GIAC Certified Penetration Tester (GPEN) Free Practice Test

Question 1

A client has asked for a vulnerability scan on an internal network that does not have internet access. The rules of engagement prohibits any outside connection for the Nessus scanning machine. The customer has asked you to scan for a new critical vulnerability, which was released after the testing started, winch of the following methods of updating the Nessus plugins does not violate the rules of engagement?

A. Proceed with the test and note the limitation of updating the plugins

B. Connect the scanning machine via wireless bridge and download the updateddirectly

C. Change the routing and connect through an alternative gateway

D. Download the updates on an alternative machine and manually load on scanningmachine

Correct Answer: D

Question 2

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. On the We-are-secure login page, he enters ='or''=' as a username and successfully logs in to the user page of the Web site. The We-are-secure login page is vulnerable to a __________.

A. Replay attack

B. Dictionary attack

C. Land attack

D. SQL injection attack

Correct Answer: D

Question 3

A junior penetration tester at your firm is using a non-transparent proxy for the first time to test a web server. He sees the web site In his browser but nothing shows up In the proxy. He tells you that he just installed the non-transparent proxy on his computer and didn't change any defaults.
After verifying the proxy is running, you ask him to open up his browser configuration, as shown in the figure, which of the following recommendations will correctly allow him to use the transparent proxy with his browser?

A. He should change the PORT: value to match the port used by the non-transparentproxy.

B. He should select the checkbox "use this proxy server for all protocols" for theproxy to function correctly.

C. He should select NO PROXY instead of MANUAL PROXY CONFIGURATION as thissetting is only necessary to access the Internet behind protected networks.

D. He should change the HTTP PROXY value to 127.0.0.1 since the non-transparentproxy is running on the same machine as the browser.

Correct Answer: D

Question 4

How can a non-privileged user on a Unix system determine if shadow passwords are being used?

A. Read /etc/shadow and look for "x" or "II" in the second colon-delimited field

B. Read /etc/password and look for "x" or "II" in the second colon-delimited field

C. Read /etc/shadow and look NULL values In the second comma delimited field

D. Verify that /etc/password has been replaced with /etc/shadow

Correct Answer: A

Question 5

Which of the following scanning methods is most accurate and reliable, although it is easily detectable and hence avoided by a hacker?

A. TCP SYN/ACK

B. TCP half-open

C. Xmas Tree

D. TCP FIN

Correct Answer: A

Question 6

Which of the following can be used as a countermeasure to the rainbow password attack?

A. Using 8 character password

B. Using alphanumeric characters

C. Using salt in the password

D. Using hashed password

Correct Answer: C

Question 7

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. He enters a single quote in the input field of the login page of the Weare- secure Web site and receives the following error message:
Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14'
This error message shows that the We-are-secure Website is vulnerable to __________.

A. A SQL injection attack

B. A buffer overflow

C. A Denial-of-Service attack

D. An XSS attack

Correct Answer: A

Question 8

Which of the following tools is an example of HIDS?

A. Auditpol.exe

B. Elsave

C. Anti-Spector

D. Log File Monitor

Correct Answer: D

Question 9

Why is it important to have a cheat sheet reference of database system tables when performing SQL Injection?

A. The information in these tables will reveal details about the web application's code.

B. This is where sites typically store sensitive information such as credit card numbers.

C. These tables contain metadata that can be queried to gain additional helpful information.

D. These tables contain a list of allowed database applications

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

You want to search the Apache Web server having version 2.0 using google hacking. Which of the following search queries will you use?

A. intitle:Sample.page.for.Apache Apache.Hook.Function

B. intitle:"Test Page for Apache Installation" "You are free"

C. intitle:test.page "Hey, it worked !" "SSl/TLS aware"

D. intitle:"Test Page for Apache Installation" "It worked!"

Correct Answer: A

Question 11

Which of the following is the JavaScript variable used to store a cookie?

A. Browsercookie

B. Session cookie

C. Windowcookie

D. Document cookie

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 12

Which of the following tasks is NOT performed into the enumeration phase?

A. Obtaining Active Directory information and identifying vulnerable user accounts

B. Establishing NULL sessions and queries

C. Injecting a backdoor to the remote computer to gain access in it remotely

D. Discovering NetBIOS names

Correct Answer: C

Question 13

Which of the following is the second half of the LAN manager Hash?

A. 0xAAD3B435B51404AA

B. 0xAAD3B435B51404CC

C. 0xAAD3B435B51404EE

D. 0xAAD3B435B51404BB

Correct Answer: C

Question 14

Which of the following attacks can be overcome by applying cryptography?

A. DoS

B. Web ripping

C. Buffer overflow

D. Sniffing

Correct Answer: D

Welcome to TestSimulate

GIAC Certified Penetration Tester (GPEN) Free Practice Test