Free GPEN pdf Files With Updated and Accurate Dumps Training [Q107-Q128]

4.2/5 - (4 votes)

Free GPEN pdf Files With Updated and Accurate Dumps Training

Top-Class GPEN Question Answers Study Guide

Topics of GPEN Exam

Candidates must know the exam topics before they start of preparation. Because it will really help them in hitting the core. Our GPEN exam dumps will include the following topics:

Pentesting process
Vulnerability scanning
Pentesting foundations
Metasploit
Web application attacks
Initial target scanning
Pentesting using PowerShell
Password attacks
Exploitation fundamentals
enetration testing using the Windows command line
Reconnaissance
Scanning for targets
Web application reconnaissance
Advanced password attacks

QUESTION 107
You are pen testing a system and want to use Metasploit 3.X to open a listening port on the system so you can access it via a netcat shell. Which stager would you use to have the system listen on TCP port 50000?

Reverse.tcp

Bind.tcp

Fincltag.ord

Passivex

QUESTION 108
Which of the following are countermeasures to prevent unauthorized database access attacks?
Each correct answer represents a complete solution. Choose all that apply.

Removing all stored procedures

Input sanitization

Applying strong firewall rules

Session encryption

QUESTION 109
You are pen testing a Windows system remotely via a raw netcat shell. You want to get a listing of all the local users in the administrators group, what command would you use?

Net account administrators

Net user administrators

Net localgroup administrators

Net localuser administrators

QUESTION 110
Which of the following is the feature that separates the use of Rainbow Tables from other applications such as Cain or John the Ripper?

Salts are used to create massive password databases for comparison.

Applications take advantage of 64-bit CPU processor and multithread the crackingprocess.

Data Is aligned efficiently in the rainbow tables making the search process quicker

Raw hashed passwords are compared to pre-calculated hash tables.

QUESTION 111
Analyze the command output below. Given this information, which is the appropriate next step for the tester?
Starting Nmap4.53 (hnp://insecure.org I at2010-09-30 19:13 EDT interesting ports on 192.163.116.101:
PORT STATE SERVICE
130/tcp filtered cisco-fna
131/tcp filtered cisco-tna
132/tcp filtered cisco-sys
133/tcp filtered statsrv
134/tcp filtered Ingres-net
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp open netbios-ssn
140/tcp filtered emfis-data
MAC Address: 00:30:1&:B8:14:8B (Shuttle)
warning: OSS can results may be unreliable because we could not find at least l open and l closed port Device type, general purpose Running: Microsoft Windows XP OS details: Microsoft Windows XP SP2 Network Distance : 1 hop Nmap done: I IP address (I host up) scanned in l .263 seconds

Determine the MAC address of the scanned host.

Send a single SYN packet to port 139/tcp on the host.

Send spoofed packets to attempt to evade any firewall

Request a list of shares from the scanned host.

QUESTION 112
Which of the following is a method of gathering user names from a Linux system?

Displaying the owner information of system-specific binaries

Reviewing the contents of the system log files

Gathering listening services from the xinetd configuration files

Extracting text strings from the system password file

QUESTION 113
Which of the following can be used as a countermeasure to the rainbow password attack?

Using salt in the password

Using alphanumeric characters

Using hashed password

Using 8 character password

QUESTION 114
You run the following bash script in Linux:
for i in ‘cat hostlist.txt’ ;do nc -q 2 -v $i 80 < request.txt done where, hostlist.txt file contains the list of IP addresses and request.txt is the output file.
Which of the following tasks do you want to perform by running this script?

You want to perform port scanning to the hosts given in the IP address list.

You want to transfer file hostlist.txt to the hosts given in the IP address list.

You want to perform banner grabbing to the hosts given in the IP address list.

You want to put nmap in the listen mode to the hosts given in the IP address list.

QUESTION 115
Identify the network activity shown below;

A sweep of available hosts on the local subnet

A flood of the local switch’s CAM table.

