Weekend Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

GPEN GIAC Penetration Tester Questions and Answers

Questions 4

Which of the following United States laws protects stored electronic information?

Options:

A.

Title 18, Section 1029

B.

Title 18, Section 1362

C.

Title 18, Section 2701

D.

Title 18, Section 2510

Buy Now
Questions 5

Which of the following techniques are NOT used to perform active OS fingerprinting?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

ICMP error message quoting

B.

Analyzing email headers

C.

Sniffing and analyzing packets

D.

Sending FIN packets to open ports on the remote system

Buy Now
Questions 6

Which of the following tools allows you to download World Wide Web sites from the Internet to a local computer?

Options:

A.

Netstat

B.

Netcraft

C.

HTTrack

D.

Cheops-ng

Buy Now
Questions 7

You want to run the nmap command that includes the host specification of 202.176.56-57.*. How many hosts will you scan?

Options:

A.

1024

B.

256

C.

512

D.

64

Buy Now
Questions 8

Which of the following nmap switches is used to perform NULL scan?

Options:

A.

-sN

B.

-sO

C.

-sU

D.

-sP

Buy Now
Questions 9

Which of the following event logs contains traces of brute force attempts performed by an attacker?

Options:

A.

SysEvent.Evt

B.

WinEvent.Evt

C.

AppEvent.Evt

D.

SecEvent.Evt

Buy Now
Questions 10

What does APNIC stand for?

Options:

A.

Asia-Pacific Network Information Center

B.

American-Pacific Network Information Center

C.

American Private Network Information Center

D.

Asian Private Network Information Center

Buy Now
Questions 11

Which of the following tools can be used to find a username from a SID?

Options:

A.

SNMPENUM

B.

SID

C.

SID2User

D.

SIDENUM

Buy Now
Questions 12

Which of the following is NOT a Back orifice plug-in?

Options:

A.

BOSOCK32

B.

STCPIO

C.

BOPeep

D.

Beast

Buy Now
Questions 13

Which of the following tools can be used to find a username from a SID?

Options:

A.

SNMPENUM

B.

SID

C.

SID2User

D.

SIDENUM

Buy Now
Questions 14

Which of the following are considered Bluetooth security violations?

Each correct answer represents a complete solution. Choose two.

Options:

A.

SQL injection attack

B.

Cross site scripting attack

C.

Bluebug attack

D.

Bluesnarfing

E.

Social engineering

Buy Now
Questions 15

The employees of CCN Inc. require remote access to the company's proxy servers. In order to provide solid wireless security, the company uses LEAP as the authentication protocol. Which of the following is supported by the LEAP protocol?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Public key certificate for server authentication

B.

Password hash for client authentication

C.

Strongest security level

D.

Dynamic key encryption

Buy Now
Questions 16

When you conduct the XMAS scanning using Nmap, you find that most of the ports scanned do not give a response. What can be the state of these ports?

Options:

A.

Closed

B.

Open

C.

Filtered

Buy Now
Questions 17

LM hash is one of the password schemes that Microsoft LAN Manager and Microsoft Windows versions prior to the Windows Vista use to store user passwords that are less than 15 characters long. If you provide a password seven characters or less, the second half of the LM hash is always

__________.

Options:

A.

0xBBD3B435B51504FF

B.

0xAAD3B435B51404FF

C.

0xBBC3C435C51504EF

D.

0xAAD3B435B51404EE

Buy Now
Questions 18

Which of the following commands can be used for port scanning?

Options:

A.

nc -z

B.

nc -t

C.

nc -w

D.

nc –g

Buy Now
Questions 19

You want to perform an active session hijack against Secure Inc. You have found a target that allows Telnet session. You have also searched an active session due to the high level of traffic on the network. What should you do next?

Options:

A.

Use a sniffer to listen network traffic.

B.

Use macoff to change MAC address.

C.

Guess the sequence numbers.

D.

Use brutus to crack telnet password.

Buy Now
Questions 20

You send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024 using hping2 utility. This attack is known as __________.

Options:

A.

