GPEN Exam Info and Free Practice Test All-in-One Exam Guide Dec-2023 [Q186-Q210] | DumpsMaterials

  • Home
  • Articles
  • GPEN Exam Info and Free Practice Test All-in-One Exam Guide Dec-2023 [Q186-Q210]

GPEN Exam Info and Free Practice Test All-in-One Exam Guide Dec-2023 [Q186-Q210]

Share

GPEN Exam Info and Free Practice Test All-in-One Exam Guide Dec-2023

Pass GIAC GPEN Actual Free Exam Q&As Updated Dump Dec 26, 2023


The primary objective of the GPEN exam is to evaluate the knowledge, skills, and abilities of cybersecurity professionals in performing penetration testing activities. GPEN exam covers a wide range of topics, such as information gathering, vulnerability scanning, network and web application penetration testing, exploitation, post-exploitation, and reporting. GPEN exam also demands the candidates to have a solid understanding of ethical hacking methodologies, tools, and techniques.


The GPEN certification exam is designed for professionals with experience in information security, incident response, and penetration testing. It is a vendor-neutral exam that evaluates a candidate's knowledge of penetration testing methodologies, tools, and techniques. By obtaining this certification, professionals can demonstrate their ability to perform real-world penetration testing tasks and deliver valuable recommendations that improve an organization's security posture.

 

NEW QUESTION # 186
In which of the following attacks does an attacker use packet sniffing to read network traffic between two parties to steal the session cookie?

  • A. Session sidejacking
  • B. ARP spoofing
  • C. Cross-site scripting
  • D. Session fixation

Answer: A

Explanation:
Section: Volume B


NEW QUESTION # 187
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the Wearesecure server. Which of the following are countermeasures against a brute force attack?
Each correct answer represents a complete solution. Choose all that apply.

  • A. The site should increase the encryption key length of the password.
  • B. The site should force its users to change their passwords from time to time.
  • C. The site should use CAPTCHA after a specific number of failed login attempts.
  • D. The site should restrict the number of login attempts to only three times.

Answer: C,D


NEW QUESTION # 188
Which of the following IEEE standards defines Wired Equivalent Privacy encryption scheme?

  • A. 802.11g
  • B. 802.11a
  • C. 802.15
  • D. 802.11b

Answer: D


NEW QUESTION # 189
How many bits does SYSKEY use for encryption?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C


NEW QUESTION # 190
Which of the following methods can be used to detect session hijacking attack?

  • A. Brutus
  • B. ntop
  • C. sniffer
  • D. nmap

Answer: C


NEW QUESTION # 191
Joseph works as a Network Administrator for WebTech Inc. He has to set up a centralized area on the network so that each employee can share resources and documents with one another. Which of the following will he configure to accomplish the task?

  • A. WEP
  • B. Extranet
  • C. Intranet
  • D. VPN

Answer: C


NEW QUESTION # 192
Which of the following tools can be used for cracking the password of Server Message Block (SMB)?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Pwddump2
  • B. KrbCrack
  • C. L0phtCrack
  • D. SMBRelay

Answer: C,D


NEW QUESTION # 193
John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit.
John's password is vulnerable to which of the following password cracking attacks?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Dictionary attack
  • B. Hybrid attack
  • C. Brute Force attack
  • D. Rule based attack

Answer: A,B,C

Explanation:
Section: Volume C


NEW QUESTION # 194
You want to run the nmap command that includes the host specification of 202.176.56-57.*. How many hosts will you scan?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C

Explanation:
Section: Volume D


NEW QUESTION # 195
Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary attack?

  • A. SARA
  • B. Nmap
  • C. Whishker
  • D. Nessus

Answer: D


NEW QUESTION # 196
You work as a Network Penetration tester in the Secure Inc. Your company takes the projects to test the security of various companies. Recently, Secure Inc. has assigned you a project to test the security of the Bluehill Inc. For this, you start monitoring the network traffic of the Bluehill Inc.
In this process, you get that there are too many FTP packets traveling in the Bluehill Inc. network.
Now, you want to sniff the traffic and extract usernames and passwords of the FTP server. Which of the following tools will you use to accomplish the task?

  • A. SARA
  • B. NetStumbler
  • C. L0phtcrack
  • D. Ettercap

Answer: D

Explanation:
Section: Volume B


NEW QUESTION # 197
In which of the following scanning methods do Windows operating systems send only RST packets irrespective of whether the port is open or closed?

  • A. XMAS
  • B. TCP SYN
  • C. FTP bounce
  • D. TCP FIN

Answer: D


NEW QUESTION # 198
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to perform a stealth scan to discover open ports and applications running on the We-are-secure server. For this purpose, he wants to initiate scanning with the IP address of any third party. Which of the following scanning techniques will John use to accomplish his task?

  • A. RPC
  • B. TCP SYN/ACK
  • C. UDP
  • D. IDLE

Answer: D

Explanation:
Section: Volume C


NEW QUESTION # 199
You are pen testing a Windows system remotely via a raw netcat shell. You want to quickly change directories to where the Windows operating system resides, what command could you use?

