GIAC Penetration Tester v8.0 (GPEN)

Page:    1 / 26   
Total 392 questions

In the screen shot below, which selections would you need click in order to intercept and alter all http traffic passing through OWASP ZAP?


  • A. Trap response and continue
  • B. Set Break and Continue
  • C. Trap request and continue
  • D. Continue and drop


Answer : B

A penetration tester wishes to stop the Windows Firewall process on a remote host running
Windows Vista She issues the following commands:


A check of the remote host indicates that Windows Firewall is still running. Why did the command fail?

  • A. The kernel prevented the command from being executed.
  • B. The user does not have the access level needed to stop the firewall.
  • C. The sc command needs to be passed the IP address of the target.
  • D. The remote server timed out and did not complete the command.


Answer : C

A client with 7200 employees in 14 cities (all connected via high speed WAN connections) has suffered a major external security breach via a desktop which cost them more than SI
72.000 and the loss of a high profile client. They ask you to perform a desktop vulnerability assessment to identify everything that needs to be patched. Using Nessus you find tens of thousands of vulnerabilities that need to be patched. In the report you find workstations running several Windows OS versions and service pack levels, anti-virus software from multiple vendors several major browser versions and different versions of Acrobat Reader.
Which of the following recommendations should you provide with the report?

  • A. The client should standardize their desktop software
  • B. The client should eliminate workstations to reduce workload
  • C. The client should hire more people to catch up on patches
  • D. The client should perform monthly vulnerability assessments


Answer : C

Analyze the command output below, what action is being performed by the tester?


  • A. Displaying a Windows SAM database
  • B. Listing available workgroup services
  • C. Discovering valid user accounts
  • D. Querying locked out user accounts


Answer : C

By default Active Directory Controllers store password representations in which file?

  • A. %system roots .system 32/ntds.dit
  • B. %System roots /ntds\ntds.dit
  • C. %System roots /ntds\sam.dat
  • D. %System roots /ntds\sam.dit


Answer : A

Reference:
http://www.scribd.com/doc/212238158/Windows-Administrator-L2-Interview-Question-

System-Administrator#scribd -

When sniffing wireless frames, the interface mode plays a key role in successfully collecting traffic. Which of the mode or modes are best used for sniffing wireless traffic?

  • A. Master Ad-hoc
  • B. RFMON
  • C. RFMON. Ad-hoc
  • D. Ad-hoc


Answer : A

Reference:
http://www.willhackforsushi.com/books/377_eth_2e_06.pdf

What is the MOST important document to obtain before beginning any penetration testing?

  • A. Project plan
  • B. Exceptions document
  • C. Project contact list
  • D. A written statement of permission


Answer : A

Reference:
Before starting a penetration test, all targets must be identified. These targets should be obtained from the customer during the initial questionnaire phase. Targets can be given in the form of specific IP addresses, network ranges, or domain names by the customer. In some instances, the only target the customer provides is the name of the organization and expects the testers be able to identify the rest on their own. It is important to define if systems like firewalls and IDS/IPS or networking equipment that are between the tester and the final target are also part of the scope. Additional elements such as upstream providers, and other 3rd party providers should be identified and defined whether they are in scope or not.

What section of the penetration test or ethical hacking engagement final report is used to detail and prioritize the results of your testing?

  • A. Methodology
  • B. Conclusions
  • C. Executive Summary
  • D. Findings


Answer : C

While performing an assessment on a banking site, you discover the following link: hnps://mybank.com/xfer.aspMer_toMaccount_number]&amount-[dollars]
Assuming authenticated banking users can be lured to your web site, which crafted html tag may be used to launch a XSRF attack?

  • A. <imgsrc-"java script alert (‘document cookie'):">
  • B. <scripi>alert('hnps:/'mybank.com/xfer.a$p?xfer_io-[attacker_account]&amoutn- [dollars]')</script>
  • C. <scripr>document.\write('hTtp$://mybankxom/xfer.a$p?xfer_to-[attacker.accountl &amount-[dollars)</script>
  • D. <img src-'https/mybank.com/xfer.asp?xfer_to=[artacker_account]&amount= [dollars]">


Answer : C

What concept do Rainbow Tables use to speed up password cracking?

  • A. Fast Lookup Crack Tables
  • B. Memory Swap Trades
  • C. Disk Recall Cracking
  • D. Time-Memory Trade-off


Answer : D

Reference:
http://en.wikipedia.org/wiki/Space%E2%80%93time_tradeoff

You have connected to a Windows system remotely and have shell access via netcat.
While connected to the remote system you notice that some Windows commands work normally while others do not An example of this is shown in the picture below Which of the following best describes why tins is happening?


  • A. Netcat cannot properly interpret certain control characters or Unicode sequences.
  • B. The listener executed command.com instead of cmd.exe.
  • C. Another application is already running on the port Netcat is listening on.
  • D. TheNetcat listener is running with system level privileges.


Answer : D

Analyze the excerpt from a packet capture between the hosts 192.168.116.9 and
192.168.116.101. What factual conclusion can the tester draw from this output?


  • A. Port 135 is filtered, port 139 is open.
  • B. Pons 135 and 139 are filtered.
  • C. Ports 139 and 135 are open.
  • D. Port 139 is closed, port 135 is open


Answer : C

As pan or a penetration lest, your team is tasked with discovering vulnerabilities that could be exploited from an inside threat vector. Which of the following activities fall within that scope?

  • A. SQL injection attacks against the hr intranet website.
  • B. A competitor's employee's scanning the company's website.
  • C. Wireless "war driving" the company manufacturing site.
  • D. Running a Nessus scan from the sales department network.
  • E. B, C, and D
  • F. A, B. and D
  • G. B and D
  • H. A and D


Answer : C

Where are Netcat's own network activity messages, such as when a connection occurs, sent?

  • A. Standard Error
  • B. Standard input
  • C. Standard Logfile
  • D. Standard Output


Answer : A

Reference:
http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

How does OWASP ZAP function when used for performing web application assessments?

  • A. It is a non-transparent proxy that sits between your web browser and the targetapplication.
  • B. It is a transparent policy proxy that sits between Java servers and |SP web pages.
  • C. It is a non-transparent proxy that passively sniffs network traffic for HTTPvulnerabilities.
  • D. It is a transparent proxy that sits between a target application and the backenddatabase.


Answer : D

Page:    1 / 26   
Total 392 questions