GIAC GPEN Free Practice Questions

NEW QUESTION 1

Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?

• A. Internet layer
• B. Application layer
• C. Transport Layer
• D. Link layer

Answer: D

NEW QUESTION 2

Which of the following are considered Bluetooth security violations?
Each correct answer represents a complete solution. Choose two.

• A. Cross site scripting attack
• B. SQL injection attack
• C. Bluesnarfing
• D. Bluebug attack
• E. Social engineering

Answer: CD

NEW QUESTION 3

You work as a Network Administrator in the Secure Inc. Your company is facing various network attacks due to the insecure wireless network. You are assigned a task to secure your wireless network. For this, you have turned off broadcasting of the SSID. However, the unauthorized users are still able to connect to the wireless network. Which of the following statements can be the reason for this issue?
Each correct answer represents a complete solution. Choose all that apply.

• A. You have forgotten to turn off DHC
• B. You are using WPA2 security schem
• C. The SSID is still sent inside both client and AP packet
• D. You are using the default SSI

Answer: ACD

NEW QUESTION 4

Which of the following statements are true about session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

• A. TCP session hijacking is when a hacker takes over a TCP session between two machine
• B. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer syste
• C. Use of a long random number or string as the session key reduces session hijackin
• D. It is used to slow the working of victim's network resource

Answer: ABC

NEW QUESTION 5

While performing a code audit, you discover a SQL injection vulnerability assuming the following vulnerable query, what user input could be injected to make the query true and return data?
select * from widgets where name = '[user-input]';

• A. 'or 1=1
• B. ‘or l=l…
• C. 'or 1=1--
• D. ‘or l=1’

Answer: D

NEW QUESTION 6

Which of the following techniques are NOT used to perform active OS fingerprinting?
Each correct answer represents a complete solution. Choose all that apply.

• A. ICMP error message quoting
• B. Analyzing email headers
• C. Sniffing and analyzing packets
• D. Sending FIN packets to open ports on the remote system

Answer: BC

NEW QUESTION 7

Which of the following is the most common method for an attacker to spoof email?

• A. Back door
• B. Replay attack
• C. Man in the middle attack
• D. Open relay

Answer: D

NEW QUESTION 8

A customer has asked for a scan or vulnerable SSH servers. What is the penetration tester attempting to accomplish using the following Nmap command?

• A. Checking operating system version
• B. Running an exploit against the target
• C. Checking configuration
• D. Checking protocol version

Answer: D

NEW QUESTION 9

You have compromised a Windows XP system and Injected the Meterpreter payload into the lsass process. While looking over the system you notice that there is a popular
password management program on the system. When you attempt to access the file that contains the password you find it is locked. Further investigation reveals that it is locked by the passmgr process. How can you use the Meterpreter to get access to this file?

• A. Use the getuid command to determine the user context the process is runningunder, then use the imp command to impersonate that use
• B. use the getpid command to determine the user context the process is runningunder, then use the Imp command to impersonate that use
• C. Use the execute command to the passmgr executabl
• D. That will give you access to the fil
• E. Use the migrate command to jump to the passmgr proces
• F. That will give you accessto the fil

Answer: C

NEW QUESTION 10

Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?

• A. Application layer
• B. Link layer
• C. Internet layer
• D. Transport Layer

Answer: B

NEW QUESTION 11

You want that some of your Web pages should not be crawled. Which one of the following options will you use to accomplish the task?

• A. Use HTML NO Crawl tag in the Web page not to be crawled
• B. Place the name of restricted Web pages in the private.txt file
• C. Place the name of restricted Web pages in the robotes.txt file
• D. Enable the SSL

Answer: C

NEW QUESTION 12

A penetration tester obtains telnet access to a target machine using a captured credential. While trying to transfer her exploit to the target machine, the network intrusion detection
systems keeps detecting her exploit and terminating her connection. Which of the following actions will help the penetration tester transfer an exploit and compile it in the target system?

• A. Use the http service's PUT command to push the file onto the target machin
• B. Use the scp service, protocol SSHv2 to pull the file onto the target machin
• C. Use the telnet service's ECHO option to pull the file onto the target machine
• D. Use the ftp service in passive mode to push the file onto the target machin

Answer: D

NEW QUESTION 13

What is the impact on pre-calculated Rainbow Tables of adding multiple salts to a set of passwords?

• A. Salts increases the time to crack the original password by increasing the number oftables that must be calculate
• B. Salts double the total size of a rainbow table databas
• C. Salts can be reversed or removed from encoding quickly to produce unsaltedhashe
• D. Salts have little effect because they can be calculated on the fly with applicationssuch as Ophcrac

Answer: B

NEW QUESTION 14

Which of the following is a tool for SSH and SSL MITM attacks?

• A. Ettercap
• B. Cain
• C. Dsniff
• D. AirJack

Answer: C

NEW QUESTION 15

Which of the following tools connects to and executes files on remote systems?

• A. Spector
• B. Hk.exe
• C. PsExec
• D. GetAdmin.exe

Answer: C

NEW QUESTION 16

You suspect that system administrators In one part of the target organization are turning off their systems during the times when penetration tests are scheduled, what feature could you add to the ' Rules of engagement' that could help your team test that part of the target organization?

• A. Un announced test
• B. Tell response personnel the exact lime the test will occur
• C. Test systems after normal business hours
• D. Limit tests to business hours

Answer: C

NEW QUESTION 17

Which of the following standards is used in wireless local area networks (WLANs)?

• A. IEEE 802.11b
• B. IEEE 802.5
• C. IEEE 802.3
• D. IEEE 802.4

Answer: A

NEW QUESTION 18

Which of the following tools can be used to automate the MITM attack?

• A. Hotspotter
• B. Airjack
• C. IKECrack
• D. Kismet

Answer: B

NEW QUESTION 19

During a penetration test we determine that TCP port 22 is listening on a target host. Knowing that SSHD is the typical service that listens on that port we attempt to validate that assumption with an SSH client but our effort Is unsuccessful. It turns out that it is actually an Apache webserver listening on the port, which type of scan would have helped us to determine what service was listening on port 22?

• A. Version scanning
• B. Port scanning
• C. Network sweeping
• D. OS fingerprinting

Answer: C

NEW QUESTION 20
......