Port scanning

B.

Spoofing

C.

Cloaking

D.

Firewalking

Buy Now
Questions 21

You want to create a binary log file using tcpdump. Which of the following commands will you use?

Options:

A.

tcpdump -B

B.

tcpdump -dd

C.

tcpdump -w

D.

tcpdump –d

Buy Now
Questions 22

Which of the following tools monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools?

Options:

A.

IDS

B.

Firewall

C.

Snort

D.

WIPS

Buy Now
Questions 23

Which of the following Penetration Testing steps includes network mapping and OS fingerprinting?

Options:

A.

Gather information

B.

Exploit

C.

Verify vulnerabilities

D.

Planning stage

Buy Now
Questions 24

You have changed the RestrictAnonymous registry setting from 0 to 1 on your servers to secure your Windows 2000 system so that any malicious user cannot establish a null session on the server. However, when you test the security using userinfo tool, you got that you can still establish the null session. What may be its reason?

Options:

A.

You cannot disable establishing null sessions.

B.

You need to disable the promiscuous mode of network Ethernet card.

C.

You need to set the RestrictAnonymous key value to 2 instead of 1.

D.

You need to install a firewall.

Buy Now
Questions 25

What happens when you scan a broadcast IP address of a network?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It leads to scanning of all the IP addresses on that subnet at the same time.

B.

It will show an error in the scanning process.

C.

It may show smurf DoS attack in the network IDS of the victim.

D.

Scanning of the broadcast IP address cannot be performed.

Buy Now
Questions 26

Which of the following federal laws are related to hacking activities?

Each correct answer represents a complete solution. Choose three.

Options:

A.

18 U.S.C. 1030

B.

18 U.S.C. 1028

C.

18 U.S.C. 2510

D.

18 U.S.C. 1029

Buy Now
Questions 27

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. He has to ping 500 computers to find out whether these computers are connected to the server or not. Which of the following will he use to ping these computers?

Options:

A.

PING

B.

TRACEROUTE

C.

Ping sweeping

D.

NETSTAT

Buy Now
Questions 28

How many bits does SYSKEY use for encryption?

Options:

A.

32

B.

64

C.

512

D.

128

Buy Now
Questions 29

One of the sales people in your company complains that sometimes he gets a lot of unsolicited messages on his PDA. After asking a few questions, you determine that the issue only occurs in crowded areas like airports. What is the most likely problem?

Options:

A.

Blue snarfing

B.

Blue jacking

C.

A virus

D.

Spam

Buy Now
Questions 30

You are a Web Administrator of Millennium Inc. The company has hosted its Web site within its network. The management wants the company's vendors to be able to connect to the corporate site from their locations through the Internet. As a public network is involved in this process, you are concerned about the security of data transmitted between the vendors and the corporate site.

Which of the following can help you?

Options:

A.

EAP

B.

WEP

C.

Smart card

D.

VPN

Buy Now
Questions 31

You work as an IT Technician for uCertify Inc. You have to take security measures for the wireless network of the company. You want to prevent other computers from accessing the company's wireless network. On the basis of the hardware address, which of the following will you use as the best possible method to accomplish the task?

Options:

A.

MAC Filtering

B.

SSID

C.

RAS

D.

WEP

Buy Now
Questions 32

Which of the following tools are used for footprinting?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Brutus

B.

Sam spade

C.

Whois

D.

Traceroute

Buy Now
Questions 33

Which of the following are the countermeasures against WEP cracking?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Using the longest key supported by hardware.

B.

Using a non-obvious key.

C.

Using a 16 bit SSID.

D.

Changing keys often.

Buy Now
Questions 34

Which of the following can be used to mitigate the evil twin phishing attack?

Options:

A.

Magic Lantern

B.

Obiwan

C.

IPSec VPN

D.

SARA

Buy Now
Questions 35

Which of the following TCP packet sequences are common during a SYN (or half-open) scan?

Options:

A.

The source computer sends SYN and the destination computer responds with RST

B.

The source computer sends SYN-ACK and no response Is received from the destination computer

C.

