GPEN Exam Questions

Which of the following can be used as a countermeasure to the rainbow password attack?

Which of the following encryption encoding techniques is used in the basic authentication method?

Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?

John works as a professional Ethical Hacker. He has been assigned the project of testing the attacks. As a countermeasure, he suggests that the Network Administrator should remove...

Which of the following tools is used for the 802.11 HTTP, HTTPS based MITM attacks?

What happens when you scan a broadcast IP address of a network? Each correct answer represents a complete solution. Choose all that apply.

Which of the following tools can be used to perform Windows password cracking, Windows enumeration, and VoIP session sniffing?

John works as a Professional Penetration Tester. He has been assigned a project to test the enters='or''=' as a username and successfully logs on to the user page of the Web site....

Which of the following attacks can be overcome by applying cryptography?

Which of the following tools uses exploits to break into remote operating systems?

Which of the following penetration testing phases involves gathering data from whois, DNS, and network scanning, which helps in mapping a target network and provides valuable infor...

John works as a Penetration Tester in a security service providing firm named you-are-secure Inc. Recently, John's company has got a project to test the security of a promotional W...

Which of the following is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards and also detects wireless netw...

Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary attack?

Which of the following attacks allows an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether?

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security o...

You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security o...

Which of the following tools is used to verify the network structure packets and confirm that the packets are constructed according to specification?

You have just set up a wireless network for customers at a coffee shop. Which of the following are good security measures to implement? Each correct answer represents a complete so...

You work as an Administrator for Bluesky Inc. The company has 145 Windows XP Professional client computers and eighty Windows 2003 Server computers. You want to install a security...

You run the following PHP script: <?php $name = mysql_real_escape_string($_POST["name"]); $password = mysql_real_escape_string($_POST["password"]);?> What is the use of the mysql_r...

You run the following bash script in Linux: for i in 'cat hostlist.txt' ;do nc -q 2 -v $i 80 < request.txt done where, hostlist.txt file contains the list of IP addresses and reque...

You want to perform an active session hijack against Secure Inc. You have found a target that allows Telnet session. You have also searched an active session due to the high level...

Which of the following statements are true about firewalking? Each correct answer represents a complete solution. Choose all that apply.

Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?

John works as a professional Ethical Hacker. He has been assigned the project of testing the description of the tool is as follows: Which of the following tools is John using to cr...

What happens when you scan a broadcast IP address of a network? Each correct answer represents a complete solution. Choose all that apply.

You have forgotten your password of an online shop. The web application of that online shop asks you to enter your email so that they can send you a new password. You enter your em...

You want to scan your network quickly to detect live hosts by using ICMP ECHO Requests. What type of scanning will you perform to accomplish the task?

In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain from a DNS server. The information provided by the DNS zone can h...

This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows...

John works as a professional Ethical Hacker. He has been assigned the project of testing the phases while testing the security of the server: Footprinting Scanning Now he wants to...

You want to search the Apache Web server having version 2.0 using google hacking. Which of the following search queries will you use?

The employees of EWS Inc. require remote access to the company's Web servers. In order to provide solid wireless security, the company uses EAP-TLS as the authentication protocol....

Which of the following tools can be used as a Linux vulnerability scanner that is capable of identifying operating systems and network services? Each correct answer represents a co...

In which of the following attacks does an attacker use packet sniffing to read network traffic between two parties to steal the session cookie?

Which of the following Nmap commands is used to perform a UDP port scan?

John works as an Ethical Hacker for uCertify Inc. He wants to find out the ports that are open in uCertify's server using a port scanner. However, he does not want to establish a f...

Which of following tasks can be performed when Nikto Web scanner is using a mutation technique? Each correct answer represents a complete solution. Choose all that apply.

You are sending a file to an FTP server. The file will be broken into several pieces of information packets (segments) and will be sent to the server. The file will again be reasse...

Which of the following is the frequency range to tune IEEE 802.11a network?

Which of the following tools monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools?

Adam works as a professional Computer Hacking Forensic Investigator. He wants to investigate a suspicious email that is sent using a Microsoft Exchange server. Which of the followi...

You work as a Web developer in the IBM Inc. Your area of proficiency is PHP. Since you have proper knowledge of security, you have bewared from rainbow attack. For mitigating this...

You are concerned about war driving bringing hackers attention to your wireless network. What is the most basic step you can take to mitigate this risk?

John works as a professional Ethical Hacker. He has been assigned the project of testing the wireless sniffer to sniff the We-are-secure network. Which of the following tools will...

You work as a Network Penetration tester in the Secure Inc. Your company takes the projects to test the security of various companies. Recently, Secure Inc. has assigned you a proj...

John works as a professional Ethical Hacker. He has been assigned a project to test the security server. The output of the scanning test is as follows: C:\whisker.pl -h target_IP_a...

Ryan wants to create an ad hoc wireless network so that he can share some important files with another employee of his company. Which of the following wireless security protocols s...