GIAC GPEN Free Practice Questions

NEW QUESTION 1

The employees of CCN Inc. require remote access to the company's proxy servers. In order to provide solid wireless security, the company uses LEAP as the authentication protocol. Which of the following is supported by the LEAP protocol?
Each correct answer represents a complete solution. Choose all that apply.

• A. Strongest security level
• B. Dynamic key encryption
• C. Password hash for client authentication
• D. Public key certificate for server authentication

Answer: BC

NEW QUESTION 2

In which of the following attacks is a malicious packet rejected by an IDS, but accepted by the host system?

• A. Insertion
• B. Evasion
• C. Fragmentation overwrite
• D. Fragmentation overlap

Answer: B

NEW QUESTION 3

All of the following are advantages of using the Metasploitpriv module for dumping hashes from a local Windows machine EXCEPT:

• A. Doesn't require SMB or NetBIOS access to the target machine
• B. Can run inside of a process owned by any user
• C. Provides less evidence for forensics Investigators to recover
• D. LSASS related reboot problems aren't an Issue

Answer: B

Explanation:
Reference:
http://www.vita.virginia.gov/uploadedFiles/VITA_Main_Public/Security/Meetings/ISOAG/2012/2012_Jan_ISOAG.pdf

NEW QUESTION 4

Which of the following techniques are NOT used to perform active OS fingerprinting?
Each correct answer represents a complete solution. Choose all that apply.

• A. Analyzing email headers
• B. Sniffing and analyzing packets
• C. ICMP error message quoting
• D. Sending FIN packets to open ports on the remote system

Answer: AB

NEW QUESTION 5

Adam works as a professional Computer Hacking Forensic Investigator. He wants to investigate a suspicious email that is sent using a Microsoft Exchange server. Which of the following files will he review to accomplish the task?
Each correct answer represents a part of the solution. Choose all that apply.

• A. Checkpoint files
• B. cookie files
• C. Temporary files
• D. EDB and STM database files

Answer: ACD

NEW QUESTION 6

You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

• A. History folder
• B. Temporary Internet Folder
• C. Cookies folder
• D. Download folder

Answer: ABC

NEW QUESTION 7

Which of the following security policies will you implement to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs?
Each correct answer represents a complete solution. Choose two.

• A. Using personal firewall software on your Lapto
• B. Using a protocol analyzer on your Laptop to monitor for risk
• C. Using portscanner like nmap in your networ
• D. Using an IPSec enabled VPN for remote connectivit

Answer: AD

NEW QUESTION 8

In which of the following attacks does the attacker overload the CAM table of the switch?

• A. Mac flooding
• B. Man-in-the-middle attack
• C. Monkey-in-the-middle attack
• D. ARP poisoning

Answer: A

NEW QUESTION 9

You want to perform an active session hijack against Secure Inc. You have found a target that allows Telnet session. You have also searched an active session due to the high level of traffic on the network. What should you do next?

• A. Use a sniffer to listen network traffi
• B. Guess the sequence number
• C. Use brutus to crack telnet passwor
• D. Use macoff to change MAC addres

Answer: B

NEW QUESTION 10

Identify the network activity shown below;

• A. A sweep of available hosts on the local subnet
• B. A flood of the local switch's CAM tabl
• C. An attempt to disassociate wireless client
• D. An attempt to impersonate the local gateway

Answer: D

NEW QUESTION 11

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server.
The output of the scanning test is as follows:
C:whisker.pl -h target_IP_address
-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =
= Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?
Each correct answer represents a complete solution. Choose all that apply.

• A. 'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacke
• B. The countermeasure to 'printenv' vulnerability is to remove the CGI scrip
• C. This vulnerability helps in a cross site scripting attac
• D. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious script

Answer: BCD

NEW QUESTION 12

Which of the following tasks is NOT performed by antiviruses?

• A. Activity blocking
• B. Heuristic scanning
• C. Integrity scanning
• D. Session hijacking

Answer: D

NEW QUESTION 13

Which of the following statements about SSID is NOT true?

• A. Default settings of SSIDs are secur
• B. All wireless devices on a wireless network must have the same SSID in order to communicate with each othe
• C. It acts as a password for network acces
• D. It is used to identify a wireless networ

Answer: A

NEW QUESTION 14

Which of the following standards is used in wireless local area networks (WLANs)?

• A. IEEE 802.4
• B. IEEE 802.3
• C. IEEE 802.11b
• D. IEEE 802.5

Answer: C

NEW QUESTION 15

Which of the following is the frequency range to tune IEEE 802.11a network?

• A. 1.15-3.825 GHz
• B. 5.15-5.825 GHz
• C. 5.25-9.825 GHz
• D. 6.25-9.825 GHz

Answer: B

NEW QUESTION 16

How can a non-privileged user on a Unix system determine if shadow passwords are being used?

• A. Read /etc/password and look for "x" or “II” in the second colon-delimited field
• B. Read /etc/shadow and look for “x” or “II” in the second colon-delimited field
• C. Verify that /etc/password has been replaced with /etc/shadow
• D. Read /etc/shadow and look NULL values In the second comma delimited field

Answer: B

NEW QUESTION 17

Adam works as a professional Computer Hacking Forensic Investigator. He works with the local police. A project has been assigned to him to investigate an iPod, which was seized from a student of the high school. It is suspected that the explicit child pornography contents are stored in the iPod. Adam wants to investigate the iPod extensively. Which of the following operating systems will Adam use to carry out his investigations in more extensive and elaborate manner?

• A. MINIX 3
• B. Linux
• C. Windows XP
• D. Mac OS

Answer: D

NEW QUESTION 18

You have been contracted to perform a black box pen test against the Internet facing servers for a company. They want to know, with a high level of confidence, if their servers are vulnerable to external attacks. Your contract states that you can use all tools available to you to pen test the systems. What course of action would you use to generate a report with the lowest false positive rate?

• A. Use a port scanner to find open service ports and generate a report listing allvulnerabilities associated with those listening service
• B. Use a vulnerability or port scanner to find listening services and then try to exploitthose service
• C. Use a vulnerability scanner to generate a report of vulnerable service
• D. Log into the system and record the patch levels of each service then generate areport that lists known vulnerabilities for all the running service

Answer: B

NEW QUESTION 19

Which of the following tools uses exploits to break into remote operating systems?

• A. Nessus
• B. Metasploit framework
• C. Nmap
• D. John the Ripper

Answer: B

NEW QUESTION 20
......