GPEN Exam Questions

Analyze the command output below. Given this information, which is the appropriate next step for the tester? Starting Nmap4.53 (hnp://insecure.org I at2010-09-30 19:13 EDT interest...

The resulting business impact, of the penetration test or ethical hacking engagement is explained in what section of the final report?

You have been contracted to map me network and try to compromise the servers for a client. Which of the following would be an example of scope creep' with respect to this penetrati...

You are running a vulnerability scan on a remote network and the traffic Is not making It to the target system. You investigate the connection issue and determine that the traffic...

Identify the network activity shown below;

You have compromised a Windows workstation using Metasploit and have injected the Meterpreter payload into the svchost process. After modifying some files to set up a persistent ba...

How can web server logs be leveraged to perform Cross-Site Scripting (XSSI?

What is the impact on pre-calculated Rainbow Tables of adding multiple salts to a set of passwords?

You are done pen testing a Windows system and need to clean up some of the changes you have made. You created an account `pentester' on the system, what command would you use to de...

Your company has decided that the risk of performing a penetration test Is too great. You would like to figure out other ways to find vulnerabilities on their systems, which of the...

Analyze the command output below, what action is being performed by the tester?

Raw netcat shells and telnet terminals share which characteristic?

How can a non-privileged user on a Unix system determine if shadow passwords are being used?

When DNS is being used for load balancing, why would a penetration tester choose to identify a scan target by its IP address rather than its host name?

What problem occurs when executing the following command from within a netcat raw shell? sudo cat /etc/shadow

You are pen testing a Windows system remotely via a raw netcat shell. You want to get a listing of all the local users in the administrators group, what command would you use?

Analyze the screenshot below. What type of vulnerability is being attacked?

You have compromised a Windows workstation using Metasploit and have injected the Meterpreter payload into the smss process. You want to dump the SAM database of the remote system...

Which of the following is the feature that separates the use of Rainbow Tables from other applications such as Cain or John the Ripper?

You suspect that system administrators In one part of the target organization are turning off their systems during the times when penetration tests are scheduled, what feature coul...

You are conducting a penetration test for a private contractor located in Singapore. The scope extends to all internal hosts controlled by the company, you have gathered necessary...

Which of the following is a WEP weakness that makes it easy to Inject arbitrary clear text packets onto a WEP network?

During a penetration test we determine that TCP port 22 is listening on a target host. Knowing that SSHD is the typical service that listens on that port we attempt to validate tha...

Which type of Cross-Sire Scripting (XSS> vulnerability is hardest for automated testing tools to detect, and for what reason?

You are using the Nmap Scripting Engine and want detailed output of the script as it runs. Which option do you include in the command string?

What is the purpose of the following command? C:\>wmic /node:[target IP] /user:[admin-user] /password:[password] process call create [command]

Approximately how many packets are usually required to conduct a successful FMS attack onWEP?

What is the most likely cause of the responses on lines 10 and 11 of the output below?

A penetration tester wishes to stop the Windows Firewall process on a remote host running Windows Vista She issues the following commands: A check of the remote host indicates that...

By default Active Directory Controllers store password representations in which file?

192.168.116.9 Is an IP address forvvww.scanned-server.com. Why are the results from the two scans, shown below, different?

You have been contracted to perform a black box pen test against the Internet facing servers for a company. They want to know, with a high level of confidence, if their servers are...

You successfully compromise a target system's web application using blind command injection. The command you injected is ping-n 1 192.168.1.200. Assuming your machine is 192.168.1...

When a DNS server transfers its zone file to a remote system, what port does it typically use?

Which of the following modes describes a wireless interface that is configured to passively grab wireless frames from one wireless channel and pass them to the operating system?

In the screen shot below, which selections would you need click in order to intercept and alter all http traffic passing through OWASP ZAP?

Which of the following file transfer programs will automatically convert end-of line characters between different platforms when placed in ASCII Mode?

Analyze the command output below. What information can the tester infer directly from the Information shown?

All of the following are advantages of using the Metasploitpriv module for dumping hashes from a local Windows machine EXCEPT:

What command will correctly reformat the Unix passwordcopy and shadowcopy Tiles for input to John The Ripper?

Which of the following best explains why you would warn to clear browser slate (history. cache, and cookies) between examinations of web servers when you've been trapping and alter...

You are performing a wireless penetration lest and are currently looking for rogue access points in one of their large facilities. You need to select an antenna that you can setup...

Analyze the command output below. What information can the tester infer directly from the information shown?

What concept do Rainbow Tables use to speed up password cracking?

When sniffing wireless frames, the interface mode plays a key role in successfully collecting traffic. Which of the mode or modes are best used for sniffing wireless traffic?

Given the following Scapy information, how is default Layer 2 information derived?

A customer has asked for a scan or vulnerable SSH servers. What is the penetration tester attempting to accomplish using the following Nmap command?

While performing an assessment on a banking site, you discover the following link: hnps://mybank.com/xfer.aspMer_toMaccount_number]&amount-[dollars] Assuming authenticated banking...

You are conducting a penetration test for a private company located in the UK. The scope extends to all internal and external hosts controlled by the company. You have gathered nec...

While performing a code audit, you discover a SQL injection vulnerability assuming the following vulnerable query, what user input could be injected to make the query true and retu...