Latest Apr-2024 GIAC GPEN Dumps Updated 405 Questions [Q144-Q162]

Latest Apr-2024 GIAC GPEN Dumps Updated 405 Questions

PDF Download Free of GPEN Valid Practice Test Questions

NEW QUESTION # 144
CORRECT TEXT
Fill in the blank with the appropriate act name.
The ____act gives consumers the right to ask emailers to stop spamming them.

Answer:

Explanation:
CAN
-SPAM

NEW QUESTION # 145
Adam works as a professional Computer Hacking Forensic Investigator. He works with the local police. A project has been assigned to him to investigate an iPod, which was seized from a student of the high school. It is suspected that the explicit child pornography contents are stored in the iPod. Adam wants to investigate the iPod extensively. Which of the following operating systems will Adam use to carry out his investigations in more extensive and elaborate manner?

• A. MINIX 3
• B. Mac OS
• C. Linux
• D. Windows XP

Answer: B

NEW QUESTION # 146
Which of the following statements are true about session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

• A. It is used to slow the working of victim's network resources.
• B. TCP session hijacking is when a hacker takes over a TCP session between two machines.
• C. Use of a long random number or string as the session key reduces session hijacking.
• D. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.

Answer: B,C,D

NEW QUESTION # 147
What problem occurs when executing the following command from within a netcat raw shell? sudo cat /etc/shadow

• A. Sudo does not work at all from a shell
• B. Sudo works fine if the user and command are both in the /etc/sudoers file
• C. You will not be able to type the password at the password prompt
• D. The display blanks after typing the sudo command

Answer: A

NEW QUESTION # 148
Which of the following standards is used in wireless local area networks (WLANs)?

• A. IEEE 802.4
• B. IEEE 802.3
• C. IEEE 802.11b
• D. IEEE 802.5

Answer: C

NEW QUESTION # 149
The employees of CCN Inc. require remote access to the company's proxy servers. In order to provide solid wireless security, the company uses LEAP as the authentication protocol. Which of the following is supported by the LEAP protocol?
Each correct answer represents a complete solution. Choose all that apply.

• A. Dynamic key encryption
• B. Public key certificate for server authentication
• C. Password hash for client authentication
• D. Strongest security level

Answer: A,C

NEW QUESTION # 150
Which of the following statements are true about NTLMv1?
Each correct answer represents a complete solution. Choose all that apply.

• A. It uses the MD5 hash of the user's password.
• B. It uses the LANMAN hash of the user's password.
• C. It is a challenge-response authentication protocol.
• D. It is mostly used when no Active Directory domain exists.

Answer: B,C,D

NEW QUESTION # 151
What is the most likely cause of the responses on lines 10 and 11 of the output below?

• A. The host running the tracer utility lost its network connection during the scan
• B. The device at hop 10 silently drops UDP packets with a high destination port.
• C. The devices at hops 10 and II did not return an "ICMP TTL Exceeded in Transit" message.
• D. The device at hop 10 is down and not forwarding any requests at all.

Answer: C

NEW QUESTION # 152
LM hash is one of the password schemes that Microsoft LAN Manager and Microsoft Windows versions prior to the Windows Vista use to store user passwords that are less than 15 characters long. If you provide a password seven characters or less, the second half of the LM hash is always
__________.

• A. 0xBBD3B435B51504FF
• B. 0xBBC3C435C51504EF
• C. 0xAAD3B435B51404FF
• D. 0xAAD3B435B51404EE

Answer: D

NEW QUESTION # 153
Which of the following is the correct sequence of packets to perform the 3-way handshake method?

• A. SYN, ACK, ACK
• B. SYN, SYN/ACK, ACK
• C. SYN, ACK, SYN/ACK
• D. SYN, SYN, ACK

Answer: B

NEW QUESTION # 154
Which of the following password cracking tools can work on the Unix and Linux environment?

• A. John the Ripper
• B. Ophcrack
• C. Brutus
• D. Cain and Abel

Answer: A

NEW QUESTION # 155
Why is OSSTMM beneficial to the pen tester?

• A. It provides report templates
• B. It provides in-depth knowledge on tools
• C. It provides a legal and contractual framework for testing
• D. It includes an automated testing engine similar to Metasploit

Answer: A

Explanation:
Reference:
http://www.pen-tests.com/open-source-security-testing-methodology-manual-osstmm.html

NEW QUESTION # 156
Which of the following tools are used for footprinting?
Each correct answer represents a complete solution. Choose all that apply.

• A. Brutus
• B. Whois
• C. Sam spade
• D. Traceroute

Answer: B,C,D

NEW QUESTION # 157
Joseph works as a Network Administrator for WebTech Inc. He has to set up a centralized area on the network so that each employee can share resources and documents with one another. Which of the following will he configure to accomplish the task?

• A. VPN
• B. Extranet
• C. Intranet
• D. WEP

Answer: C

Explanation:
Section: Volume B

NEW QUESTION # 158
Analyze the command output below, what action is being performed by the tester?

• A. Discovering valid user accounts
• B. Querying locked out user accounts
• C. Displaying a Windows SAM database
• D. Listing available workgroup services

Answer: A

NEW QUESTION # 159
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:

Which of the following tools is John using to crack the wireless encryption keys?

• A. AirSnort
• B. Cain
• C. PsPasswd
• D. Kismet

Answer: A

NEW QUESTION # 160
Analyze the command output below. What information can the tester infer directly from the Information shown?

• A. Directory indexing is allowed on the web server
• B. Usernames for the domain tesrdomain.com
• C. Naming convention for public documents
• D. Vulnerable versions of Adobe software in use

Answer: C

NEW QUESTION # 161
What is the impact on pre-calculated Rainbow Tables of adding multiple salts to a set of passwords?

• A. Salts have little effect because they can be calculated on the fly with applicationssuch as Ophcrack.
• B. Salts double the total size of a rainbow table database.
• C. Salts increases the time to crack the original password by increasing the number oftables that must be calculated.
• D. Salts can be reversed or removed from encoding quickly to produce unsaltedhashes.

Answer: B

NEW QUESTION # 162
......

The GPEN certification exam is a highly challenging test that requires extensive knowledge, practical experience, and cutting-edge technology. GPEN exam consists of 150 multiple-choice questions, and candidates are given four hours to complete it. GIAC Certified Penetration Tester certification is valid for four years, after which candidates must complete a renewal process to maintain their status as a GIAC-certified GPEN. With the increasing demand for skilled penetration testers, the GPEN certification is a valuable asset in a highly competitive job market.

To earn the GPEN certification, individuals are required to pass a rigorous exam that tests their knowledge in various areas including network and system penetration testing, web application penetration testing, wireless network penetration testing, and social engineering. GPEN exam comprises multiple-choice questions with a score of 74% or higher required to pass. Along with the exam, individuals must also have at least two years of professional experience in the field of information security.

 

GPEN Test Engine files, GPEN Dumps PDF: https://vcecollection.trainingdumps.com/GPEN-valid-vce-dumps.html