Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home GIAC GPEN

GIAC GPEN Exam Practice Questions (P. 1)

  • Full Access (385 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #1
ACME corporation has decided to setup wireless (IEEE 802.11) network in it's sales branch at Tokyo and found that channels 1, 6, 9,11 are in use by the neighboring offices. Which is the best channel they can use?
  1. A
    4
  2. B
    5
  3. C
    10
  4. D
    2

Correct Answer:
D

Question #2
Which Metasploitvncinject stager will allow VNC communications from the attacker to a listening port of the attacker's choosing on the victim machine?
  1. A
    Vncinject/find.lag
  2. B
    Vncinject/reverse.tcp
  3. C
    Vncinject/reverse-http
  4. D
    Vncinject /bind.tcp

Correct Answer:
B
Reference:
http://www.rapid7.com/db/modules/payload/windows/vncinject/reverse_tcp

Question #3
What is the MOST important document to obtain before beginning any penetration testing?
  1. A
    Project plan
  2. B
    Exceptions document
  3. C
    Project contact list
  4. D
    A written statement of permission

Correct Answer:
A
Reference:
Before starting a penetration test, all targets must be identified. These targets should be obtained from the customer during the initial questionnaire phase. Targets can be given in the form of specific IP addresses, network ranges, or domain names by the customer. In some instances, the only target the customer provides is the name of the organization and expects the testers be able to identify the rest on their own. It is important to define if systems like firewalls and IDS/IPS or networking equipment that are between the tester and the final target are also part of the scope. Additional elements such as upstream providers, and other 3rd party providers should be identified and defined whether they are in scope or not.

Question #4
While reviewing traffic from a tcpdump capture, you notice the following commands being sent from a remote system to one of your web servers:
C:\>sc winternet.host.com create ncservicebinpath- "c:\tools\ncexe -I -p 2222 -e cmd.exe"
C:\>sc vJnternet.host.com query ncservice.
What is the intent of the commands?
  1. A
    The first command creates a backdoor shell as a service. It is being started on TCP2222 using cmd.exe. The second command verifies the service is created and itsstatus.
  2. B
    The first command creates a backdoor shell as a service. It is being started on UDP2222 using cmd.exe. The second command verifies the service is created and itsstatus.
  3. C
    This creates a service called ncservice which is linked to the cmd.exe command andits designed to stop any instance of nc.exe being run. The second command verifiesthe service is created and its status.
  4. D
    The first command verifies the service is created and its status. The secondcommand creates a backdoor shell as a service. It is being started on TCP

Correct Answer:
C

Question #5
Which of the following best describes a client side exploit?
  1. A
    Attack of a client application that retrieves content from the network
  2. B
    Attack that escalates user privileged to root or administrator
  3. C
    Attack of a service listening on a client system
  4. D
    Attack on the physical machine

Correct Answer:
C

Question #6
Which of the following TCP packet sequences are common during a SYN (or half-open) scan?
  1. A
    A,B and C
  2. B
    A and C
  3. C
    C and D
  4. D
    C and D

Correct Answer:
C

Question #7
Which of the following describes the direction of the challenges issued when establishing a wireless (IEEE 802.11) connection?
  1. A
    One-way, the client challenges the access point
  2. B
    One-way, the access point challenges the client
  3. C
    No challenges occur (or wireless connection
  4. D
    Two-way, both the client and the access point challenge each other

Correct Answer:
D

Question #8
You have gained shell on a Windows host and want to find other machines to pivot to, but the rules of engagement state that you can only use tools that are already available. How could you find other machines on the target network?
  1. A
    Use the "ping" utility to automatically discover other hosts
  2. B
    Use the "ping" utility in a for loop to sweep the network.
  3. C
    Use the "edit" utility to read the target's HOSTS file.
  4. D
    Use the "net share" utility to see who is connected to local shared drives.

Correct Answer:
B
Reference:
http://www.slashroot.in/what-ping-sweep-and-how-do-ping-sweep

Question #9
A penetration tester obtains telnet access to a target machine using a captured credential. While trying to transfer her exploit to the target machine, the network intrusion detection systems keeps detecting her exploit and terminating her connection. Which of the following actions will help the penetration tester transfer an exploit and compile it in the target system?
  1. A
    Use the http service's PUT command to push the file onto the target machine.
  2. B
    Use the scp service, protocol SSHv2 to pull the file onto the target machine.
  3. C
    Use the telnet service's ECHO option to pull the file onto the target machine
  4. D
    Use the ftp service in passive mode to push the file onto the target machine.

Correct Answer:
D

Question #10
What section of the penetration test or ethical hacking engagement final report is used to detail and prioritize the results of your testing?
  1. A
    Methodology
  2. B
    Conclusions
  3. C
    Executive Summary
  4. D
    Findings

Correct Answer:
C

Next Questions

All Pages