SEC504 SANS Hacker Tools, Techniques, Exploits and Incident Handling Free Practice Exam Questions (2025 Updated)
Prepare effectively for your SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.
Which of the following commands can be used for port scanning?
You want to scan your network quickly to detect live hosts by using ICMP ECHO Requests. What type of scanning will you perform to accomplish the task?
Which of the following tools can be used to detect the steganography?
You run the following command while using Nikto Web scanner:
perl nikto.pl -h 192.168.0.1 -p 443
What action do you want to perform?
Which of the following methods can be used to detect session hijacking attack?
Which of the following takes control of a session between a server and a client using TELNET, FTP, or any other non-encrypted TCP/IP utility?
Fill in the blank with the appropriate term.
_______is the practice of monitoring and potentially restricting the flow of information outbound from one network to another
Adam has installed and configured his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Adam notices that when he uses his wireless connection, the speed is sometimes 16 Mbps and sometimes it is only 8 Mbps or less. Adam connects to the management utility wireless router and finds out that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop.
Which of the following attacks has been occurred on the wireless network of Adam?
Which of the following statements are true about netcat?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following types of attacks is only intended to make a computer resource unavailable to its users?
Which of the following statements about a Trojan horse are true?
Each correct answer represents a complete solution. Choose two.
Which of the following is a reason to implement security logging on a DNS server?
Which of the following statements are true about firewalking?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following are types of access control attacks?
Each correct answer represents a complete solution. Choose all that apply.
Network mapping provides a security testing team with a blueprint of the organization. Which of the following steps is NOT a part of manual network mapping?
Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?
Adam, a malicious hacker is running a scan. Statistics of the scan is as follows:
Scan directed at open port: ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23192.5.2.92:4079 <</b>----NO RESPONSE---
---192.5.2.110:23
Scan directed at closed port:
ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23
192.5.2.92:4079<</b>-----RST/ACK----------192.5.2.110:23
Which of the following types of port scan is Adam running?
Who are the primary victims of smurf attacks on the contemporary Internet system?
Which of the following statements about Denial-of-Service (DoS) attack are true?
Each correct answer represents a complete solution. Choose three.
Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this?
