1. Home
  2. GIAC
  3. Security Administration
  4. GPEN
  5. GIAC Penetration Tester Questions and Answers

Pass the GIAC Security Administration GPEN Questions and answers with CertsForce

 GIAC Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 12 pages
Viewing questions 21-30 out of questions
Questions # 21:

Which of the following is possible in some SQL injection vulnerabilities on certain types of databases that affects the underlying server OS?

Options:
A.

Database structure retrieval

B.

Shell command execution

C.

Data manipulation

D.

Data query capabilities

Expert Solution
Questions # 22:

When attempting to crack a password using Rainbow Tables, what is the output of the reduction function?

Options:
A.

A new potential chain

B.

A new potential table

C.

A new potential password

D.

A new potential hash

Expert Solution
Questions # 23:

Which of the following TCP packet sequences are common during a SYN (or half-open) scan?

Options:
A.

The source computer sends SYN and the destination computer responds with RST

B.

The source computer sends SYN-ACK and no response Is received from the destination computer

C.

The source computer sends SYN and no response is received from the destination computer

D.

The source computer sends SYN-ACK and the destination computer responds with RST-ACK

E.

A,B and C

F.

A and C

G.

C and D

Expert Solution
Questions # 24:

If the privacy bit is set in the 802.11 header, what does it indicate?

Options:
A.

SSID cloaking is being used.

B.

Some form of encryption is In use.

C.

WAP is being used.

D.

Some form of PEAP is being used.

Expert Solution
Questions # 25:

You are pen testing a Linux target from your windows-based attack platform. You just moved a script file from the windows system to the Linux target, but it will not execute properly. What is the most likely problem?

Options:
A.

The byte length is different on the two machines

B.

End of-line characters are different on the two machines

C.

The file must have become corrupt during transfer

D.

ASCII character sets are different on the two machines

Expert Solution
Questions # 26:

Which Metasploit payload includes simple upload and download functionality for moving files to and from compromised systems?

Options:
A.

DLL inject

B.

Upexec

C.

Meterpreter

D.

Vncinject

Expert Solution
Questions # 27:

What section of the penetration test or ethical hacking engagement final report is used to detail and prioritize the results of your testing?

Options:
A.

Methodology

B.

Conclusions

C.

Executive Summary

D.

Findings

Expert Solution
Questions # 28:

You are conducting a penetration test for a private company located in the UK. The scope extends to all internal and external hosts controlled by the company. You have gathered necessary hold-harmless and non-disclosure agreements. Which action by your group can incur criminal liability under the computer Misuse Act of 1990?

Options:
A.

Sending crafted packets to internal hosts in an attempt to fingerprint the operatingsystems

B.

Recovering the SAM database of the domain server and attempting to crackpasswords

C.

Installing a password sniffing program on an employee's personal computer withoutconsent

D.

Scanning open ports on internal user workstations and exploiting vulnerableapplications

Expert Solution
Questions # 29:

What is the MOST important document to obtain before beginning any penetration testing?

Options:
A.

Project plan

B.

Exceptions document

C.

Project contact list

D.

A written statement of permission

Expert Solution
Questions # 30:

Which of the following is the second half of the LAN manager Hash?

Options:
A.

0xAAD3B435B51404BB

B.

0xAAD3B435B51404CC

C.

0xAAD3B435B51404EE

D.

0xAAD3B435B51404AA

Expert Solution
Viewing page 3 out of 12 pages
Viewing questions 21-30 out of questions