  • A. cd systemroot
  • B. cd /systemroot/
  • C. cd %systemroot%
  • D. cd-

Answer: D


NEW QUESTION # 200
How can web server logs be leveraged to perform Cross-Site Scripting (XSSI?

  • A. XSS attacks cause web logs to become unreadable and therefore are an effective DOS attack.
  • B. When web logs are viewed in a terminal. XSS can escape to the shell and executecommands.
  • C. Web logs containing XSS may execute shell scripts when opened In a GUI textbrowser
  • D. If web logs are viewed in a web-based console, log entries containing XSS mayexecute on the browser.

Answer: D


NEW QUESTION # 201
An executive in your company reports odd behavior on her PDA. After investigation you discover that a trusted device is actually copying data off the PDA. The executive tells you that the behavior started shortly after accepting an e-business card from an unknown person. What type of attack is this?

  • A. Privilege Escalation
  • B. Bluesnarfing
  • C. Session Hijacking
  • D. PDA Hijacking

Answer: B


NEW QUESTION # 202
__________ firewall architecture uses two NICs with a screening router inserted between the host and the untrusted network.

  • A. Screened host
  • B. Dual homed host
  • C. Screened subnet
  • D. packet filtering

Answer: A


NEW QUESTION # 203
While scanning a remote system that is running a web server with a UDP scan and monitoring the scan with a sniffer, you notice that the target is responding with ICMP Port Unreachable only once a second What operating system is the target likely running?

  • A. Windows
  • B. Linux
  • C. Mac OS X
  • D. OpenBSD

Answer: B


NEW QUESTION # 204
What is the MOST important document to obtain before beginning any penetration testing?

  • A. Project plan
  • B. A written statement of permission
  • C. Exceptions document
  • D. Project contact list

Answer: A

Explanation:
Reference:
Before starting a penetration test, all targets must be identified. These targets should be obtained from the customer during the initial questionnaire phase. Targets can be given in the form of specific IP addresses, network ranges, or domain names by the customer. In some instances, the only target the customer provides is the name of the organization and expects the testers be able to identify the rest on their own. It is important to define if systems like firewalls and IDS/IPS or networking equipment that are between the tester and the final target are also part of the scope. Additional elements such as upstream providers, and other 3rd party providers should be identified and defined whether they are in scope or not.


NEW QUESTION # 205
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the Linux operating system. He wants to use a wireless sniffer to sniff the We-are-secure network. Which of the following tools will he use to accomplish his task?

  • A. Kismet
  • B. NetStumbler
  • C. WEPCrack
  • D. Snadboy's Revelation

Answer: A


NEW QUESTION # 206
John works as a Professional Ethical Hacker for we-are-secure Inc. The company is using a Wireless network. John has been assigned the work to check the security of WLAN of wearesecure.
For this, he tries to capture the traffic, however, he does not find a good traffic to analyze data. He has already discovered the network using the ettercap tool. Which of the following tools can he use to generate traffic so that he can crack the Wep keys and enter into the network?

  • A. Netstumbler
  • B. AirSnort
  • C. ICMP ping flood tool
  • D. Kismet

Answer: C


NEW QUESTION # 207
Which of the following worms performs random scanning?

  • A. Klez
  • B. SirCam
  • C. BugBear
  • D. Code red worm

Answer: D

Explanation:
Section: Volume D
Explanation/Reference:


NEW QUESTION # 208
You work as a Network Administrator for McNeil Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients. You are required to accomplish the following tasks:
* The wireless network communication should be secured.
* The laptop users should be able to use smart cards for getting authenticated.
* n order to accomplish the tasks, you take the following steps:
* Configure 802.1x and WEP for the wireless connections.
* Configure the PEAP-MS-CHAP v2 protocol for authentication.
What will happen after you have taken these steps?

  • A. The laptop users will be able to use smart cards for getting authenticated.
  • B. Both tasks will be accomplished.
  • C. The wireless network communication will be secured.
  • D. None of the tasks will be accomplished

Answer: C


NEW QUESTION # 209
Which of the following is the JavaScript variable used to store a cookie?

  • A. Browsercookie
  • B. Windowcookie
  • C. Document cookie
  • D. Session cookie

Answer: C

Explanation:
Explanation/Reference:
Reference:
http://www.w3schools.com/js/js_cookies.asp


NEW QUESTION # 210
......

Online Questions - Valid Practice GPEN Exam Dumps Test Questions: https://www.dumpsmaterials.com/GPEN-real-torrent.html

Latest GPEN Actual Free Exam Updated 405 Questions: https://drive.google.com/open?id=1-bHB2hS9LPJW0LFNBsmMwHony53LKXkM

Related Articles

more
GIAC GPEN Certification Practice Exam

DumpsMaterials dumps materials and dumps PDF will be your best choice. Please rest assured that our dumps materials and study materials will help you pass exams surely.

Latest Dumps Materials

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpsMaterials NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy