This page was exported from Testking Free Dumps [ http://blog.testkingfree.com ] Export date:Thu Jan 16 18:48:07 2025 / +0000 GMT ___________________________________________________ Title: Unique Top-selling GPEN Exams - New 2022 GIAC Pratice Exam [Q120-Q143] --------------------------------------------------- Unique Top-selling GPEN Exams - New 2022 GIAC Pratice Exam GIAC Information Security Dumps GPEN Exam for Full Questions - Exam Study Guide For more info visit: GPEN Exam Reference   NO.120 You work as a Network Administrator for Tech-E-book Inc. You are configuring the ISA Server2006 firewall to provide your company with a secure wireless intranet. You want to accept inbound mail delivery though an SMTP server. What basic rules of ISA Server do you need to configure to accomplish the task.  Network rules  Publishing rules  Mailbox rules  Access rules NO.121 You want to perform an active session hijack against Secure Inc. You have found a target that allows Telnet session. You have also searched an active session due to the high level of traffic on the network.What should you do next?  Use a sniffer to listen network traffic.  Guess the sequence numbers.  Use brutus to crack telnet password.  Use macoff to change MAC address. NO.122 Which of the following IEEE standards defines Wired Equivalent Privacy encryption scheme?  802.15  802.11b  802.11a  802.11g Section: Volume DNO.123 Every network device contains a unique built in Media Access Control (MAC) address, which is used to identify the authentic device to limit the network access. Which of the following addresses is a valid MAC address?  A3-07-B9-E3-BC-F9  F936.28A1.5BCD.DEFA  1011-0011-1010-1110-1100-0001  132.298.1.23 Section: Volume CNO.124 John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:Which of the following tools is John using to crack the wireless encryption keys?  Cain  Kismet  AirSnort  PsPasswd NO.125 Which of the following is a Windows-based tool that is used for the detection of wireless LANs using the IEEE802.11a, 802.11b, and 802.11g standards and also detects wireless networks marking their relative position with a GPS?  Ettercap  Tcpdump  Kismet  NetStumbler Section: Volume CNO.126 Which of the following methods can be used to detect session hijacking attack?  ntop  Brutus  nmap  sniffer Section: Volume CNO.127 John works as a Professional Ethical Hacker for we-are-secure Inc. The company is using a Wireless network.John has been assigned the work to check the security of WLAN of we-aresecure.For this, he tries to capture the traffic, however, he does not find a good traffic to analyze data. He has already discovered the network using the ettercap tool. Which of the following tools can he use to generate traffic so that he can crack the Wep keys and enter into the network?  ICMP ping flood tool  Kismet  Netstumbler  AirSnort Section: Volume CNO.128 Which of the following is the second half of the LAN manager Hash?  0xAAD3B435B51404BB  0xAAD3B435B51404CC  0xAAD3B435B51404EE  0xAAD3B435B51404AA Section: Volume DNO.129 A penetration tester used a client-side browser exploit from metasploit to get an unprivileged shell prompt on the target Windows desktop. The penetration tester then tried using the getsystem command to perform a local privilege escalation which failed. Which of the following could resolve the problem?  Load priv module and try getsystem again  Run getuid command, then getpriv command, and try getsystem again  Run getuid command and try getsystem again  Use getprivs command instead of getsystem NO.130 Which of the following tools can be used to enumerate networks that have blocked ICMP Echo packets, however, failed to block timestamp or information packet or not performing sniffing of trusted addresses, and it also supports spoofing and promiscuous listening for reply packets?  Nmap  Zenmap  Icmpenum  Nessus NO.131 Which of the following are considered Bluetooth security violations?Each correct answer represents a complete solution. Choose two.  Cross site scripting attack  SQL injection attack  Bluesnarfing  Bluebug attack  Social engineering NO.132 Which of following tasks can be performed when Nikto Web scanner is using a mutation technique?Each correct answer represents a complete solution. Choose all that apply.  Guessing for password file names.  Sending mutation payload for Trojan attack.  Testing all files with all root directories.  Enumerating user names via Apache. Section: Volume BNO.133 You are concerned about rogue wireless access points being connected to your network. What is the best way to detect and prevent these?  Site surveys  Protocol analyzers  Network anti-spyware software  Network anti-virus software NO.134 You have compromised a Windows workstation using Metasploit and have injected the Meterpreter payload into the svchost process. After modifying some files to set up a persistent backdoor you realize that you will need to change the modified and access times of the files to ensure that the administrator can’t see the changes you made. Which Meterpreter module would you need to load in order to do this?  Core  Priv  Stdapi  Browser NO.135 Which of the following tools allows you to download World Wide Web sites from the Internet to a local computer?  Netcraft  HTTrack  Netstat  Cheops-ng Section: Volume CNO.136 Which of the following is NOT an example of passive footprinting?  Scanning ports.  Analyzing job requirements.  Querying the search engine.  Performing the whois query. Section: Volume DExplanation/Reference:NO.137 Which of the following syntaxes is the correct syntax for the master.dbo.sp_makewebtask procedure?  sp_makewebtask [@inputfile =] ‘inputfile’, [@query =] ‘query’  sp_makewebtask [@outputfile =] ‘outputfile’, [@query =] ‘query’  sp_makewebtask [@query =] ‘query’, [@inputfile =] ‘inputfile’  sp_makewebtask [@query =] ‘query’, [@outputfile =] ‘outputfile’ NO.138 Which of the following is possible in some SQL injection vulnerabilities on certain types of databases that affects the underlying server OS?  Database structure retrieval  Shell command execution  Data manipulation  Data query capabilities Explanation/Reference:Reference:http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/NO.139 You are running a vulnerability scan on a remote network and the traffic Is not making It to the target system. You investigate the connection issue and determine that the traffic is making it to the internal interface of your network firewall, but not making. It to the external Interface or to any systems outside your firewall. What is the most likely problem?  Your network firewall is blocking the traffic  The NAT or pat tables on your network based firewall are filling up and droppingthe traffic  A host based firewall is blocking the traffic  Your ISP Is blocking the traffic NO.140 John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:Which of the following tools is John using to crack the wireless encryption keys?  AirSnort  PsPasswd  Cain  Kismet Section: Volume BNO.141 Which of the following worms performs random scanning?  BugBear  SirCam  Code red worm  Klez Section: Volume DNO.142 Which of the following tools can be used by a user to hide his identity?Each correct answer represents a complete solution. Choose all that apply.  IPchains  Rootkit  Proxy server  War dialer  Anonymizer NO.143 Which of the following describe the benefits to a pass-the-hash attack over traditional password cracking?  No triggering of IDS signatures from the attack privileges at the level of theacquired password hash and no corruption of the LSASS process.  No triggering of IDS signatures from the attack, no account lockout and use ofnative windows file and print sharing tools on the compromised system.  No account lockout, privileges at the level of the acquired password hash and useof native windows file and print Sharif tools on the compromised system.  No account lockout, use of native file and print sharing tools on the compromisedsystem and no corruption of the LSASS process. Section: Volume A Loading … Best way to practice test for GIAC GPEN: https://www.testkingfree.com/GIAC/GPEN-practice-exam-dumps.html --------------------------------------------------- Images: https://blog.testkingfree.com/wp-content/plugins/watu/loading.gif https://blog.testkingfree.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-06-25 11:06:08 Post date GMT: 2022-06-25 11:06:08 Post modified date: 2022-06-25 11:06:08 Post modified date GMT: 2022-06-25 11:06:08