GPEN Exam Questions

You have compromised a Windows XP system and Injected the Meterpreter payload into the lsass process. While looking over the system you notice that there is a popular password mana...

When attempting to crack a password using Rainbow Tables, what is the output of the reduction function?

You are performing a vulnerability assessment using Nessus and your clients printers begin printing pages of random text and showing error messages. The client is not happy with th...

As pan or a penetration lest, your team is tasked with discovering vulnerabilities that could be exploited from an inside threat vector. Which of the following activities fall with...

Which of the following is the number of bits of encryption that 64-bit Wired Equivalent Privacy (WEP) effectively provides?

Which of the following is a method of gathering user names from a Linux system?

While scanning a remote system that is running a web server with a UDP scan and monitoring the scan with a sniffer, you notice that the target is responding with ICMP Port Unreacha...

Based on the partial appdefstrig rile listed below, which port scan signature is classified by AMap as harmful?

Why is OSSTMM beneficial to the pen tester?

You have connected to a Windows system remotely and have shell access via netcat. While connected to the remote system you notice that some Windows commands work normally while oth...

If the privacy bit is set in the 802.11 header, what does it indicate?

You suspect that a firewall or IPS exists between you and the target machine. Which nmap option will elicit responses from some firewalls and IPSs while being silently dropped by t...

A client has asked for a vulnerability scan on an internal network that does not have internet access. The rules of engagement prohibits any outside connection for the Nessus scann...

You are pen testing a network and have shell access to a machine via Netcat. You try to use ssh to access another machine from the first machine. What is the expected result?

A pen tester is able to pull credential information from memory on a Windows system. Based on the command and output below, what advantage does this technique give a penetration te...

During a penetration test you discover a valid set of SSH credentials to a remote system. How can this be used to your advantage in a Nessus scan?

Where are Netcat's own network activity messages, such as when a connection occurs, sent?

You've been contracted by the owner of a secure facility to try and break into their office in the middle of the night. Your client requested photographs of any sensitive informati...

Which of the following is possible in some SQL injection vulnerabilities on certain types of databases that affects the underlying server OS?

You are pen testing a system and want to use Metasploit 3.X to open a listening port on the system so you can access it via a netcat shell. Which stager would you use to have the s...

Which of the following best describes a server side exploit?

You are conducting a penetration test for a private company located in Canada. The scope extends to all internal-facing hosts controlled by the company. You have gathered necessary...

What is the purpose of die following command: nc.exe -I -p 2222 -e cmd.exe

A tester has been contracted to perform a penetration test for a corporate client. The scope of the test is limited to end-user workstations and client programs only. Which of die...

Why is it important to have a cheat sheet reference of database system tables when performing SQL Injection?

Analyze the command output below. What action is being performed by the tester?

How does OWASP ZAP function when used for performing web application assessments?

You've been asked to test a non-transparent proxy lo make sure it is working. After confirming the browser is correctly pointed at the proxy, you try to browse a web site. The brow...

A penetration tester used a client-side browser exploit from metasploit to get an unprivileged shell prompt on the target Windows desktop. The penetration tester then tried using t...

Analyze the screenshot below. What event is depicted?

Analyze the excerpt from a packet capture between the hosts 192.168.116.9 and 192.168.116.101. What factual conclusion can the tester draw from this output?

What is the main difference between LAN MAN and NTLMv1 challenge/responses?

You have been contracted to penetration test an e-mail server for a client that wants to know for sure if the sendmail service is vulnerable to any known attacks. You have permissi...

What will the following scapy commands do?

You want to find out what ports a system is listening on. What Is the correct command on a Linux system?

You have obtained the hash below from the /etc/shadow file. What are you able to discern simply by looking at this hash?

What difference would you expect to result from running the following commands; (I). S dig _s domain.com target.com -t AXFR and (2). S dig _s.domain.com target.com -t IXFR=10022003...

Analyze the screenshot below, which of the following sets of results will be retrieved using this search?

Which of the following United States laws protects stored electronic information?

Analyze the output of the two commands below: Which of the following can be factually inferred from the results of these commands?

Which protocol would need to be available on a target in order for Nmap to identify services like IMAPS and POP3S?

What is the sequence in which packets are sent when establishing a connection to a secured network?