Want to know Exambible GPEN Exam practice test features? Want to lear more about GIAC GIAC Certified Penetration Tester certification experience? Study Tested GIAC GPEN answers to Renewal GPEN questions at Exambible. Gat a success with an absolute guarantee to pass GIAC GPEN (GIAC Certified Penetration Tester) test on your first attempt.

Also have GPEN free dumps questions for you:

NEW QUESTION 1

The resulting business impact, of the penetration test or ethical hacking engagement is explained in what section of the final report?

  • A. Problems
  • B. Findings
  • C. Impact Assessment
  • D. Executive Summary

Answer: D

Explanation:
Reference:
http://www.frost.com/upld/get-data.do?id=1568233

NEW QUESTION 2

John works as a Penetration Tester in a security service providing firm named you-are-secure Inc.
Recently, John's company has got a project to test the security of a promotional Website
www.missatlanta.com and assigned the pen-testing work to John. When John is performing penetration testing, he inserts the following script in the search box at the company home page:
<script>alert('Hi, John')</script>
After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John."
Which of the following attacks can be performed on the Web site tested by john while considering the above scenario?

  • A. XSS attack
  • B. Replay attack
  • C. Buffer overflow attack
  • D. CSRF attack

Answer: A

NEW QUESTION 3

Why is OSSTMM beneficial to the pen tester?

  • A. It provides a legal and contractual framework for testing
  • B. It provides in-depth knowledge on tools
  • C. It provides report templates
  • D. It includes an automated testing engine similar to Metasploit

Answer: C

Explanation:
Reference:
http://www.pen-tests.com/open-source-security-testing-methodology-manual-osstmm.html

NEW QUESTION 4

Which of the following tools can be used to automate the MITM attack?

  • A. Hotspotter
  • B. Airjack
  • C. Kismet
  • D. IKECrack

Answer: B

NEW QUESTION 5

Which of the following methods can be used to detect session hijacking attack?

  • A. ntop
  • B. Brutus
  • C. nmap
  • D. sniffer

Answer: D

NEW QUESTION 6

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com network. Now, when you have finished your penetration testing, you find that the weare- secure.com server is highly vulnerable to SNMP enumeration. You advise the we-are-secure Inc. to turn off SNMP; however, this is not possible as the company is using various SNMP services on its remote nodes. What other step can you suggest to remove SNMP vulnerability?
Each correct answer represents a complete solution. Choose two.

  • A. Close port TCP 53.
  • B. Change the default community string name
  • C. Upgrade SNMP Version 1 with the latest versio
  • D. Install antiviru

Answer: BC

NEW QUESTION 7

When sniffing wireless frames, the interface mode plays a key role in successfully collecting traffic. Which of the mode or modes are best used for sniffing wireless traffic?

  • A. Master Ad-hoc
  • B. RFMON
  • C. RFMO
  • D. Ad-hoc
  • E. Ad-hoc

Answer: A

Explanation:
Reference:
http://www.willhackforsushi.com/books/377_eth_2e_06.pdf

NEW QUESTION 8

Which of the following ports must you filter to check null sessions on your network?

  • A. 139 and 445
  • B. 111 and 222
  • C. 1234 and 300
  • D. 130 and 200

Answer: A

NEW QUESTION 9
CORRECT TEXT
Fill in the blank with the appropriate act name.
The___ act gives consumers the right to ask emailers to stop spamming them.

  • A.

Answer: CAN-SPAM

NEW QUESTION 10

As pan or a penetration lest, your team is tasked with discovering vulnerabilities that could be exploited from an inside threat vector. Which of the following activities fall within that scope?

  • A. SQL injection attacks against the hr intranet websit
  • B. A competitor's employee's scanning the company's websit
  • C. Wireless "war driving" the company manufacturing sit
  • D. Running a Nessus scan from the sales department networ
  • E. B, C, and D
  • F. A,
  • G. and D
  • H. B and D
  • I. A and D

Answer: C

NEW QUESTION 11

Which of the following standards is used in wireless local area networks (WLANs)?

  • A. IEEE 802.4
  • B. IEEE 802.3
  • C. IEEE 802.11b
  • D. IEEE 802.5

Answer: C

NEW QUESTION 12

While performing a code audit, you discover a SQL injection vulnerability assuming the following vulnerable query, what user input could be injected to make the query true and return data?
select * from widgets where name = '[user-input]';

  • A. 'or 1=1
  • B. ‘or l=l…
  • C. 'or 1=1--
  • D. ‘or l=1’

Answer: D

NEW QUESTION 13

A penetration tester obtains telnet access to a target machine using a captured credential. While trying to transfer her exploit to the target machine, the network intrusion detection
systems keeps detecting her exploit and terminating her connection. Which of the following actions will help the penetration tester transfer an exploit and compile it in the target system?

  • A. Use the http service's PUT command to push the file onto the target machin
  • B. Use the scp service, protocol SSHv2 to pull the file onto the target machin
  • C. Use the telnet service's ECHO option to pull the file onto the target machine
  • D. Use the ftp service in passive mode to push the file onto the target machin

Answer: D

NEW QUESTION 14

What difference would you expect to result from running the following commands;
(I). S dig .ns domain.com target.com -t AXFR
and
(2). S dig .ns.domain.com target.com -t IXFR=1002200301

  • A. Command (I) will display incremental information about a domain and command (2) Will provide only 1002200301 bytes of information
  • B. Command (1) will display all information about a domain and command (2) willprovide only incremental updates from SOA 1002200301
  • C. Command (I) will display all information about a domain and command (2) willprovide only incremental updates up to SOA 1002200301
  • D. Command (I) will display all information about a domain and command (2) willprovide only 1002200301 bytes of information

Answer: B

NEW QUESTION 15

Joseph works as a Network Administrator for WebTech Inc. He has to set up a centralized area on the network so that each employee can share resources and documents with one another. Which of the following will he configure to accomplish the task?

  • A. WEP
  • B. VPN
  • C. Intranet
  • D. Extranet

Answer: C

NEW QUESTION 16

Which of the following can be used to mitigate the evil twin phishing attack?

  • A. Magic Lantern
  • B. Obiwan
  • C. IPSec VPN
  • D. SARA

Answer: C

NEW QUESTION 17
......

P.S. Easily pass GPEN Exam with 385 Q&As Thedumpscentre.com Dumps & pdf Version, Welcome to Download the Newest Thedumpscentre.com GPEN Dumps: https://www.thedumpscentre.com/GPEN-dumps/ (385 New Questions)