All About Free GPEN Simulations

NEW QUESTION 1

You work as a Network Administrator for Tech Perfect Inc. The company requires a secure wireless network. To provide security, you are configuring ISA Server 2006 as a firewall. While configuring ISA Server 2006, which of the following is NOT necessary?

• A. Configuration of VPN access
• B. Setting up of monitoring on ISA Server
• C. Defining ISA Server network configuration
• D. Defining how ISA Server would cache Web contents

Answer: A

NEW QUESTION 2

You have been contracted to perform a black box pen test against the Internet facing servers for a company. They want to know, with a high level of confidence, if their servers are vulnerable to external attacks. Your contract states that you can use all tools available to you to pen test the systems. What course of action would you use to generate a report with the lowest false positive rate?

• A. Use a port scanner to find open service ports and generate a report listing allvulnerabilities associated with those listening service
• B. Use a vulnerability or port scanner to find listening services and then try to exploitthose service
• C. Use a vulnerability scanner to generate a report of vulnerable service
• D. Log into the system and record the patch levels of each service then generate areport that lists known vulnerabilities for all the running service

Answer: B

NEW QUESTION 3

Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?

• A. Internet layer
• B. Application layer
• C. Transport Layer
• D. Link layer

Answer: D

NEW QUESTION 4

In which of the following attacks is a malicious packet rejected by an IDS, but accepted by the host system?

• A. Insertion
• B. Evasion
• C. Fragmentation overwrite
• D. Fragmentation overlap

Answer: B

NEW QUESTION 5

Adam, a malicious hacker, hides a hacking tool from a system administrator of his company by using Alternate Data Streams (ADS) feature. Which of the following statements is true in context with the above scenario?

• A. Alternate Data Streams is a feature of Linux operating syste
• B. Adam's system runs on Microsoft Windows 98 operating syste
• C. Adam is using FAT file syste
• D. Adam is using NTFS file syste

Answer: D

NEW QUESTION 6

John works as an Ethical Hacker for uCertify Inc. He wants to find out the ports that are open in uCertify's server using a port scanner. However, he does not want to establish a full TCP connection. Which of the following scanning techniques will he use to accomplish this task?

• A. TCP FIN
• B. Xmas tree
• C. TCP SYN/ACK
• D. TCP SYN

Answer: D

NEW QUESTION 7

Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 Active Directory domain-based network. The domain consists of a domain controller, two Windows 2003 member servers, and one hundred client computers. The company employees use laptops with Windows XP Professional. These laptops are equipped with wireless network cards that are used to connect to access points located in the Marketing department of the company. The company employees log on to the domain by using a user name and password combination. The wireless network has been configured with WEP in addition to 802.1x. Mark wants to provide the best level of security for the kind of
authentication used by the company. What will Mark do to accomplish the task?

• A. Use EAP-TLS
• B. Use MD5
• C. Use PEAP
• D. Use IPSec

Answer: C

NEW QUESTION 8

You want to scan your network quickly to detect live hosts by using ICMP ECHO Requests. What type of scanning will you perform to accomplish the task?

• A. Idle scan
• B. TCP SYN scan
• C. Ping sweep scan
• D. XMAS scan

Answer: C

NEW QUESTION 9

Which of the following is the correct sequence of packets to perform the 3-way handshake method?

• A. SYN, ACK, ACK
• B. SYN, ACK, SYN/ACK
• C. SYN, SYN/ACK, ACK
• D. SYN, SYN, ACK

Answer: C

NEW QUESTION 10

Which of the following Trojans does not use TCP protocol?

• A. Donald Dick
• B. Beast
• C. Back Oriffice
• D. NetBus

Answer: C

NEW QUESTION 11

You have forgotten your password of an online shop. The web application of that online shop asks you to enter your email so that they can send you a new password. You enter your email you@gmail.com' and press the submit button. The Web application displays the server error.
What can be the reason of the error?

• A. The remote server is dow
• B. You have entered any special character in emai
• C. Your internet connection is slo
• D. Email entered is not vali

Answer: B

NEW QUESTION 12

When DNS is being used for load balancing, why would a penetration tester choose to identify a scan target by its IP address rather than its host name?

• A. Asingle IP may have multiple domain
• B. A single domain name can only have one IP addres
• C. Scanning tools only recognize IP addresses
• D. A single domain name may have multiple IP addresse

Answer: C

Explanation:
Reference: http://www.flashcardmachine.com/sec-midterm.html

NEW QUESTION 13

Which of the following is a passive information gathering tool?

• A. Whois
• B. Snort
• C. Ettercap
• D. Nmap

Answer: A

NEW QUESTION 14

Which of the following TCP packet sequences are common during a SYN (or half-open) scan?

• A. The source computer sends SYN and the destination computer responds with RST
• B. The source computer sends SYN-ACK and no response Is received from the destination computer
• C. The source computer sends SYN and no response is received from the destination computer
• D. The source computer sends SYN-ACK and the destination computer responds with RST-ACK
• E. A,B and C
• F. A and C
• G. C and D
• H. C and D

Answer: C

NEW QUESTION 15

Analyze the command output below. What information can the tester infer directly from the information shown?

• A. The administrator account has no password
• B. Null sessions are enabled on the target
• C. The target host is running Linux with Samba services
• D. Account lockouts must be reset by the Administrator

Answer: C

NEW QUESTION 16

You want to connect to your friend's computer and run a Trojan on it. Which of the following tools will you use to accomplish the task?

• A. Remoxec
• B. Hk.exe
• C. PSExec
• D. GetAdmin.exe

Answer: C

NEW QUESTION 17
......