The source computer sends SYN and no response is received from the destination computer

D.

The source computer sends SYN-ACK and the destination computer responds with RST-ACK

E.

A,B and C

F.

A and C

G.

C and D

Buy Now
Questions 36

You are pen testing a network and have shell access to a machine via Netcat. You try to use ssh to access another machine from the first machine. What is the expected result?

Options:

A.

The ssh connection will succeed If you have root access on the intermediate

machine

B.

The ssh connection will fail

C.

The ssh connection will succeed

D.

The ssh connection will succeed if no password required

Buy Now
Questions 37

Analyze the command output below, what action is being performed by the tester?

GPEN Question 37

Options:

A.

Displaying a Windows SAM database

B.

Listing available workgroup services

C.

Discovering valid user accounts

D.

Querying locked out user accounts

Buy Now
Questions 38

You successfully compromise a target system's web application using blind command injection. The command you injected is ping-n 1 192.168.1.200. Assuming your machine is 192.168.1 200, which of the following would you see?

Options:

A.

Ping-n 1 192.168.1 200 on the compromised system

B.

A 'Destination host unreachable' error message on the compromised system

C.

A packet containing 'Packets: Sent - 1 Received = 1, Loss = 0 (0% loss) on yoursniffer

D.

An ICMP Echo packet on your sniffer containing the source address of the target

Buy Now
Questions 39

While performing an assessment on a banking site, you discover the following link:

hnps://mybank.com/xfer.aspMer_toMaccount_number]&amount-[dollars]

Assuming authenticated banking users can be lured to your web site, which crafted html tag may be used to launch a XSRF attack?

Options:

A.

B.

alert('hnps:/'mybank.com/xfer.a$p?xfer_io-[attacker_account]&amoutn-[dollars]')</script>

C.

document.\write('hTtp$://mybankxom/xfer.a$p?xfer_to-[attacker.accountl

&amount-[dollars)</script>

D.

Buy Now
Questions 40

You have connected to a Windows system remotely and have shell access via netcat. While connected to the remote system you notice that some Windows commands work normally while others do not An example of this is shown in the picture below Which of the following best describes why tins is happening?

GPEN Question 40

Options:

A.

Netcat cannot properly interpret certain control characters or Unicode sequences.

B.

The listener executed command.com instead of cmd.exe.

C.

Another application is already running on the port Netcat is listening on.

D.

TheNetcat listener is running with system level privileges.

Buy Now
Questions 41

You are pen testing a system and want to use Metasploit 3.X to open a listening port on the system so you can access it via a netcat shell. Which stager would you use to have the system listen on TCP port 50000?

Options:

A.

Reverse.tcp

B.

Bind.tcp

C.

Fincltag.ord

D.

Passivex

Buy Now
Questions 42

Which Metasploitvncinject stager will allow VNC communications from the attacker to a listening port of the attacker's choosing on the victim machine?

Options:

A.

Vncinject/find.lag

B.

Vncinject/reverse.tcp

C.

Vncinject/reverse-http

D.

Vncinject /bind.tcp

Buy Now
Questions 43

All of the following are advantages of using the Metasploitpriv module for dumping hashes from a local Windows machine EXCEPT:

Options:

A.

Doesn't require SMB or NetBIOS access to the target machine

B.

Can run inside of a process owned by any user

C.

Provides less evidence for forensics Investigators to recover

D.

LSASS related reboot problems aren't an Issue

Buy Now
Questions 44

Identify the network activity shown below;

GPEN Question 44

Options:

A.

A sweep of available hosts on the local subnet

B.

A flood of the local switch's CAM table.

C.

An attempt to disassociate wireless clients.

D.

An attempt to impersonate the local gateway

Buy Now
Questions 45

What is the purpose of die following command:

nc.exe -I -p 2222 -e cmd.exe

Options:

A.

It is used to start a persistent listener linked to cmd.exe on port 2222 TCP

B.

It is used to start a listener linked to cmd.exe on port 2222 TCP

C.

