[Q158-Q183] Download Online VALID GPEN Exam Dumps File Instantly [Sep 24, 2022]

Download Online VALID GPEN Exam Dumps File Instantly[Sep 24, 2022]

GPEN Exam Dumps For Certification Exam Preparation

How to book GPEN Exams

In order to apply for the GPEN, You have to follow these steps

1. Go to the GPEN Official Site
2. Read the instruction Carefully
3. Follow the given steps
4. Apply for the GPEN

Audience for GPEN Exam

The professionals interested in passing the GPEN test are interested in validating their abilities to develop and manage a penetration test and understand how to use the best practices, methodologies, and techniques to be successful in it. Besides, the target audience for such an exam is formed of those individuals who want to consolidate their skills in engaging in reconnaissance together with using an approach oriented to processes that leads to projects dedicated to penetration testing. To add more, the GIAC GPEN validation is dedicated to specialists who have a role in security and who need to solve tasks related to network and system assessment as well as find the system’s vulnerabilities. Then, this test is suitable for penetration testers who want to add an international designation to their resumes and receive generous bonuses and salaries. Ethical hackers, as well as auditors, defenders, and forensic specialists can also opt for the evaluation. This exam will help them consolidate their ability to use offensive tactics and implement them in different scenarios. Finally, the members of red or blue teams are also part of the target audience for the official GIAC GPEN test.

 

NEW QUESTION 158
Which of the following attacks can be overcome by applying cryptography?

• A. Web ripping
• B. Buffer overflow
• C. DoS
• D. Sniffing

Answer: D

Explanation:
Section: Volume C
Explanation/Reference:

 

NEW QUESTION 159
Which of the following is an open source Web scanner?

• A. Nikto
• B. Internet scanner
• C. GFI LANguird
• D. NetRecon

Answer: A

 

NEW QUESTION 160
Which of the following security policies will you implement to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs?
Each correct answer represents a complete solution. Choose two.

• A. Using portscanner like nmap in your network.
• B. Using an IPSec enabled VPN for remote connectivity.
• C. Using personal firewall software on your Laptop.
• D. Using a protocol analyzer on your Laptop to monitor for risks.

Answer: B,C

 

NEW QUESTION 161
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to perform a stealth scan to discover open ports and applications running on the We-are-secure server. For this purpose, he wants to initiate scanning with the IP address of any third party. Which of the following scanning techniques will John use to accomplish his task?

• A. IDLE
• B. UDP
• C. TCP SYN/ACK
• D. RPC

Answer: A

Explanation:
Section: Volume C

 

NEW QUESTION 162
You have obtained the hash below from the /etc/shadow file. What are you able to discern simply by looking at this hash?

• A. A4XD$B4COCqWaEpFjLLDe. is an MD5 hash that was created using the salt $1 SuWeOhL6k$
• B. A4XDsB4COGqWaEpFjLLDe. is an MD5 hash that was created using the salt uWeOhL6k
• C. A4XDsB4COCqWaEpFjLLDe. is a SHAI hash that was created using the salt uweohL6k
• D. A4XD$B4COCqWaEpFjLLDe. is a SHAI hash that was created using the salt $1 SuWeOhL6k$ 1

Answer: B

 

NEW QUESTION 163
Which of the following techniques are NOT used to perform active OS fingerprinting?
Each correct answer represents a complete solution. Choose all that apply.

• A. ICMP error message quoting
• B. Analyzing email headers
• C. Sending FIN packets to open ports on the remote system
• D. Sniffing and analyzing packets

Answer: B,D

 

NEW QUESTION 164
You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. You install access points for enabling a wireless network. The sales team members and the managers in the company will be using laptops to connect to the LAN through wireless connections. Therefore, you install WLAN network interface adapters on their laptops. However, you want to restrict the sales team members and managers from communicating directly to each other. Instead, they should communicate through the access points on the network. Which of the following topologies will you use to accomplish the task?

• A. Ad hoc
• B. Infrastructure
• C. Mesh
• D. Star

Answer: B

 

NEW QUESTION 165
Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?

• A. Command injection attack
• B. Code injection attack
• C. Cross-Site Request Forgery
• D. Cross-Site Scripting attack

Answer: B

 

NEW QUESTION 166
Which of the following techniques is used to monitor telephonic and Internet conversations by a third party?

• A. Web ripping
• B. War driving
• C. Wiretapping
• D. War dialing

Answer: C

 

NEW QUESTION 167
Which of the following tools is spyware that makes Windows clients send their passwords as clear text?

• A. Pwddump2
• B. C2MYAZZ
• C. SMBRelay
• D. KrbCrack

Answer: B

 

NEW QUESTION 168
You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:

What is the IP address of the sender of this email?

• A. 216.168.54.25
• B. 209.191.91.180
• C. 172.16.10.90
• D. 141.1.1.1

Answer: A

 

NEW QUESTION 169
Analyze the screenshot below, which of the following sets of results will be retrieved using this search?

• A. Files of type .php that redirect to the sans.edu domain.
• B. Pages from the domain sans.edu that have external links.
• C. Files of type .php from the domain sans.edu.
• D. Pages that contain the term ext:php and slte.sans.edu.

Answer: B

Explanation:
Section: Volume B

 

NEW QUESTION 170
Which of the following tools is an example of HIDS?

