from a Web server's database?

Options:
A.

Database retrieval attack

B.

PHP injection attack

C.

SQL injection attack

D.

Server data attack

Questions 90

Which of the following statements are true regarding SYN flood attack?

Options:
A.

The attacker sends a succession of SYN requests to a target system.

B.

SYN flood is a form of Denial-of-Service (DoS) attack.

C.

The attacker sends thousands and thousands of ACK packets to the victim.

D.

SYN cookies provide protection against the SYN flood by eliminating the resources allocated on the target host.

Exam Code: SEC504
Certification Provider: SANS
Exam Name: Hacker Tools, Techniques, Exploits and Incident Handling
Last Update: Sep 12, 2025
Questions: 328
SANS Free Access
Get SANS Full Access

SANS Free Exams
SANS Free Exams
Elevate your SANS exam preparation with free access to high-quality resources at Examstrack.