Offering Free access to Security Administration GPEN Exam Questions Pool Bank

GIAC Penetration Tester Questions and Answers

Testing Engine

Product Type: Testing Engine

$43.75 ~~$124.99~~

Add to Cart

PDF + Testing Engine

Product Type: PDF + Testing Engine

$61.25 ~~$174.99~~

Add to Cart

PDF Study Guide

Product Type: PDF Study Guide

$38.5 ~~$109.99~~

Add to Cart

Question 1

Which of the following tools can be used to find a username from a SID?

Options:

SNMPENUM

SID

SID2User

SIDENUM

Question 2

Which of the following tools allows you to download World Wide Web sites from the Internet to a local computer?

Options:

Netstat

Netcraft

HTTrack

Cheops-ng

Question 3

If a password is seven characters or less, the second half of the LM hash is always

___________________.

Options:

0xAAD3B4EE

0xAAD3B4FF

0xAAD3B435B51404FF

0xAAD3B435B51404EE

Question 4

Which of the following techniques are NOT used to perform active OS fingerprinting?

Each correct answer represents a complete solution. Choose all that apply.

Options:

ICMP error message quoting

Analyzing email headers

Sniffing and analyzing packets

Sending FIN packets to open ports on the remote system

Question 5

Which of the following statements about SSID is NOT true?

Options:

Default settings of SSIDs are secure.

All wireless devices on a wireless network must have the same SSID in order to communicate with each other.

It acts as a password for network access.

It is used to identify a wireless network.

Question 6

You want to search Microsoft Outlook Web Access Default Portal using Google search on the

Internet so that you can perform the brute force attack and get unauthorized access. What search string will you use to accomplish the task?

Options:

intitle:index.of inbox dbx

intext:"outlook.asp"

allinurl:"exchange/logon.asp"

intitle:"Index Of" -inurl:maillog maillog size

Question 7

You want that some of your Web pages should not be crawled. Which one of the following options will you use to accomplish the task?

Options:

Use HTML NO Crawl tag in the Web page not to be crawled

Place the name of restricted Web pages in the private.txt file

Place the name of restricted Web pages in the robotes.txt file

Enable the SSL

Question 8

Which of the following wireless security standards supported by Windows Vista provides the highest level of security?

Options:

WPA2

WPA-PSK

WEP

WPA-EAP

Question 9

Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?

Options:

Artistic license

Spam

Patent

Phishing

Question 10

Which of the following TCSEC classes defines verified protection?

Options:

Class B

Class D

Class A

Class C

Question 11

Which of the following tasks is NOT performed into the enumeration phase?

Options:

Discovering NetBIOS names

Obtaining Active Directory information and identifying vulnerable user accounts

Injecting a backdoor to the remote computer to gain access in it remotely

Establishing NULL sessions and queries

Question 12

Which of the following statements about Fport is true?

Options:

It works as a process viewer.

It works as a datapipe on Windows.

It works as a datapipe on Linux.

It is a source port forwarder/redirector.

Question 13

Which of the following techniques are NOT used to perform active OS fingerprinting?

Each correct answer represents a complete solution. Choose all that apply.

Options:

ICMP error message quoting

Analyzing email headers

Sniffing and analyzing packets

Sending FIN packets to open ports on the remote system

Question 14

In which of the following attacks does an attacker use packet sniffing to read network traffic between two parties to steal the session cookie?

Options:

Cross-site scripting

Session sidejacking

ARP spoofing

Session fixation

Question 15

Which of the following is an open source Web scanner?

Options:

Nikto

GFI LANguird

NetRecon

Internet scanner

Question 16

Which of the following methods can be used to detect session hijacking attack?

Options:

ntop

Brutus

nmap

sniffer

Question 17

Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?

Options:

Application layer

Link layer

Internet layer

Transport Layer

Question 18

Fill in the blank with the appropriate word.

____is a port scanner that can also be used for the OS detection.

Options:

Question 19

Which of the following techniques are NOT used to perform active OS fingerprinting?

Each correct answer represents a complete solution. Choose all that apply.

Options:

Analyzing email headers

Sniffing and analyzing packets

ICMP error message quoting

Sending FIN packets to open ports on the remote system

Question 20

You enter the following URL on your Web browser:

af../windows/system32/cmd.exe?/c+dir+c:\

What task do you want to perform?

