[Free] 2017(Sep) CollectDumps Dumpsleader GIAC GPEN Dumps with VCE and PDF 211-220

CollectDumps 2017 Sep GIAC Official New Released GPEN
100% Free Download! 100% Pass Guaranteed!

GIAC Penetration Tester

Question No: 211 – (Topic 3)

Which of the following characters will you use to check whether an application is vulnerable to an SQL injection attack?

  1. Single quote (#39;)

  2. Semi colon (;)

  3. Double quote (quot;)

  4. Dash (-)

Answer: A

Question No: 212 – (Topic 3)

Which of the following statements are true about the Enum tool?

Each correct answer represents a complete solution. Choose all that apply.

  1. It is capable of performing brute force and dictionary attacks on individual accounts of Windows NT/2000.

  2. One of the countermeasures against the Enum tool is to disable TCP port 139/445.

  3. It is a console-based Win32 information enumeration utility.

  4. It uses NULL and User sessions to retrieve user lists, machine lists, LSA policy information, etc.

Answer: A,B,C,D

Question No: 213 – (Topic 3)

Which of the following are considered Bluetooth security violations? Each correct answer represents a complete solution. Choose two.

  1. Bluebug attack

  2. SQL injection attack

  3. Cross site scripting attack

  4. Social engineering

  5. Bluesnarfing

Answer: A,E

Question No: 214 – (Topic 3)

Which of the following are the drawbacks of the NTLM Web authentication scheme? Each correct answer represents a complete solution. Choose all that apply.

  1. It can be brute forced easily.

  2. It works only with Microsoft Internet Explorer.

  3. The password is sent in clear text format to the Web server.

  4. The password is sent in hashed format to the Web server.

Answer: A,B

Question No: 215 – (Topic 3)

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint. Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?

  1. nmap -O -p

  2. nmap -sS

  3. nmap -sU -p

  4. nmap -sT

Answer: A

Question No: 216 – (Topic 3)

You are concerned about war driving bringing hackers attention to your wireless network. What is the most basic step you can take to mitigate this risk?

  1. Implement WEP

  2. Implement WPA

  3. Don#39;t broadcast SSID

  4. Implement MAC filtering

Answer: C

Question No: 217 – (Topic 3)

Which of the following is generally practiced by the police or any other recognized governmental authority?

  1. Spoofing

  2. Wiretapping

  3. Phishing

  4. SMB signing

Answer: B

Question No: 218 – (Topic 3)

You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:

Collectdumps 2017 PDF and VCE

What is the IP address of the sender of this email?





Answer: D

Question No: 219 – (Topic 3)

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He wants to perform a stealth scan to discover open ports and applications running on the We-are-secure server. For this purpose, he wants to initiate scanning with the IP address of any third party. Which of the following scanning techniques will John use to accomplish his task?

  1. UDP


  3. IDLE

  4. RPC

Answer: C

Question No: 220 – (Topic 3)

Which of the following tools are used for footprinting?

Each correct answer represents a complete solution. Choose all that apply.

  1. Brutus

  2. Sam spade

  3. Whois

  4. Traceroute

Answer: B,C,D

100% Free Download!
Download Free Demo:GPEN Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps GPEN Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE