GIAC Penetration Tester: GPEN Exam
GPEN Questions & Answers
Exam Code: GPEN
Exam Name: GIAC Penetration Tester
Q & A: 384 Q&As
QUESTION 1
Which of the following are the scanning methods used in penetration testing?
Each correct answer represents a complete solution. Choose all that apply.
A. Vulnerability
B. Port
C. Network
D. Services
Answer: ABC
QUESTION 2
An executive in your company reports odd behavior on her PDA. After investigation you discover
that a trusted device is actually copying data off the PDA. The executive tells you that the
behavior started shortly after accepting an e-business card from an unknown person. What type
of attack is this?
A. Session Hijacking
B. PDA Hijacking
C. Privilege Escalation
D. Bluesnarfing
Answer: D
QUESTION 3
John works as a professional Ethical Hacker. He has been assigned a project to test the security
of www.we-are-secure.com. He copies the whole structure of the We-are-secure Web site to the
local disk and obtains all the files on the Web site. Which of the following techniques is he using
to accomplish his task?
A. TCP FTP proxy scanning
B. Eavesdropping
C. Web ripping
D. Fingerprinting
Answer: C
QUESTION 4
Which of the following statements is true about the Digest Authentication scheme?
A. In this authentication scheme, the username and password are passed with every request,
not just when the user first types them.
B. A valid response from the client contains a checksum of the username, the password, the
given random value, the HTTP method, and the requested URL.
C. The password is sent over the network in clear text format.
D. It uses the base64 encoding encryption scheme.
Answer: B
QUESTION 5
Which of the following tools is used to verify the network structure packets and confirm that the
packets are constructed according to specification?
A. EtherApe
B. Snort decoder
C. AirSnort
D. snort_inline
Answer: B
QUESTION 6
Which of the following is NOT an example of passive footprinting?
A. Scanning ports.
B. Analyzing job requirements.
C. Performing the whois query.
D. Querying the search engine.
Answer: A
QUESTION 7
You work as a Network Administrator for Infosec Inc. Nowadays, you are facing an unauthorized
access in your Wi-Fi network. Therefore, you analyze a log that has been recorded by your
favorite sniffer, Ethereal. You are able to discover the cause of the unauthorized access after
noticing the following string in the log file:
(Wlan.fc.type_subtype eq 32 and llc.oui eq 0x00601d and llc.pid eq 0x0001)
When you find All your 802.11b are belong to us as the payload string, you are convinced about
which tool is being used for the unauthorized access. Which of the following tools have you
ascertained?
A. AirSnort
B. Kismet
C. AiroPeek
D. NetStumbler
Answer: D
QUESTION 8
Which of the following options holds the strongest password?
A. california
B. $#164aviD^%
C. Admin1234
D. Joe12is23good
Answer: B
QUESTION 9
Which of the following encryption modes are possible in WEP?
Each correct answer represents a complete solution. Choose all that apply.
A. No encryption
B. 256 bit encryption
C. 128 bit encryption
D. 40 bit encryption
Answer: ACD
QUESTION 10
Which of the following tools can be used to perform brute force attack on a remote database?
Each correct answer represents a complete solution. Choose all that apply.
A. FindSA
B. SQLDict
C. nmap
D. SQLBF
Answer: ABD
…go to http://www.lead2pass.com/gpen.html to download the lastest full version.