GIAC GPEN Free Practice Questions

NEW QUESTION 1

Which of the following tools is NOT used for wireless sniffing?

• A. AirMagnet
• B. Sniffer Wireless
• C. AiroPeek
• D. MiniStumbler

Answer: D

NEW QUESTION 2

Which of the following tools automates password guessing in the NetBIOS session?

• A. L0phtCrack
• B. John the Ripper
• C. Legion
• D. NTInfoScan

Answer: C

NEW QUESTION 3

Which of the following tools can be used to perform Windows password cracking, Windows
enumeration, and VoIP session sniffing?

• A. Cain
• B. L0phtcrack
• C. Pass-the-hash toolkit
• D. John the Ripper

Answer: A

NEW QUESTION 4

You have gained shell on a Windows host and want to find other machines to pivot to, but the rules of engagement state that you can only use tools that are already available. How could you find other machines on the target network?

• A. Use the "ping" utility to automatically discover other hosts
• B. Use the "ping" utility in a for loop to sweep the networ
• C. Use the "edit" utility to read the target's HOSTS fil
• D. Use the "net share" utility to see who is connected to local shared drive

Answer: B

Explanation:
Reference:
http://www.slashroot.in/what-ping-sweep-and-how-do-ping-sweep

NEW QUESTION 5

Which of the following options holds the strongest password?

• A. Joe12is23good
• B. $#164aviD^%
• C. california
• D. Admin1234

Answer: B

NEW QUESTION 6

When a DNS server transfers its zone file to a remote system, what port does it typically use?

• A. 53/TCP
• B. 153/UDP
• C. 35/TCP
• D. 53/UDP

Answer: D

Explanation:
Reference:
http://www.networkworld.com/article/2231682/cisco-subnet/cisco-subnet-allow-both-tcp-and-udp-port-53-to-your-dns-servers.html

NEW QUESTION 7

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com network. Now, when you have finished your penetration testing, you find that the weare- secure.com server is highly vulnerable to SNMP enumeration. You advise the we-are-secure Inc. to turn off SNMP; however, this is not possible as the company is using various SNMP services on its remote nodes. What other step can you suggest to remove SNMP vulnerability?
Each correct answer represents a complete solution. Choose two.

• A. Close port TCP 53.
• B. Change the default community string name
• C. Upgrade SNMP Version 1 with the latest versio
• D. Install antiviru

Answer: BC

NEW QUESTION 8

You are a Web Administrator of Millennium Inc. The company has hosted its Web site within its network. The management wants the company's vendors to be able to connect to the corporate site from their locations through the Internet. As a public network is involved in this process, you are concerned about the security of data transmitted between the vendors and the corporate site.
Which of the following can help you?

• A. EAP
• B. WEP
• C. Smart card
• D. VPN

Answer: D

NEW QUESTION 9

LM hash is one of the password schemes that Microsoft LAN Manager and Microsoft Windows versions prior to the Windows Vista use to store user passwords that are less than 15 characters long. If you provide a password seven characters or less, the second half of the LM hash is always
__________.

• A. 0xBBD3B435B51504FF
• B. 0xAAD3B435B51404FF
• C. 0xBBC3C435C51504EF
• D. 0xAAD3B435B51404EE

Answer: D

NEW QUESTION 10

__________ firewall architecture uses two NICs with a screening router inserted between the host and the untrusted network.

• A. packet filtering
• B. Screened host
• C. Dual homed host
• D. Screened subnet

Answer: B

NEW QUESTION 11

Analyze the screenshot below, which of the following sets of results will be retrieved using this search?

• A. Pages from the domain sans.edu that have external link
• B. Files of type .php from the domain sans.ed
• C. Pages that contain the term ext:php and slte.sans.ed
• D. Files of type .php that redirect to the sans.edu domai

Answer: A

NEW QUESTION 12

You have connected to a Windows system remotely and have shell access via netcat. While connected to the remote system you notice that some Windows commands work normally while others do not An example of this is shown in the picture below Which of the following best describes why tins is happening?

• A. Netcat cannot properly interpret certain control characters or Unicode sequence
• B. The listener executed command.com instead of cmd.ex
• C. Another application is already running on the port Netcat is listening o
• D. TheNetcat listener is running with system level privilege

Answer: D

NEW QUESTION 13

Which of the following is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards and also detects wireless networks marking their relative position with a GPS?

• A. Kismet
• B. NetStumbler
• C. Ettercap
• D. Tcpdump

Answer: B

NEW QUESTION 14

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully performed the following steps of the preattack phase to check the security of the We-are-secure network:
l Gathering information
l Determining the network range
l Identifying active systems
Now, he wants to find the open ports and applications running on the network. Which of the following tools will he use to accomplish his task?

• A. APNIC
• B. SuperScan
• C. RIPE
• D. ARIN

Answer: B

NEW QUESTION 15

Which of the following methods will free up bandwidth in a Wireless LAN (WLAN)?

• A. Implement WE
• B. Disabling SSID broadcas
• C. Change hub with switc
• D. Deploying a powerful antenn

Answer: B

NEW QUESTION 16

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com Website. The we-are-secure.com Web server is using Linux operating system. When you port scanned the we-are-secure.com Web server, you got that TCP port 23, 25, and 53 are open. When you tried to telnet to port 23, you got a blank screen in response. When you tried to type the dir, copy, date, del, etc. commands you got only blank spaces or underscores symbols on the screen. What may be the reason of such unwanted situation?

• A. The we-are-secure.com server is using honeypo
• B. The we-are-secure.com server is using a TCP wrappe
• C. The telnet service of we-are-secure.com has corrupte
• D. The telnet session is being affected by the stateful inspection firewal

Answer: B

NEW QUESTION 17

Which of the following is a WEP weakness that makes it easy to Inject arbitrary clear text packets onto a WEP network?

• A. Reversible hashes use for IVs
• B. Cryptographically weak CRC32 checksum
• C. RC4 algorithm
• D. Small key space

Answer: D

NEW QUESTION 18

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. In order to do so, he performs the following steps of the preattack phase successfully:
Information gathering
Determination of network range
Identification of active systems
Location of open ports and applications
Now, which of the following tasks should he perform next?

• A. Perform OS fingerprinting on the We-are-secure networ
• B. Map the network of We-are-secure In
• C. Fingerprint the services running on the we-are-secure networ
• D. Install a backdoor to log in remotely on the We-are-secure serve

Answer: A

NEW QUESTION 19

You are pen testing a system and want to use Metasploit 3.X to open a listening port on the system so you can access it via a netcat shell. Which stager would you use to have the system listen on TCP port 50000?

• A. Reverse.tcp
• B. Bind.tcp
• C. Fincltag.ord
• D. Passivex

Answer: B

NEW QUESTION 20
......