Breathing of GPEN torrent materials and latest exam for GIAC certification for examinee, Real Success Guaranteed with Updated GPEN pdf dumps vce Materials. 100% PASS GIAC Certified Penetration Tester exam Today!

Free GPEN Demo Online For GIAC Certifitcation:

NEW QUESTION 1

Which of the following are considered Bluetooth security violations?
Each correct answer represents a complete solution. Choose two.

  • A. SQL injection attack
  • B. Cross site scripting attack
  • C. Bluebug attack
  • D. Bluesnarfing
  • E. Social engineering

Answer: CD

NEW QUESTION 2

A penetration tester obtains telnet access to a target machine using a captured credential. While trying to transfer her exploit to the target machine, the network intrusion detection
systems keeps detecting her exploit and terminating her connection. Which of the following actions will help the penetration tester transfer an exploit and compile it in the target system?

  • A. Use the http service's PUT command to push the file onto the target machin
  • B. Use the scp service, protocol SSHv2 to pull the file onto the target machin
  • C. Use the telnet service's ECHO option to pull the file onto the target machine
  • D. Use the ftp service in passive mode to push the file onto the target machin

Answer: D

NEW QUESTION 3

What concept do Rainbow Tables use to speed up password cracking?

  • A. Fast Lookup Crack Tables
  • B. Memory Swap Trades
  • C. Disk Recall Cracking
  • D. Time-Memory Trade-off

Answer: D

Explanation:
Reference:
http://en.wikipedia.org/wiki/Space%E2%80%93time_tradeoff

NEW QUESTION 4

In which of the following attacking methods does an attacker distribute incorrect IP address?

  • A. IP spoofing
  • B. Mac flooding
  • C. Man-in-the-middle
  • D. DNS poisoning

Answer: D

NEW QUESTION 5

You are concerned about war driving bringing hackers attention to your wireless network. What is the most basic step you can take to mitigate this risk?

  • A. Implement WEP
  • B. Implement WPA
  • C. Don't broadcast SSID
  • D. Implement MAC filtering

Answer: C

NEW QUESTION 6

One of the sales people in your company complains that sometimes he gets a lot of unsolicited messages on his PDA. After asking a few questions, you determine that the issue only occurs in crowded areas like airports. What is the most likely problem?

  • A. A virus
  • B. Spam
  • C. Blue jacking
  • D. Blue snarfing

Answer: C

NEW QUESTION 7

Which of the following Penetration Testing steps includes network mapping and OS fingerprinting?

  • A. Gather information
  • B. Exploit
  • C. Verify vulnerabilities
  • D. Planning stage

Answer: A

NEW QUESTION 8

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com network. Now, when you have finished your penetration testing, you find that the weare- secure.com server is highly vulnerable to SNMP enumeration. You advise the we-are-secure Inc. to turn off SNMP; however, this is not possible as the company is using various SNMP services on its remote nodes. What other step can you suggest to remove SNMP vulnerability?
Each correct answer represents a complete solution. Choose two.

  • A. Close port TCP 53.
  • B. Change the default community string name
  • C. Upgrade SNMP Version 1 with the latest versio
  • D. Install antiviru

Answer: BC

NEW QUESTION 9
CORRECT TEXT
Fill in the blank with the appropriate tool name.
__________is a wireless network cracking tool that exploits the vulnerabilities in the RC4 Algorithm, which comprises the WEP security parameters.

  • A.

Answer: WEPcrack

NEW QUESTION 10

Why is OSSTMM beneficial to the pen tester?

  • A. It provides a legal and contractual framework for testing
  • B. It provides in-depth knowledge on tools
  • C. It provides report templates
  • D. It includes an automated testing engine similar to Metasploit

Answer: C

Explanation:
Reference:
http://www.pen-tests.com/open-source-security-testing-methodology-manual-osstmm.html

NEW QUESTION 11

In which of the following attacks is a malicious packet rejected by an IDS, but accepted by the host system?

  • A. Insertion
  • B. Evasion
  • C. Fragmentation overwrite
  • D. Fragmentation overlap

Answer: B

NEW QUESTION 12

Which of the following is a tool for SSH and SSL MITM attacks?

  • A. Ettercap
  • B. Cain
  • C. Dsniff
  • D. AirJack

Answer: C

NEW QUESTION 13

Which of the following tools is a wireless sniffer and analyzer that works on the Windows operating system?

  • A. Void11
  • B. Airsnort
  • C. Kismet
  • D. Aeropeek

Answer: D

NEW QUESTION 14

Which of the following tools allow you to perform HTTP tunneling?
Each correct answer represents a complete solution. Choose all that apply.

  • A. BackStealth
  • B. Tunneled
  • C. Nikto
  • D. HTTPort

Answer: ABD

NEW QUESTION 15

Where are Netcat's own network activity messages, such as when a connection occurs, sent?

  • A. Standard Error
  • B. Standard input
  • C. Standard Logfile
  • D. Standard Output

Answer: A

Explanation:
Reference:
http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

NEW QUESTION 16
......

Recommend!! Get the Full GPEN dumps in VCE and PDF From Dumps-hub.com, Welcome to Download: https://www.dumps-hub.com/GPEN-dumps.html (New 385 Q&As Version)