GIAC GPEN Free Practice Questions

NEW QUESTION 1

During a penetration test you discover a valid set of SSH credentials to a remote system. How can this be used to your advantage in a Nessus scan?

• A. This information can be entered under the 'Hydra' tab to launch a brute-forcepassword attac
• B. There isn't an advantage as Nessus will ultimately discover this informatio
• C. The "SSH' box can be checked to let Nessus know the remote system is running
• D. This information can be entered under the 'credentials' tab to allow Nessus to log into the system

Answer: C

NEW QUESTION 2

You are performing a wireless penetration lest and are currently looking for rogue access points in one of their large facilities. You need to select an antenna that you can setup in a building and monitor the area for several days to see if any access points are turned on during the duration of the test. What type of antenna will you be selecting for this task?

• A. High gain and Omni-Directional
• B. High gain and Directional
• C. Low gain and Omni-Directional
• D. Low gain and Directional

Answer: B

NEW QUESTION 3

In which layer of the OSI model does a sniffer operate?

• A. Network layer
• B. Session layer
• C. Presentation layer
• D. Data link layer

Answer: D

NEW QUESTION 4

Analyze the command output below. What information can the tester infer directly from the information shown?

• A. The administrator account has no password
• B. Null sessions are enabled on the target
• C. The target host is running Linux with Samba services
• D. Account lockouts must be reset by the Administrator

Answer: C

NEW QUESTION 5

You work as a Web developer in the IBM Inc. Your area of proficiency is PHP. Since you have proper knowledge of security, you have bewared from rainbow attack. For mitigating this attack, you design the PHP code based on the following algorithm:
key = hash(password + salt)
for 1 to 65000 do
key = hash(key + salt)
Which of the following techniques are you implementing in the above algorithm?

• A. Key strengthening
• B. Hashing
• C. Sniffing
• D. Salting

Answer: A

NEW QUESTION 6
168.1 200, which of the following would you see?

• A. Ping-n 1 192.168.1 200 on the compromised system
• B. A 'Destination host unreachable' error message on the compromised system
• C. A packet containing 'Packets: Sent - 1 Received = 1, Loss = 0 (0% loss) on yoursniffer
• D. An ICMP Echo packet on your sniffer containing the source address of the target

Answer: A

NEW QUESTION 7

What happens when you scan a broadcast IP address of a network?
Each correct answer represents a complete solution. Choose all that apply.

• A. It will show an error in the scanning proces
• B. Scanning of the broadcast IP address cannot be performe
• C. It may show smurf DoS attack in the network IDS of the victi
• D. It leads to scanning of all the IP addresses on that subnet at the same tim

Answer: CD

NEW QUESTION 8

You have been contracted to map me network and try to compromise the servers for a client. Which of the following would be an example of scope creep' with respect to this penetration testing project?

• A. Disclosing information forbidden in the NDA
• B. Compromising a server then escalating privileges
• C. Being asked to compromise workstations
• D. Scanning network systems slowly so you are not detected

Answer: B

NEW QUESTION 9

Which of the following TCSEC classes defines verified protection?

• A. Class B
• B. Class D
• C. Class A
• D. Class C

Answer: C

NEW QUESTION 10

What is the MOST important document to obtain before beginning any penetration testing?

• A. Project plan
• B. Exceptions document
• C. Project contact list
• D. A written statement of permission

Answer: A

Explanation:
Reference:
Before starting a penetration test, all targets must be identified. These targets should be obtained from the customer during the initial questionnaire phase. Targets can be given in the form of specific IP addresses, network ranges, or domain names by the customer. In some instances, the only target the customer provides is the name of the organization and expects the testers be able to identify the rest on their own. It is important to define if systems like firewalls and IDS/IPS or networking equipment that are between the tester and the final target are also part of the scope. Additional elements such as upstream providers, and other 3rd party providers should be identified and defined whether they are in scope or not.

NEW QUESTION 11

Which of the following penetration testing phases involves gathering data from whois, DNS, and network scanning, which helps in mapping a target network and provides valuable information regarding the operating system and applications running on the systems?

• A. Post-attack phase
• B. Attack phase
• C. Pre-attack phase
• D. On-attack phase

Answer: C

NEW QUESTION 12

The employees of CCN Inc. require remote access to the company's proxy servers. In order to provide solid wireless security, the company uses LEAP as the authentication protocol. Which of the following is supported by the LEAP protocol?
Each correct answer represents a complete solution. Choose all that apply.

• A. Public key certificate for server authentication
• B. Password hash for client authentication
• C. Strongest security level
• D. Dynamic key encryption

Answer: BD

NEW QUESTION 13

Which of the following are the drawbacks of the NTLM Web authentication scheme?
Each correct answer represents a complete solution. Choose all that apply.

• A. It can be brute forced easil
• B. It works only with Microsoft Internet Explore
• C. The password is sent in clear text format to the Web serve
• D. The password is sent in hashed format to the Web serve

Answer: AB

NEW QUESTION 14

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15

Which of the following wireless security standards supported by Windows Vista provides the highest level of security?

• A. WPA2
• B. WPA-PSK
• C. WEP
• D. WPA-EAP

Answer: A

NEW QUESTION 16

Which of the following types of Penetration testing provides the testers with complete knowledge of the infrastructure to be tested?

• A. White Box
• B. Black Box
• C. Grey Box
• D. Water Fall

Answer: A

NEW QUESTION 17

Which of the following is the second half of the LAN manager Hash?

• A. 0xAAD3B435B51404BB
• B. 0xAAD3B435B51404CC
• C. 0xAAD3B435B51404EE
• D. 0xAAD3B435B51404AA

Answer: C

NEW QUESTION 18

Victor works as a professional Ethical Hacker for SecureEnet Inc. He wants to scan the wireless network of the company. He uses a tool that is a free open-source utility for network exploration.
The tool uses raw IP packets to determine the following:
What ports are open on our network systems.
What hosts are available on the network.
Identify unauthorized wireless access points.
What services (application name and version) those hosts are offering.
What operating systems (and OS versions) they are running.
What type of packet filters/firewalls are in use.
Which of the following tools is Victor using?

• A. Nmap
• B. Kismet
• C. Sniffer
• D. Nessus

Answer: A

NEW QUESTION 19

Which of the following United States laws protects stored electronic information?

• A. Title 18, Section 1029
• B. Title 18, Section 1362
• C. Title 18, Section 2701
• D. Title 18, Section 2510

Answer: D

NEW QUESTION 20
......