GPEN Exam Questions

Which of the following are the scanning methods used in penetration testing? Each correct answer represents a complete solution. Choose all that apply.

An executive in your company reports odd behavior on her PDA. After investigation you discover that a trusted device is actually copying data off the PDA. The executive tells you t...

John works as a professional Ethical Hacker. He has been assigned a project to test the security local disk and obtains all the files on the Web site. Which of the following techni...

Which of the following statements is true about the Digest Authentication scheme?

Which of the following tools is used to verify the network structure packets and confirm that the packets are constructed according to specification?

Which of the following is NOT an example of passive footprinting?

You work as a Network Administrator for Infosec Inc. Nowadays, you are facing an unauthorized access in your Wi-Fi network. Therefore, you analyze a log that has been recorded by y...

Which of the following options holds the strongest password?

Which of the following encryption modes are possible in WEP? Each correct answer represents a complete solution. Choose all that apply.

Which of the following tools can be used to perform brute force attack on a remote database? Each correct answer represents a complete solution. Choose all that apply.

Which of the following statements are true about WPA? Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the limitations for the cross site request forgery (CSRF) attack? Each correct answer represents a complete solution. Choose all that apply.

You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will you take to accomplish the task? Each correct answer represents a complete...

Which of the following tools can be used to read NetStumbler's collected data files and present street maps showing the logged WAPs as icons, whose color and shape indicates WEP mo...

Which of the following types of cyber stalking damage the reputation of their victim and turn other people against them by setting up their own Websites, blogs or user pages for th...

Which of the following statements are true about MS-CHAPv2? Each correct answer represents a complete solution. Choose all that apply.

You work as a Network Administrator for Net World International. The company has a Windows Active Directory-based single domain single forest network. The functional level of the f...

Which of the following ports will you scan to search for SNMP enabled devices in the network?

Which of the following attacks is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them...

In which of the following scanning techniques does a scanner connect to an FTP server and request that server to start data transfer to the third system?

Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?

When you conduct the XMAS scanning using Nmap, you find that most of the ports scanned do not give a response. What can be the state of these ports?

You work as a Desktop Technician in we-are-secure.com Inc. Due to some misunderstanding you are terminated from the company. You feel that you were wrongly terminated. Due to this,...

Which of the following can be the countermeasures to prevent NetBIOS NULL session enumeration in Windows 2000 operating systems? Each correct answer represents a complete solution....

Which TCP and UDP ports can be used to start a NULL session attack in NT and 2000 operating systems?

John works as a professional Ethical Hacker. He is assigned a project to test the security of you want to perform the next information-gathering step, i.e., passive OS fingerprinti...

Which of the following tools can be used for cracking the password of Server Message Block (SMB)? Each correct answer represents a complete solution. Choose all that apply.

The employees of CCN Inc. require remote access to the company's proxy servers. In order to provide solid wireless security, the company uses LEAP as the authentication protocol. W...

Which of the following TCP flags shows that the system is forwarding the buffered data?

Which of the following functions can be used as a countermeasure to a Shell Injection attack? Each correct answer represents a complete solution. Choose all that apply.

You want to obtain the Information of a Web server, whose IP address range comes in the IP address range used in Brazil. Which of the following registries can be used to get inform...

Which of the following tools is used to make fake authentication certificates?

Which of the following functions can you use to mitigate a command injection attack? Each correct answer represents a complete solution. Choose all that apply.

Which of the following programming languages are NOT vulnerable to buffer overflow attacks? Each correct answer represents a complete solution. Choose two.

You work as a Computer Hacking Forensic Investigator for SecureNet Inc. You want to investigate Cross-Site Scripting attack on your company's Website. Which of the following method...

You want that some of your Web pages should not be crawled. Which one of the following options will you use to accomplish the task?

Which of the following attacks allows the bypassing of access control lists on servers or routers, and helps an attacker to hide? Each correct answer represents a complete solution...

What is the maximum limit of the file size that a user can upload according to the code snippet given below? <form enctype="multipart/form-data" action="index.php" method="post"> <...

Which of the following tools uses exploits to break into remote operating systems?

In which of the following scanning methods does an attacker send the spoofed IP address to send a SYN packet to the target?

You work as a Network Administrator for Tech Perfect Inc. The company requires a secure wireless network. To provide security, you are configuring ISA Server 2006 as a firewall. Wh...

John works as a contract Ethical Hacker. He has recently got a project to do security checking for in the information gathering step. Which of the following commands will he use to...

You enter the following URL on your Web browser: af../windows/system32/cmd.exe?/c+dir+c:\ What kind of attack are you performing?

Which of the following is a valid google searching operator that is used to search a specified file type?

Which of the following can be used to mitigate the evil twin phishing attack?

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters...

Which of the following protocols is the mandatory part of the WPA2 standard in the wireless networking?

You want to get the Windows administrator account even when it is renamed. Which of the following tools will you use?

Which of the following can be used to perform session hijacking? Each correct answer represents a complete solution. Choose all that apply.

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest i...