Hacker Tools Techniques Exploits and Incident Handling

Here you have the best SANS SEC504 practice exam questions

You have 328 total questions across 66 pages (5 per page)
These questions were last updated on February 3, 2026
This site is not affiliated with or endorsed by SANS.

Question 1 of 328

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

A.

Preparation phase

B.

Eradication phase

C.

Identification phase

D.

Recovery phase

E.

Containment phase

Suggested Answer: A

Community votes

No votes yet

Question 2 of 328

Which of the following statements are true about netcat?
Each correct answer represents a complete solution. Choose all that apply.

A.

It provides special tunneling, such as UDP to TCP, with the possibility of specifying all network parameters.

B.

It can be used as a file transfer solution.

C.

It provides outbound and inbound connections for TCP and UDP ports.

D.

The nc -z command can be used to redirect stdin/stdout from a program.

Suggested Answer: A, B, C

Community votes

No votes yet

Question 3 of 328

Which of the following is a reason to implement security logging on a DNS server?

A.

For preventing malware attacks on a DNS server

B.

For measuring a DNS server's performance

C.

For monitoring unauthorized zone transfer

D.

For recording the number of queries resolved

Suggested Answer: C

Community votes

No votes yet

Question 4 of 328

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

A.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

B.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

C.

HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"

D.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Suggested Answer: B

Community votes

No votes yet

Question 5 of 328

You work as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company wants to fix potential vulnerabilities existing on the tested systems. You use Nessus as a vulnerability scanning program to fix the vulnerabilities. Which of the following vulnerabilities can be fixed using
Nessus?
Each correct answer represents a complete solution. Choose all that apply.

A.

Misconfiguration (e.g. open mail relay, missing patches, etc.)

B.

Vulnerabilities that allow a remote cracker to control sensitive data on a system

C.

Vulnerabilities that allow a remote cracker to access sensitive data on a system

D.

Vulnerabilities that help in Code injection attacks

Suggested Answer: A, B, C

Community votes

No votes yet

About the SANS SEC504 Certification Exam

About the Exam

The SANS SEC504 (Hacker Tools Techniques Exploits and Incident Handling) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 328 practice questions across 66 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our SEC504 questions are regularly updated to reflect the latest exam objectives.