Options:

Perform buffer overflow attack.

Perform DDoS attack.

View the directory list of c drive.

Perform DoS attack.

Question 21

Which of the following tools can be used by a user to hide his identity?

Each correct answer represents a complete solution. Choose all that apply.

Options:

IPchains

Rootkit

Proxy server

War dialer

Anonymizer

Question 22

Which of the following tools can be used to enumerate networks that have blocked ICMP Echo packets, however, failed to block timestamp or information packet or not performing sniffing of trusted addresses, and it also supports spoofing and promiscuous listening for reply packets?

Options:

Nmap

Zenmap

Icmpenum

Nessus

Question 23

Every network device contains a unique built in Media Access Control (MAC) address, which is used to identify the authentic device to limit the network access. Which of the following addresses is a valid MAC address?

Options:

A3-07-B9-E3-BC-F9

F936.28A1.5BCD.DEFA

1011-0011-1010-1110-1100-0001

132.298.1.23

Question 24

John works as a Penetration Tester in a security service providing firm named you-are-secure Inc.

Recently, John's company has got a project to test the security of a promotional Website

and assigned the pen-testing work to John. When John is performing penetration testing, he inserts the following script in the search box at the company home page:

After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John."

Which of the following attacks can be performed on the Web site tested by john while considering the above scenario?

Options:

XSS attack

Replay attack

Buffer overflow attack

CSRF attack

Question 25

LM hash is one of the password schemes that Microsoft LAN Manager and Microsoft Windows versions prior to the Windows Vista use to store user passwords that are less than 15 characters long. If you provide a password seven characters or less, the second half of the LM hash is always

__________.

Options:

0xBBD3B435B51504FF

0xAAD3B435B51404FF

0xBBC3C435C51504EF

0xAAD3B435B51404EE

Question 26

You want to retrieve the default security report of nessus. Which of the following google search queries will you use?

Options:

site:pdf nessus "Assessment report"

filetype:pdf nessus

filetype:pdf "Assessment Report" nessus

link:pdf nessus "Assessment report"

Question 27

The employees of EWS Inc. require remote access to the company's Web servers. In order to provide solid wireless security, the company uses EAP-TLS as the authentication protocol. Which of the following statements are true about EAP-TLS?

Each correct answer represents a complete solution. Choose all that apply.

Options:

It is supported by all manufacturers of wireless LAN hardware and software.

It uses a public key certificate for server authentication.

It uses password hash for client authentication.

It provides a moderate level of security.

Question 28

GSM uses either A5/1 or A5/2 stream cipher for ensuring over-the-air voice privacy. Which of the following cryptographic attacks can be used to break both ciphers?

Options:

Man-in-the-middle attack

Ciphertext only attack

Known plaintext attack

Replay attack

Question 29

Each correct answer represents a complete solution. Choose all that apply.

Options:

It is supported by all manufacturers of wireless LAN hardware and software.

It uses a public key certificate for server authentication.

It uses password hash for client authentication.

It provides a moderate level of security.

Question 30

You work as an IT Technician for uCertify Inc. You have to take security measures for the wireless network of the company. You want to prevent other computers from accessing the company's wireless network. On the basis of the hardware address, which of the following will you use as the best possible method to accomplish the task?

Options:

MAC Filtering

SSID

RAS

WEP

Question 31

How can web server logs be leveraged to perform Cross-Site Scripting (XSSI?

Options:

Web logs containing XSS may execute shell scripts when opened In a GUI textbrowser

XSS attacks cause web logs to become unreadable and therefore are an effective DOS attack.

If web logs are viewed in a web-based console, log entries containing XSS mayexecute on the browser.

When web logs are viewed in a terminal. XSS can escape to the shell and executecommands.

Question 32

While reviewing traffic from a tcpdump capture, you notice the following commands being sent from a remote system to one of your web servers:

C:\>sc winternet.host.com create ncservicebinpath- "c:\tools\ncexe -I -p 2222 -e cmd.exe"

C:\>sc vJnternet.host.com query ncservice.

What is the intent of the commands?