It is used to start a listener linked to cmd.exe on port 2222 UDP

D.

It is used to start a persistent listener linked to cmd.exe on port 2222 UDP

Buy Now
Questions 46

You have been contracted to penetration test an e-mail server for a client that wants to know for sure if the sendmail service is vulnerable to any known attacks. You have permission to run any type of test, how will you proceed to give the client the most valid answer?

Options:

A.

Run all known sendmail exploits against the server and see if you can compromisethe service, even if it crashed the machine or service

B.

Run a banner grabbing vulnerability checker to determine the sendmail version andpatch level, then look up and report all the vulnerabilities that exist for that versionand patch level

C.

Run all sendmail exploits that will not crash the server and see if you cancompromise the service

D.

Log into the e-mail and determine the sendmail version and patch level, then lookup and report all the vulnerabilities that exist for that version and patch level

Buy Now
Questions 47

While performing a code audit, you discover a SQL injection vulnerability assuming the following vulnerable query, what user input could be injected to make the query true and return data?

select * from widgets where name = '[user-input]';

Options:

A.

'or 1=1

B.

‘or l=l…

C.

'or 1=1--

D.

‘or l=1’

Buy Now
Questions 48

What problem occurs when executing the following command from within a netcat raw shell? sudo cat /etc/shadow

Options:

A.

Sudo does not work at all from a shell

B.

Sudo works fine if the user and command are both in the /etc/sudoers file

C.

The display blanks after typing the sudo command

D.

You will not be able to type the password at the password prompt

Buy Now
Questions 49

What concept do Rainbow Tables use to speed up password cracking?

Options:

A.

Fast Lookup Crack Tables

B.

Memory Swap Trades

C.

Disk Recall Cracking

D.

Time-Memory Trade-off

Buy Now
Questions 50

Which of the following tools is used to verify the network structure packets and confirm that the packets are constructed according to specification?

Options:

A.

snort_inline

B.

EtherApe

C.

Snort decoder

D.

AirSnort

Buy Now
Questions 51

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully performed the following steps of the preattack phase to check the security of the We-are-secure network:

l Gathering information

l Determining the network range

l Identifying active systems

Now, he wants to find the open ports and applications running on the network. Which of the following tools will he use to accomplish his task?

Options:

A.

APNIC

B.

SuperScan

C.

RIPE

D.

ARIN

Buy Now
Questions 52

Which of the following security policies will you implement to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Using personal firewall software on your Laptop.

B.

Using a protocol analyzer on your Laptop to monitor for risks.

C.

Using portscanner like nmap in your network.

D.

Using an IPSec enabled VPN for remote connectivity.

Buy Now
Questions 53

Which of the following is the frequency range to tune IEEE 802.11a network?

Options:

A.

1.15-3.825 GHz

B.

5.15-5.825 GHz

C.

5.25-9.825 GHz

D.

6.25-9.825 GHz

Buy Now
Questions 54

Fill in the blank with the appropriate act name.

The ____act gives consumers the right to ask emailers to stop spamming them.

Options:

Buy Now
Questions 55

You want to search Microsoft Outlook Web Access Default Portal using Google search on the

Internet so that you can perform the brute force attack and get unauthorized access. What search string will you use to accomplish the task?

Options:

A.

intitle:index.of inbox dbx

B.

intext:"outlook.asp"

C.

allinurl:"exchange/logon.asp"

D.

intitle:"Index Of" -inurl:maillog maillog size

Buy Now
Questions 56

In which layer of the OSI model does a sniffer operate?

Options:

A.

Network layer

B.

Session layer

C.

Presentation layer

D.

Data link layer

Buy Now
Questions 57

Which of the following tools is based on the SATAN tool?

Options:

A.

Retina

B.

Internet scanner

C.

GFI LANguard

D.

SAINT

Buy Now
Exam Code: GPEN
Exam Name: GIAC Penetration Tester
Last Update: Jun 30, 2025
Questions: 385

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now GPEN testing engine

PDF (Q&A)

$31.5  $104.99
buy now GPEN pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 04 Jul 2025