The Avant-garde Guide To GPEN Free Practice Questions

Proper study guides for Down to date GIAC GIAC Certified Penetration Tester certified begins with GIAC GPEN preparation products which designed to deliver the Exact GPEN questions by making you pass the GPEN test at your first time. Try the free GPEN demo right now.

Free GPEN Demo Online For GIAC Certifitcation:

NEW QUESTION 1

Which of the following techniques are NOT used to perform active OS fingerprinting?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Analyzing email headers
  • B. Sniffing and analyzing packets
  • C. ICMP error message quoting
  • D. Sending FIN packets to open ports on the remote system

Answer: AB

NEW QUESTION 2

You are conducting a penetration test for a private company located in Canada. The scope extends to all internal-facing hosts controlled by the company. You have gathered necessary hold-harmless and non-disclosure agreements. Which action by your group can incur criminal liability under Criminal Code of Canada Sections 184 and 542 CC 184?

  • A. Analyzing internal firewall router software for vulnerabilities
  • B. Exploiting application vulnerabilities on end-user workstations
  • C. Attempting to crack passwords on a development server
  • D. Capturing a VoIP call to a third party without prior notice

Answer: D

NEW QUESTION 3

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server.
The output of the scanning test is as follows:
C:\whisker.pl -h target_IP_address
-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =
= Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?
Each correct answer represents a complete solution. Choose all that apply.

  • A. 'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacke
  • B. The countermeasure to 'printenv' vulnerability is to remove the CGI scrip
  • C. This vulnerability helps in a cross site scripting attac
  • D. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious script

Answer: BCD

NEW QUESTION 4

A tester has been contracted to perform a penetration test for a corporate client. The scope of the test is limited to end-user workstations and client programs only. Which of die following actions is allowed in this test?

  • A. Attempting to redirect the internal gateway through ARP poisoning
  • B. Activating bot clients and performing a denial-of-service against the gatewa
  • C. Sniffing and attempting to crack the Domain Administrators password has
  • D. Sending a malicious pdf to a user and exploiting a vulnerable Reader versio

Answer: B

NEW QUESTION 5

GSM uses either A5/1 or A5/2 stream cipher for ensuring over-the-air voice privacy. Which
of the following cryptographic attacks can be used to break both ciphers?

  • A. Man-in-the-middle attack
  • B. Ciphertext only attack
  • C. Known plaintext attack
  • D. Replay attack

Answer: B

NEW QUESTION 6

How many bits encryption does SHA-1 use?

  • A. 128
  • B. 140
  • C. 512
  • D. 160

Answer: D

NEW QUESTION 7

Which of the following ports is used for NetBIOS null sessions?

  • A. 130
  • B. 139
  • C. 143
  • D. 131

Answer: B

NEW QUESTION 8

A penetration tester used a client-side browser exploit from metasploit to get an unprivileged shell prompt on the target Windows desktop. The penetration tester then tried using the getsystem command to perform a local privilege escalation which failed. Which of the following could resolve the problem?

  • A. Load priv module and try getsystem again
  • B. Run getuid command, then getpriv command, and try getsystem again
  • C. Run getuid command and try getsystem again
  • D. Use getprivs command instead of getsystem

Answer: B

NEW QUESTION 9

Which of the following best describes a client side exploit?

  • A. Attack of a client application that retrieves content from the network
  • B. Attack that escalates user privileged to root or administrator
  • C. Attack of a service listening on a client system
  • D. Attack on the physical machine

Answer: C

NEW QUESTION 10

What happens when you scan a broadcast IP address of a network?
Each correct answer represents a complete solution. Choose all that apply.

  • A. It leads to scanning of all the IP addresses on that subnet at the same tim
  • B. It will show an error in the scanning proces
  • C. It may show smurf DoS attack in the network IDS of the victi
  • D. Scanning of the broadcast IP address cannot be performe

Answer: AC

NEW QUESTION 11

When attempting to crack a password using Rainbow Tables, what is the output of the
reduction function?

  • A. A new potential chain
  • B. A new potential table
  • C. A new potential password
  • D. A new potential hash

Answer: D

Explanation:
Reference:
http://en.wikipedia.org/wiki/Rainbow_table

NEW QUESTION 12

Which of the following is NOT an example of passive footprinting?

  • A. Scanning port
  • B. Analyzing job requirement
  • C. Querying the search engin
  • D. Performing the whois quer

Answer: A

NEW QUESTION 13

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to perform a stealth scan to discover open ports and applications running on the We-are-secure server. For this purpose, he wants to initiate scanning with the IP address of any third party. Which of the following scanning techniques will John use to accomplish his task?

  • A. UDP
  • B. TCP SYN/ACK
  • C. IDLE
  • D. RPC

Answer: C

NEW QUESTION 14

You want to perform an active session hijack against Secure Inc. You have found a target that allows Telnet session. You have also searched an active session due to the high level of traffic on the network. What should you do next?

  • A. Use a sniffer to listen network traffi
  • B. Guess the sequence number
  • C. Use brutus to crack telnet passwor
  • D. Use macoff to change MAC addres

Answer: B

NEW QUESTION 15

Which of the following tools is used for SNMP enumeration?

  • A. SARA
  • B. Userinfo
  • C. Getif
  • D. Enum

Answer: C

NEW QUESTION 16

Victor works as a professional Ethical Hacker for SecureEnet Inc. He wants to scan the wireless network of the company. He uses a tool that is a free open-source utility for network exploration.
The tool uses raw IP packets to determine the following:
What ports are open on our network systems.
What hosts are available on the network.
Identify unauthorized wireless access points.
What services (application name and version) those hosts are offering.
What operating systems (and OS versions) they are running.
What type of packet filters/firewalls are in use.
Which of the following tools is Victor using?

  • A. Nmap
  • B. Kismet
  • C. Sniffer
  • D. Nessus

Answer: A

NEW QUESTION 17

If a password is seven characters or less, the second half of the LM hash is always ___________________.

  • A. 0xAAD3B4EE
  • B. 0xAAD3B4FF
  • C. 0xAAD3B435B51404FF
  • D. 0xAAD3B435B51404EE

Answer: D

NEW QUESTION 18

When DNS is being used for load balancing, why would a penetration tester choose to identify a scan target by its IP address rather than its host name?

  • A. Asingle IP may have multiple domain
  • B. A single domain name can only have one IP addres
  • C. Scanning tools only recognize IP addresses
  • D. A single domain name may have multiple IP addresse

Answer: C

Explanation:
Reference: http://www.flashcardmachine.com/sec-midterm.html

NEW QUESTION 19
......

Recommend!! Get the Full GPEN dumps in VCE and PDF From Dumps-hub.com, Welcome to Download: https://www.dumps-hub.com/GPEN-dumps.html (New 385 Q&As Version)