Options:

The first command creates a backdoor shell as a service. It is being started on TCP2222 using cmd.exe. The second command verifies the service is created and itsstatus.

The first command creates a backdoor shell as a service. It is being started on UDP2222 using cmd.exe. The second command verifies the service is created and itsstatus.

This creates a service called ncservice which is linked to the cmd.exe command andits designed to stop any instance of nc.exe being run. The second command verifiesthe service is created and its status.

The first command verifies the service is created and its status. The secondcommand creates a backdoor shell as a service. It is being started on TCP 2222connected to cmd.exe.

Question 33

Which of the following is the feature that separates the use of Rainbow Tables from other applications such as Cain or John the Ripper?

Options:

Salts are used to create massive password databases for comparison.

Applications take advantage of 64-bit CPU processor and multithread the crackingprocess.

Data Is aligned efficiently in the rainbow tables making the search process quicker

Raw hashed passwords are compared to pre-calculated hash tables.

Question 34

A penetration tester wishes to stop the Windows Firewall process on a remote host running Windows Vista She issues the following commands:

A check of the remote host indicates that Windows Firewall is still running. Why did the command fail?

Options:

The kernel prevented the command from being executed.

The user does not have the access level needed to stop the firewall.

The sc command needs to be passed the IP address of the target.

The remote server timed out and did not complete the command.

Question 35

All of the following are advantages of using the Metasploitpriv module for dumping hashes from a local Windows machine EXCEPT:

Options:

Doesn't require SMB or NetBIOS access to the target machine

Can run inside of a process owned by any user

Provides less evidence for forensics Investigators to recover

LSASS related reboot problems aren't an Issue

Question 36

You have compromised a Windows workstation using Metasploit and have injected the Meterpreter payload into the smss process. You want to dump the SAM database of the remote system so you can crack it offline. Which Meterpreter module would you need to load in addition to the defaults so that you can accomplish this?

Options:

Core

Priv

Stdapi

Hashdump

Question 37

Which of the following TCP packet sequences are common during a SYN (or half-open) scan?

Options:

The source computer sends SYN and the destination computer responds with RST

The source computer sends SYN-ACK and no response Is received from the destination computer

The source computer sends SYN and no response is received from the destination computer

The source computer sends SYN-ACK and the destination computer responds with RST-ACK

A,B and C

A and C

C and D

Question 38

What is the main difference between LAN MAN and NTLMv1 challenge/responses?

Options:

NTLMv1 only pads IS bytes, whereas LANMAN pads to 21 bytes

NTLMv1 starts with the NT hash, whereas LANMAN starts with the LANMAN hash

NTLMv1utilizes DES, whereas LANMAN utilizes MD4

NTLMv1 splits the hash into 3 eight-byte pieces, whereas LAN MAN splits the hash Into 3 seven-byte pieces

Question 39

Which of the following is the JavaScript variable used to store a cookie?

Options:

Browsercookie

Windowcookie

Document cookie

Session cookie

Question 40

Analyze the excerpt from a packet capture between the hosts 192.168.116.9 and 192.168.116.101. What factual conclusion can the tester draw from this output?

Options:

Port 135 is filtered, port 139 is open.

Pons 135 and 139 are filtered.

Ports 139 and 135 are open.

Port 139 is closed, port 135 is open

Question 41

Identify the network activity shown below;

Options:

A sweep of available hosts on the local subnet

A flood of the local switch's CAM table.

An attempt to disassociate wireless clients.

An attempt to impersonate the local gateway

Question 42

While performing a code audit, you discover a SQL injection vulnerability assuming the following vulnerable query, what user input could be injected to make the query true and return data?

select * from widgets where name = '[user-input]';

Options:

'or 1=1

‘or l=l…

'or 1=1--

‘or l=1’

Question 43

You are pen testing a Linux target from your windows-based attack platform. You just moved a script file from the windows system to the Linux target, but it will not execute properly. What is the most likely problem?

Options:

The byte length is different on the two machines

End of-line characters are different on the two machines

The file must have become corrupt during transfer

ASCII character sets are different on the two machines

Question 44

You have been contracted to perform a black box pen test against the Internet facing servers for a company. They want to know, with a high level of confidence, if their servers are vulnerable to external attacks. Your contract states that you can use all tools available to you to pen test the systems. What course of action would you use to generate a report with the lowest false positive rate?

