Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home GIAC GPEN

GIAC GPEN Exam Practice Questions (P. 3)

  • Full Access (385 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
You are running a vulnerability scan on a remote network and the traffic Is not making It to the target system. You investigate the connection issue and determine that the traffic is making it to the internal interface of your network firewall, but not making. It to the external Interface or to any systems outside your firewall. What is the most likely problem?
  1. A
    Your network firewall is blocking the traffic
  2. B
    The NAT or pat tables on your network based firewall are filling up and droppingthe traffic
  3. C
    A host based firewall is blocking the traffic
  4. D
    Your ISP Is blocking the traffic

Correct Answer:
C

Question #22
Identify the network activity shown below;

  1. A
    A sweep of available hosts on the local subnet
  2. B
    A flood of the local switch's CAM table.
  3. C
    An attempt to disassociate wireless clients.
  4. D
    An attempt to impersonate the local gateway

Correct Answer:
D

Question #23
You have compromised a Windows workstation using Metasploit and have injected the Meterpreter payload into the svchost process. After modifying some files to set up a persistent backdoor you realize that you will need to change the modified and access times of the files to ensure that the administrator can't see the changes you made. Which Meterpreter module would you need to load in order to do this?
  1. A
    Core
  2. B
    Priv
  3. C
    Stdapi
  4. D
    Browser

Correct Answer:
D

Question #24
How can web server logs be leveraged to perform Cross-Site Scripting (XSSI?
  1. A
    Web logs containing XSS may execute shell scripts when opened In a GUI textbrowser
  2. B
    XSS attacks cause web logs to become unreadable and therefore are an effective DOS attack.
  3. C
    If web logs are viewed in a web-based console, log entries containing XSS mayexecute on the browser.
  4. D
    When web logs are viewed in a terminal. XSS can escape to the shell and executecommands.

Correct Answer:
C

Question #25
What is the impact on pre-calculated Rainbow Tables of adding multiple salts to a set of passwords?
  1. A
    Salts increases the time to crack the original password by increasing the number oftables that must be calculated.
  2. B
    Salts double the total size of a rainbow table database.
  3. C
    Salts can be reversed or removed from encoding quickly to produce unsaltedhashes.
  4. D
    Salts have little effect because they can be calculated on the fly with applicationssuch as Ophcrack.

Correct Answer:
B

Question #26
You are done pen testing a Windows system and need to clean up some of the changes you have made. You created an account pentester on the system, what command would you use to delete that account?
  1. A
    Net user pentester /del
  2. B
    Net name pentester /del
  3. C
    Net localuser pentester /del
  4. D
    Net account pentester /del

Correct Answer:
A

Question #27
Your company has decided that the risk of performing a penetration test Is too great. You would like to figure out other ways to find vulnerabilities on their systems, which of the following is MOST likely to be a valid alternative?
  1. A
    Network scope Analysis
  2. B
    Baseline Data Reviews
  3. C
    Patch Policy Review
  4. D
    Configuration Reviews

Correct Answer:
A

Question #28
Analyze the command output below, what action is being performed by the tester?

  1. A
    Displaying a Windows SAM database
  2. B
    Listing available workgroup services
  3. C
    Discovering valid user accounts
  4. D
    Querying locked out user accounts

Correct Answer:
C

Question #29
Raw netcat shells and telnet terminals share which characteristic?
  1. A
    Ability to send commands to a target machine.
  2. B
    Ability to adapt output to the size of display window
  3. C
    Shells and terminals are exactly the same.
  4. D
    Ability to process standard output control sequences.

Correct Answer:
D
Reference:
http://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter3.html

Question #30
How can a non-privileged user on a Unix system determine if shadow passwords are being used?
  1. A
    Read /etc/password and look for "x" or "II" in the second colon-delimited field
  2. B
    Read /etc/shadow and look for "x" or "II" in the second colon-delimited field
  3. C
    Verify that /etc/password has been replaced with /etc/shadow
  4. D
    Read /etc/shadow and look NULL values In the second comma delimited field

Correct Answer:
B

Previous Questions Next Questions

All Pages