Rebirth GPEN Test Preparation For GIAC Certified Penetration Tester Certification

NEW QUESTION 1

Which of the following is NOT a Back orifice plug-in?

• A. BOSOCK32
• B. STCPIO
• C. BOPeep
• D. Beast

Answer: D

NEW QUESTION 2

A tester has been contracted to perform a penetration test for a corporate client. The scope of the test is limited to end-user workstations and client programs only. Which of die following actions is allowed in this test?

• A. Attempting to redirect the internal gateway through ARP poisoning
• B. Activating bot clients and performing a denial-of-service against the gatewa
• C. Sniffing and attempting to crack the Domain Administrators password has
• D. Sending a malicious pdf to a user and exploiting a vulnerable Reader versio

Answer: B

NEW QUESTION 3

Analyze the screenshot below. What type of vulnerability is being attacked?

• A. Windows Server service
• B. Internet Explorer
• C. Windows Powershell
• D. Local Security Authority

Answer: B

NEW QUESTION 4

Which of the following techniques are NOT used to perform active OS fingerprinting?
Each correct answer represents a complete solution. Choose all that apply.

• A. Analyzing email headers
• B. Sniffing and analyzing packets
• C. ICMP error message quoting
• D. Sending FIN packets to open ports on the remote system

Answer: AB

NEW QUESTION 5

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a multimedia enabled mobile phone, which is suspected to be used in a cyber crime. Adam uses a tool, with the help of which he can recover deleted text messages, photos, and call logs of the mobile phone. Which of the following tools is Adam using?

• A. FTK Imager
• B. FAU
• C. Device Seizure
• D. Galleta

Answer: C

NEW QUESTION 6

How does OWASP ZAP function when used for performing web application assessments?

• A. It is a non-transparent proxy that sits between your web browser and the targetapplicatio
• B. It is a transparent policy proxy that sits between Java servers and |SP web page
• C. It is a non-transparent proxy that passively sniffs network traffic for HTTPvulnerabilitie
• D. It is a transparent proxy that sits between a target application and the backenddatabas

Answer: D

NEW QUESTION 7

Which of the following types of Penetration testing provides the testers with complete knowledge of the infrastructure to be tested?

• A. White Box
• B. Black Box
• C. Grey Box
• D. Water Fall

Answer: A

NEW QUESTION 8

John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?
Each correct answer represents a complete solution. Choose all that apply.

• A. Dictionary attack
• B. Rule based attack
• C. Hybrid attack
• D. Brute Force attack

Answer: ACD

NEW QUESTION 9

Which of the following is possible in some SQL injection vulnerabilities on certain types of databases that affects the underlying server OS?

• A. Database structure retrieval
• B. Shell command execution
• C. Data manipulation
• D. Data query capabilities

Answer: A

Explanation:
Reference:
http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/

NEW QUESTION 10

What concept do Rainbow Tables use to speed up password cracking?

• A. Fast Lookup Crack Tables
• B. Memory Swap Trades
• C. Disk Recall Cracking
• D. Time-Memory Trade-off

Answer: D

Explanation:
Reference:
http://en.wikipedia.org/wiki/Space%E2%80%93time_tradeoff

NEW QUESTION 11

Which of the following tools can be used to enumerate networks that have blocked ICMP Echo packets, however, failed to block timestamp or information packet or not performing sniffing of trusted addresses, and it also supports spoofing and promiscuous listening for reply packets?

• A. Nmap
• B. Zenmap
• C. Icmpenum
• D. Nessus

Answer: C

NEW QUESTION 12

What is the purpose of the following command?
C:\>wmic /node:[target IP] /user:[admin-user]
/password:[password] process call create [command]

• A. Running a command on a remote Windows machine
• B. Creating a service on a remote Windows machine
• C. Creating an admin account on a remote Windows machine
• D. Listing the running processes on a remote windows machine

Answer: D

NEW QUESTION 13

Which of the following is a tool for SSH and SSL MITM attacks?

• A. Ettercap
• B. Cain
• C. Dsniff
• D. AirJack

Answer: C

NEW QUESTION 14

You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

• A. History folder
• B. Temporary Internet Folder
• C. Cookies folder
• D. Download folder

Answer: ABC

NEW QUESTION 15

What command will correctly reformat the Unix passwordcopy and shadowcopy Tiles for input to John The Ripper?

• A. /Un shadow passwd copy shadowcopy > johnfile
• B. /Unshadow passwdcopy shadowcopy > johnfile
• C. /Unshadow shadowcopy passwdcopy >john file
• D. /Unshadow passwdcopy shadowcopy > johnfile

Answer: C

Explanation:
Reference:
https://books.google.co.in/books?id=SC-tAwAAQBAJ&pg=PA286&lpg=PA286&dq=/Unshadow+shadow+copy+passwd+copy+%3Ej ohn+file&source=bl&ots=OnZK9atlc1&sig=co7EM5EHye96vO74W3wZxky3sXU&hl=en&sa =X&ei=FBuoVPLHDc-cugSDxYGYBA&ved=0CCwQ6AEwAg#v=onepage&q=%2FUnshadow%20shadow%20cop y%20passwd%20copy%20%3Ejohn%20file&f=false

NEW QUESTION 16

Victor works as a professional Ethical Hacker for SecureEnet Inc. He wants to scan the wireless network of the company. He uses a tool that is a free open-source utility for network exploration.
The tool uses raw IP packets to determine the following:
What ports are open on our network systems.
What hosts are available on the network.
Identify unauthorized wireless access points.
What services (application name and version) those hosts are offering.
What operating systems (and OS versions) they are running.
What type of packet filters/firewalls are in use.
Which of the following tools is Victor using?

• A. Nmap
• B. Kismet
• C. Sniffer
• D. Nessus

Answer: A

NEW QUESTION 17
......