Options:

Use a port scanner to find open service ports and generate a report listing allvulnerabilities associated with those listening services.

Use a vulnerability or port scanner to find listening services and then try to exploitthose services.

Use a vulnerability scanner to generate a report of vulnerable services.

Log into the system and record the patch levels of each service then generate areport that lists known vulnerabilities for all the running services.

Question 45

Which Metasploit payload includes simple upload and download functionality for moving files to and from compromised systems?

Options:

DLL inject

Upexec

Meterpreter

Vncinject

Question 46

You want to search the Apache Web server having version 2.0 using google hacking. Which of the following search queries will you use?

Options:

intitle:"Test Page for Apache Installation" "You are free"

intitle:"Test Page for Apache Installation" "It worked!"

intitle:test.page "Hey, it worked !" "SSl/TLS aware"

intitle:Sample.page.for.Apache Apache.Hook.Function

Question 47

Which of the following can be used as a countermeasure against the SQL injection attack?

Each correct answer represents a complete solution. Choose two.

Options:

mysql_real_escape_string()

Prepared statement

mysql_escape_string()

session_regenerate_id()

Question 48

Which of the following tools connects to and executes files on remote systems?

Options:

Spector

Hk.exe

PsExec

GetAdmin.exe

Question 49

Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from Web server databases?

Options:

Fragroute

Absinthe

Stick

ADMutate

Question 50

Which of the following statements are true about firewalking?

Each correct answer represents a complete solution. Choose all that apply.

Options:

To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall.

Firewalking works on the UDP packets.

In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.

A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.

Question 51

You work as a Network Administrator in the Secure Inc. You often need to send PDF documents that contain secret information, such as, client password, their credit card details, email passwords, etc. through email to your customers. However, you are making PDFs password protected you are getting complaints from customers that their secret information is being misused. When you analyze this complaint you get that however you are applying the passwords on PDFs, they are not providing the maximum protection. What may be the cause of this security hole?

Options:

PDFs can be read easily in the plain-text form by applying a sniffer.

PDFs are sent in email in the plain-text form.

PDF passwords can easily be cracked by brute force attacks.

You are applying easily guessed passwords.

Question 52

Which of the following United States laws protects stored electronic information?

Options:

Title 18, Section 1029

Title 18, Section 1362

Title 18, Section 2701

Title 18, Section 2510

Question 53

Which of the following tools allow you to perform HTTP tunneling?

Each correct answer represents a complete solution. Choose all that apply.

Options:

BackStealth

Tunneled

Nikto

HTTPort

Question 54

Which of the following is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards and also detects wireless networks marking their relative position with a GPS?

Options:

NetStumbler

Tcpdump

Kismet

Ettercap

Question 55

You want to scan your network quickly to detect live hosts by using ICMP ECHO Requests. What type of scanning will you perform to accomplish the task?

Options:

Idle scan

TCP SYN scan

Ping sweep scan

XMAS scan

Question 56

Analyze the output of the two commands below:

Which of the following can be factually inferred from the results of these commands?

Options:

The router 192.16S.U6.1 is filtering UDP traceroute.

The host 10.63.104.1 is silently dropping UDP packets.

The host 10.63.104.1 is not issuing ICMP packets.

The router 10 63.104 206 is dropping ICMP traceroute.

Question 57

Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 Active Directory domain-based network. The domain consists of a domain controller, two Windows 2003 member servers, and one hundred client computers. The company employees use laptops with Windows XP Professional. These laptops are equipped with wireless network cards that are used to connect to access points located in the Marketing department of the company. The company employees log on to the domain by using a user name and password combination. The wireless network has been configured with WEP in addition to 802.1x. Mark wants to provide the best level of security for the kind of authentication used by the company. What will Mark do to accomplish the task?

Options:

Use EAP-TLS

Use MD5

Use PEAP

Use IPSec

Load More GPEN Questions

Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

GIAC GPEN GIAC Penetration Tester Exam Practice Test

GIAC Penetration Tester Questions and Answers

Testing Engine

PDF + Testing Engine

PDF Study Guide

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options: