This page was exported from Best Free Exam Guide [ http://free.exams4sures.com ] Export date:Sat Mar 15 2:35:38 2025 / +0000 GMT ___________________________________________________ Title: Pass GIAC GPEN With Exams4sures Exam Dumps - Updated on Nov-2022 [Q177-Q196] --------------------------------------------------- Pass GIAC GPEN With Exams4sures Exam Dumps - Updated on Nov-2022 Fully Updated GPEN Dumps - 100% Same Q&A In Your Real Exam GIAC GPEN Exam Certification Details: Exam CodeGPENPassing Score75%Schedule ExamPearson VUESample QuestionsGIAC GPEN Sample QuestionsExam NameGIAC Penetration Tester (GPEN)Number of Questions82-115 How to book GPEN Exams In order to apply for the GPEN, You have to follow these steps Go to the GPEN Official SiteRead the instruction CarefullyFollow the given stepsApply for the GPEN   NO.177 You have been contracted to penetration test an e-mail server for a client that wants to know for sure if the sendmail service is vulnerable to any known attacks. You have permission to run any type of test, how will you proceed to give the client the most valid answer?  Run all known sendmail exploits against the server and see if you can compromisethe service, even if it crashed the machine or service  Run a banner grabbing vulnerability checker to determine the sendmail version andpatch level, then look up and report all the vulnerabilities that exist for that versionand patch level  Run all sendmail exploits that will not crash the server and see if you cancompromise the service  Log into the e-mail and determine the sendmail version and patch level, then lookup and report all the vulnerabilities that exist for that version and patch level Section: Volume AExplanationNO.178 How does OWASP ZAP function when used for performing web application assessments?  It is a non-transparent proxy that sits between your web browser and the targetapplication.  It is a transparent policy proxy that sits between Java servers and |SP web pages.  It is a non-transparent proxy that passively sniffs network traffic for HTTPvulnerabilities.  It is a transparent proxy that sits between a target application and the backenddatabase. NO.179 Which of the following techniques are NOT used to perform active OS fingerprinting?Each correct answer represents a complete solution. Choose all that apply.  Analyzing email headers  Sniffing and analyzing packets  ICMP error message quoting  Sending FIN packets to open ports on the remote system Section: Volume CNO.180 While performing an assessment on a banking site, you discover the following link:hnps://mybank.com/xfer.aspMer_toMaccount_number]&amount-[dollars]Assuming authenticated banking users can be lured to your web site, which crafted html tag may be used to launch a XSRF attack?  <imgsrc-“java script alert (‘document cookie’):”>  <scripi>alert(‘hnps:/’mybank.com/xfer.a$p?xfer_io-[attacker_account]&amoutn-[dollars]’)</script>  <scripr>document.write(‘hTtp$://mybankxom/xfer.a$p?xfer_to-[attacker.accountl& amount-[dollars)</script>  <img src-‘https/mybank.com/xfer.asp?xfer_to=[artacker_account]&amount= [dollars]”> NO.181 Given the following Scapy information, how is default Layer 2 information derived?  The default layer 2 information is contained in a local scapy.cfg configuration fileon the local system.  If not explicitly defined, the Ether type field value Is created using the hex value ofthe destination port, in this case 80  If not explicitly defined, pseudo-random values are generated for the Layer 2 defaultinformation.  Scapy relies on the underlying operating system to construct Layer 2 information touse as default. NO.182 Which of the following is NOT a valid DNS zone type?  Stub zone  Secondary zone  AlterNet zone  Primary zone Section: Volume DNO.183 Analyze the excerpt from a packet capture between the hosts 192.168.116.9 and 192.168.116.101. What factual conclusion can the tester draw from this output?  Port 135 is filtered, port 139 is open.  Pons 135 and 139 are filtered.  Ports 139 and 135 are open.  Port 139 is closed, port 135 is open Section: Volume ANO.184 What concept do Rainbow Tables use to speed up password cracking?  Fast Lookup Crack Tables  Memory Swap Trades  Disk Recall Cracking  Time-Memory Trade-off Explanation/Reference:Reference:http://en.wikipedia.org/wiki/Space%E2%80%93time_tradeoffNO.185 You want to search Microsoft Outlook Web Access Default Portal using Google search on theInternet so that you can perform the brute force attack and get unauthorized access. What search string will you use to accomplish the task?  intitle:index.of inbox dbx  intext:”outlook.asp”  allinurl:”exchange/logon.asp”  intitle:”Index Of” -inurl:maillog maillog size NO.186 The scope of your engagement is to include a target organization located in California with a /24 block of addresses that they claim to completely own. Which site could you utilize to confirm that you have been given accurate information before starting reconnaissance activities?  