An attempt to disassociate wireless clients.

An attempt to impersonate the local gateway

QUESTION 116
Which of the following is a WEP weakness that makes it easy to Inject arbitrary clear text packets onto a WEP network?

Reversible hashes use for IVs

Cryptographically weak CRC32 checksum

RC4 algorithm

Small key space

QUESTION 117
Which of the following options holds the strongest password?

Joe12is23good

$#164aviD^%

california

Admin1234

QUESTION 118
Which of the following is the frequency range to tune IEEE 802.11a network?

1.15-3.825 GHz

5.15-5.825 GHz

5.25-9.825 GHz

6.25-9.825 GHz

QUESTION 119
Which of the following is the most common method for an attacker to spoof email?

Back door

Replay attack

Man in the middle attack

Open relay

QUESTION 120
You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing.
Recently, your company has assigned you a project to test the security of the we-aresecure. com Web site. For this, you want to perform the idle scan so that you can get the ports open in the we-are-secure.com server. You are using Hping tool to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented on every query, regardless whether the ports are open or close. Sometimes, IPID is being incremented by more than one value. What may be the reason?

The zombie computer is the system interacting with some other system besides your comp uter.

The firewall is blocking the scanning process.

The zombie computer is not connected to the we-are-secure.com Web server.

Hping does not perform idle scanning.

QUESTION 121
You have compromised a Windows XP system and Injected the Meterpreter payload into the lsass process. While looking over the system you notice that there is a popular password management program on the system. When you attempt to access the file that contains the password you find it is locked. Further investigation reveals that it is locked by the passmgr process. How can you use the Meterpreter to get access to this file?

Use the getuid command to determine the user context the process is runningunder, then use the imp command to impersonate that user.

use the getpid command to determine the user context the process is runningunder, then use the Imp command to impersonate that user.

Use the execute command to the passmgr executable. That will give you access to the file.

Use the migrate command to jump to the passmgr process. That will give you accessto the file.

QUESTION 122
You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing.
Recently, your company has assigned you a project to test the security of the we-aresecure. com network.
Now, when you have finished your penetration testing, you find that the weare- secure.com server is highly vulnerable to SNMP enumeration. You advise the we-are-secure Inc. to turn off SNMP; however, this is not possible as the company is using various SNMP services on its remote nodes. What other step can you suggest to remove SNMP vulnerability?
Each correct answer represents a complete solution. Choose two.

Close port TCP 53.

Change the default community string names.

Upgrade SNMP Version 1 with the latest version.

Install antivirus.

QUESTION 123
While performing a code audit, you discover a SQL injection vulnerability assuming the following vulnerable query, what user input could be injected to make the query true and return data?
select * from widgets where name = ‘[user-input]’;

‘or 1=1

‘or l=l…

‘or 1=1–

‘or l=1’

QUESTION 124
Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?

Application layer

Link layer

Internet layer

Transport Layer

QUESTION 125
A penetration tester used a client-side browser exploit from metasploit to get an unprivileged shell prompt on the target Windows desktop. The penetration tester then tried using the getsystem command to perform a local privilege escalation which failed. Which of the following could resolve the problem?

Load priv module and try getsystem again

Run getuid command, then getpriv command, and try getsystem again

Run getuid command and try getsystem again

Use getprivs command instead of getsystem

QUESTION 126
Which of the following tools can be used by a user to hide his identity?
Each correct answer represents a complete solution. Choose all that apply.

IPchains

Rootkit

Proxy server

War dialer

Anonymizer

QUESTION 127
Which of the following tools can be used to perform brute force attack on a remote database?
Each correct answer represents a complete solution. Choose all that apply.

FindSA

SQLDict

nmap

SQLBF

QUESTION 128
When attempting to crack a password using Rainbow Tables, what is the output of the reduction function?

A new potential chain

A new potential table

A new potential password

A new potential hash