Latest GIAC Certified Penetration Tester GPEN Actual Test

NEW QUESTION 1

Which of the following is the default port value of beast Trojan?

• A. 6666
• B. 2222
• C. 3333
• D. 1111

Answer: A

NEW QUESTION 2
CORRECT TEXT
Fill in the blank with the appropriate tool name.
__________is a wireless network cracking tool that exploits the vulnerabilities in the RC4 Algorithm, which comprises the WEP security parameters.

• A.

Answer: WEPcrack

NEW QUESTION 3

Which of the following tasks is NOT performed by antiviruses?

• A. Activity blocking
• B. Heuristic scanning
• C. Integrity scanning
• D. Session hijacking

Answer: D

NEW QUESTION 4

Which of the following ports is used for NetBIOS null sessions?

• A. 130
• B. 139
• C. 143
• D. 131

Answer: B

NEW QUESTION 5

Which of the following is a method of gathering user names from a Linux system?

• A. Displaying the owner information of system-specific binaries
• B. Reviewing the contents of the system log files
• C. Gathering listening services from the xinetd configuration files
• D. Extracting text strings from the system password file

Answer: C

Explanation:
Reference:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Security_Guide/Red_Hat_Enterprise_Linux-6-Security_Guide-en-US.pdf

NEW QUESTION 6

The employees of EWS Inc. require remote access to the company's Web servers. In order to provide solid wireless security, the company uses EAP-TLS as the authentication protocol. Which of the following statements are true about EAP-TLS?
Each correct answer represents a complete solution. Choose all that apply.

• A. It is supported by all manufacturers of wireless LAN hardware and softwar
• B. It uses a public key certificate for server authenticatio
• C. It uses password hash for client authenticatio
• D. It provides a moderate level of securit

Answer: AB

NEW QUESTION 7

Which of the following tools allow you to perform HTTP tunneling?
Each correct answer represents a complete solution. Choose all that apply.

• A. BackStealth
• B. Tunneled
• C. Nikto
• D. HTTPort

Answer: ABD

NEW QUESTION 8

You run the following PHP script:
<?php $name = mysql_real_escape_string($_POST["name"]); $password = mysql_real_escape_string($_POST["password"]);?>
What is the use of the mysql_real_escape_string() function in the above script. Each correct answer represents a complete solution. Choose all that apply

• A. It escapes all special characters from strings $_POST["name"] and $_POST["password"].
• B. It escapes all special characters from strings $_POST["name"] and $_POST["password"] except ' and ".
• C. It can be used to mitigate a cross site scripting attac
• D. It can be used as a countermeasure against a SQL injection attac

Answer: AD

NEW QUESTION 9
CORRECT TEXT
Fill in the blank with the appropriate act name.
The___ act gives consumers the right to ask emailers to stop spamming them.

• A.

Answer: CAN-SPAM

NEW QUESTION 10

Which of the following security policies will you implement to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs?
Each correct answer represents a complete solution. Choose two.

• A. Using personal firewall software on your Lapto
• B. Using a protocol analyzer on your Laptop to monitor for risk
• C. Using portscanner like nmap in your networ
• D. Using an IPSec enabled VPN for remote connectivit

Answer: AD

NEW QUESTION 11

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com network. Now, when you have finished your penetration testing, you find that the weare- secure.com server is highly vulnerable to SNMP enumeration. You advise the we-are-secure Inc. to turn off SNMP; however, this is not possible as the company is using various SNMP services on its remote nodes. What other step can you suggest to remove SNMP vulnerability?
Each correct answer represents a complete solution. Choose two.

• A. Close port TCP 53.
• B. Change the default community string name
• C. Upgrade SNMP Version 1 with the latest versio
• D. Install antiviru

Answer: BC

NEW QUESTION 12

You are pen testing a Linux target from your windows-based attack platform. You just moved a script file from the windows system to the Linux target, but it will not execute properly. What is the most likely problem?

• A. The byte length is different on the two machines
• B. End of-line characters are different on the two machines
• C. The file must have become corrupt during transfer
• D. ASCII character sets are different on the two machines

Answer: A

NEW QUESTION 13

Adam works as a professional Computer Hacking Forensic Investigator. He works with the local police. A project has been assigned to him to investigate an iPod, which was seized from a student of the high school. It is suspected that the explicit child pornography contents are stored in the iPod. Adam wants to investigate the iPod extensively. Which of the following operating systems will Adam use to carry out his investigations in more extensive and elaborate manner?

• A. Windows XP
• B. Mac OS
• C. MINIX 3
• D. Linux

Answer: B

NEW QUESTION 14

Which of the following TCP packet sequences are common during a SYN (or half-open) scan?

• A. The source computer sends SYN and the destination computer responds with RST
• B. The source computer sends SYN-ACK and no response Is received from the destination computer
• C. The source computer sends SYN and no response is received from the destination computer
• D. The source computer sends SYN-ACK and the destination computer responds with RST-ACK
• E. A,B and C
• F. A and C
• G. C and D
• H. C and D

Answer: C

NEW QUESTION 15

Which of the following attacks allows an attacker to recover the key in an RC4 encrypted stream from a large number of messages in that stream?

• A. SYN flood attack
• B. Rainbow attack
• C. Zero Day attack
• D. FMS attack

Answer: D

NEW QUESTION 16

Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?

• A. Stalking Amendment Act (1999)
• B. Malicious Communications Act (1998)
• C. Anti-Cyber-Stalking law (1999)
• D. Stalking by Electronic Communications Act (2001)

Answer: A

NEW QUESTION 17

You want to search the Apache Web server having version 2.0 using google hacking. Which of the following search queries will you use?

• A. intitle:"Test Page for Apache Installation" "You are free"
• B. intitle:"Test Page for Apache Installation" "It worked!"
• C. intitle:test.page "Hey, it worked !" "SSl/TLS aware"
• D. intitle:Sample.page.for.Apache Apache.Hook.Function

Answer: D

NEW QUESTION 18

Which of the following standards is used in wireless local area networks (WLANs)?

• A. IEEE 802.11b
• B. IEEE 802.5
• C. IEEE 802.3
• D. IEEE 802.4

Answer: A

NEW QUESTION 19
......