• A. Log File Monitor
• B. Anti-Spector
• C. Elsave
• D. Auditpol.exe

Answer: A

Explanation:
Section: Volume D

 

NEW QUESTION 171
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server.
The output of the scanning test is as follows: C:\whisker.pl -h target_IP_address -- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - = = Host: target_IP_address = Server: Apache/1.3.12 (Win32) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true? Each correct answer represents a complete solution. Choose all that apply.

• A. The countermeasure to 'printenv' vulnerability is to remove the CGI script.
• B. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.
• C. This vulnerability helps in a cross site scripting attack.
• D. 'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.

Answer: A,B,C

 

NEW QUESTION 172
You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company has recently provided fifty laptops to its sales team members. You are required to configure an 802.11 wireless network for the laptops. The sales team members must be able to use their data placed at a server in a cabled network. The planned network should be able to handle the threat of unauthorized access and data interception by an unauthorized user.
You are also required to prevent the sales team members from communicating directly to one another. Which of the following actions will you take to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

• A. Configure the wireless network to use WEP encryption for the data transmitted over a wireless network.
• B. Using group policies, configure the network to allow the wireless computers to connect to the infrastructure networks only.
• C. Implement the IEEE 802.1X authentication for the wireless network.
• D. Using group policies, configure the network to allow the wireless computers to connect to the ad hoc networks only.
• E. Implement the open system authentication for the wireless network.

Answer: A,B,C

 

NEW QUESTION 173
Which of the following tools can be used to perform Windows password cracking, Windows enumeration, and VoIP session sniffing?

• A. Cain
• B. Pass-the-hash toolkit
• C. L0phtcrack
• D. John the Ripper

Answer: A

Explanation:
Section: Volume B

 

NEW QUESTION 174
Which of the following are countermeasures to prevent unauthorized database access attacks?
Each correct answer represents a complete solution. Choose all that apply.

• A. Removing all stored procedures
• B. Applying strong firewall rules
• C. Input sanitization
• D. Session encryption

Answer: A,B,C,D

 

NEW QUESTION 175
In which of the following attacks does an attacker use packet sniffing to read network traffic between two parties to steal the session cookie?

• A. Session sidejacking
• B. ARP spoofing
• C. Session fixation
• D. Cross-site scripting

Answer: A

Explanation:
Section: Volume B

 

NEW QUESTION 176
Analyze the screenshot below. What type of vulnerability is being attacked?

• A. Internet Explorer
• B. Windows Server service
• C. Local Security Authority
• D. Windows Powershell

Answer: A

 

NEW QUESTION 177
Which of the following is a method of gathering user names from a Linux system?

• A. Displaying the owner information of system-specific binaries
• B. Reviewing the contents of the system log files
• C. Extracting text strings from the system password file
• D. Gathering listening services from the xinetd configuration files

Answer: D

Explanation:
Reference:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Security_Guide/Red_Hat_Enterprise_Linux-6Security_Guide-en-US.pdf

 

NEW QUESTION 178
You successfully compromise a target system's web application using blind command injection. The command you injected is ping-n 1 192.168.1.200. Assuming your machine is 192.168.1 200, which of the following would you see?

• A. Ping-n 1 192.168.1 200 on the compromised system
• B. A 'Destination host unreachable' error message on the compromised system
• C. An ICMP Echo packet on your sniffer containing the source address of the target
• D. A packet containing 'Packets: Sent - 1 Received = 1, Loss = 0 (0% loss) on yoursniffer

Answer: A

 

NEW QUESTION 179
Which of the following commands can be used for port scanning?

• A. nc -w
• B. nc -z
• C. nc -t
• D. nc -g

Answer: B

Explanation:
Section: Volume C

 

NEW QUESTION 180
You have obtained the hash below from the /etc/shadow file. What are you able to discern simply by looking at this hash?

• A. A4XD$B4COCqWaEpFjLLDe. is an MD5 hash that was created using the salt $1 SuWeOhL6k$
• B. A4XDsB4COGqWaEpFjLLDe. is an MD5 hash that was created using the salt uWeOhL6k
• C. A4XDsB4COCqWaEpFjLLDe. is a SHAI hash that was created using the salt uweohL6k
• D. A4XD$B4COCqWaEpFjLLDe. is a SHAI hash that was created using the salt $1 SuWeOhL6k$ 1

Answer: B

Explanation:
Section: Volume B

 

NEW QUESTION 181
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. You have searched all open ports of the we-are-secure server. Now, you want to perform the next information-gathering step, i.e., passive OS fingerprinting. Which of the following tools can you use to accomplish the task?

• A. P0f
• B. Superscan
• C. Nmap
• D. NBTscan

Answer: A

 

NEW QUESTION 182
You run the following bash script in Linux:
for i in 'cat hostlist.txt' ;do nc -q 2 -v $i 80 < request.txt done where, hostlist.txt file contains the list of IP addresses and request.txt is the output file.
Which of the following tasks do you want to perform by running this script?

• A. You want to transfer file hostlist.txt to the hosts given in the IP address list.
• B. You want to perform port scanning to the hosts given in the IP address list.
• C. You want to put nmap in the listen mode to the hosts given in the IP address list.
• D. You want to perform banner grabbing to the hosts given in the IP address list.

Answer: D

Explanation:
Section: Volume B

 

NEW QUESTION 183
......

Latest Verified & Correct GPEN Questions: https://pass4sure.examcost.com/GPEN-practice-exam.html