www.whois.net  www.arin.nei  www.apnic.net  www.ripe.net Section: Volume BNO.187 LM hash is one of the password schemes that Microsoft LAN Manager and Microsoft Windows versions prior to the Windows Vista use to store user passwords that are less than 15 characters long. If you provide a password seven characters or less, the second half of the LM hash is always __________.  0xAAD3B435B51404EE  0xBBD3B435B51504FF  0xBBC3C435C51504EF  0xAAD3B435B51404FF NO.188 You are performing a vulnerability assessment using Nessus and your clients printers begin printing pages of random text and showing error messages. The client is not happy with the situation. What is the best way to proceed?  Enable the “Skip all primers” option and re-scan  Ensure Safe Checks is enabled in Nessus scan policies  Remove primer IP addresses from your target list  Verify primers are in scope and tell the client In progress scans cannot be stopped Section: Volume ANO.189 Which of the following is the second half of the LAN manager Hash?  0xAAD3B435B51404BB  0xAAD3B435B51404CC  0xAAD3B435B51404EE  0xAAD3B435B51404AA Section: Volume DNO.190 You run the following command while using Nikto Web scanner:perl nikto.pl -h 192.168.0.1 -p 443What action do you want to perform?  Updating Nikto.  Seting Nikto for network sniffing.  Port scanning.  Using it as a proxy server. Section: Volume CNO.191 Which of the following statements are true about MS-CHAPv2?Each correct answer represents a complete solution. Choose all that apply.  It is a connectionless protocol.  It can be replaced with EAP-TLS as the authentication mechanism for PPTP.  It provides an authenticator-controlled password change mechanism.  It is subject to offline dictionary attacks. NO.192 Analyze the command output below, what action is being performed by the tester?  Displaying a Windows SAM database  Listing available workgroup services  Discovering valid user accounts  Querying locked out user accounts Section: Volume ANO.193 Which of the following is a tool for SSH and SSL MITM attacks?  Ettercap  Cain  Dsniff  AirJack NO.194 A client has asked for a vulnerability scan on an internal network that does not have internet access. The rules of engagement prohibits any outside connection for the Nessus scanning machine. The customer has asked you to scan for a new critical vulnerability, which was released after the testing started, winch of the following methods of updating the Nessus plugins does not violate the rules of engagement?  Connect the scanning machine via wireless bridge and download the updateddirectly  Change the routing and connect through an alternative gateway  Proceed with the test and note the limitation of updating the plugins  Download the updates on an alternative machine and manually load on scanningmachine Section: Volume ANO.195 John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows: Which of the following tools is John using to crack the wireless encryption keys?  AirSnort  PsPasswd  Cain  Kismet NO.196 The employees of EWS Inc. require remote access to the company’s Web servers. In order to provide solid wireless security, the company uses EAP-TLS as the authentication protocol. Which of the following statements are true about EAP-TLS?Each correct answer represents a complete solution. Choose all that apply.  It is supported by all manufacturers of wireless LAN hardware and software.  It uses a public key certificate for server authentication.  It uses password hash for client authentication.  It provides a moderate level of security. Section: Volume C Loading … GPEN Test Structure The GIAC GPEN certification exam includes 82 to 115 questions. The vendor doesn't give details on how the questions are structured. Thus, the applicants should be ready to solve variously-formatted inquiries. As for the time limit, the candidates will have 3 hours to answer a minimum of 75% of all questions. Also, this is a proctored exam. So, the test-takers will need to follow some rules before they can take it. In particular, they need to send an application to the vendor's site and wait for the evaluation team to check it. Once you get their reply, if you are accepted, you can proceed to pay the registration fee and take the final exam. Its value is $1,999.   Latest GPEN Exam Dumps - Valid and Updated Dumps: https://www.exams4sures.com/GIAC/GPEN-practice-exam-dumps.html --------------------------------------------------- Images: https://free.exams4sures.com/wp-content/plugins/watu/loading.gif https://free.exams4sures.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-11-30 15:51:01 Post date GMT: 2022-11-30 15:51:01 Post modified date: 2022-11-30 15:51:01 Post modified date GMT: 2022-11-30 15:51:01