[Free] 2017(Sep) CollectDumps Dumpsleader GIAC GPEN Dumps with VCE and PDF 31-40

CollectDumps 2017 Sep GIAC Official New Released GPEN
100% Free Download! 100% Pass Guaranteed!
http://www.CollectDumps.com/GPEN.html

GIAC Penetration Tester

Question No: 31 – (Topic 1)

You have been contracted to map me network and try to compromise the servers for a client. Which of the following would be an example of scope creep#39; with respect to this penetration testing project?

  1. Disclosing information forbidden in the NDA

  2. Compromising a server then escalating privileges

  3. Being asked to compromise workstations

  4. Scanning network systems slowly so you are not detected

Answer: B

Question No: 32 – (Topic 1)

Which of the following modes describes a wireless interface that is configured to passively grab wireless frames from one wireless channel and pass them to the operating system?

  1. Monitor Mode

  2. Promiscuous Mode

  3. Managed Mode

  4. Master Mode

Answer: C

Reference:

http://www.willhackforsushi.com/books/377_eth_2e_06.pdf

Question No: 33 – (Topic 1)

Your company has decided that the risk of performing a penetration test Is too great. You would like to figure out other ways to find vulnerabilities on their systems, which of the following is MOST likely to be a valid alternative?

  1. Network scope Analysis

  2. Baseline Data Reviews

  3. Patch Policy Review

  4. Configuration Reviews

Answer: A

Question No: 34 – (Topic 1)

A customer has asked for a scan or vulnerable SSH servers. What is the penetration tester attempting to accomplish using the following Nmap command?

Collectdumps 2017 PDF and VCE

  1. Checking operating system version

  2. Running an exploit against the target

  3. Checking configuration

  4. Checking protocol version

Answer: D

Question No: 35 – (Topic 1)

All of the following are advantages of using the Metasploitpriv module for dumping hashes from a local Windows machine EXCEPT:

  1. Doesn#39;t require SMB or NetBIOS access to the target machine

  2. Can run inside of a process owned by any user

  3. Provides less evidence for forensics Investigators to recover

  4. LSASS related reboot problems aren#39;t an Issue

Answer: B

Reference:

http://www.vita.virginia.gov/uploadedFiles/VITA_Main_Public/Security/Meetings/ISOAG/20 12/2012_Jan_ISOAG.pdf

Question No: 36 – (Topic 1)

During a penetration test we determine that TCP port 22 is listening on a target host. Knowing that SSHD is the typical service that listens on that port we attempt to validate that assumption with an SSH client but our effort Is unsuccessful. It turns out that it is actually an Apache webserver listening on the port, which type of scan would have helped us to determine what service was listening on port 22?

  1. Version scanning

  2. Port scanning

  3. Network sweeping

  4. OS fingerprinting

Answer: C

Question No: 37 – (Topic 1)

A junior penetration tester at your firm is using a non-transparent proxy for the first time to test a web server. He sees the web site In his browser but nothing shows up In the proxy. He tells you that he just installed the non-transparent proxy on his computer and didn#39;t change any defaults. After verifying the proxy is running, you ask him to open up his browser configuration, as shown in the figure, which of the following recommendations will correctly allow him to use the transparent proxy with his browser?

Collectdumps 2017 PDF and VCE

  1. He should change the PORT: value to match the port used by the non-transparentproxy.

  2. He should select the checkbox quot;use this proxy server for all protocolsquot; for theproxy to function correctly.

  3. He should change the HTTP PROXY value to 127.0.0.1 since the non-transparentproxy is running on the same machine as the browser.

  4. He should select NO PROXY instead of MANUAL PROXY CONFIGURATION as thissetting is only necessary to access the Internet behind protected networks.

Answer: C

Question No: 38 – (Topic 1)

You have been contracted to perform a black box pen test against the Internet facing servers for a company. They want to know, with a high level of confidence, if their servers

are vulnerable to external attacks. Your contract states that you can use all tools available to you to pen test the systems. What course of action would you use to generate a report with the lowest false positive rate?

  1. Use a port scanner to find open service ports and generate a report listing allvulnerabilities associated with those listening services.

  2. Use a vulnerability or port scanner to find listening services and then try to exploitthose services.

  3. Use a vulnerability scanner to generate a report of vulnerable services.

  4. Log into the system and record the patch levels of each service then generate areport that lists known vulnerabilities for all the running services.

Answer: B

Question No: 39 – (Topic 1)

Analyze the command output below. Given this information, which is the appropriate next step for the tester?

Starting Nmap4.53 (hnp://insecure.org I at2010-09-30 19:13 EDT interesting ports on 192.163.116.101:

PORT STATE SERVICE

130/tcp filtered cisco-fna 131/tcp filtered cisco-tna 132/tcp filtered cisco-sys 133/tcp filtered statsrv 134/tcp filtered Ingres-net 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp open netbios-ssn 140/tcp filtered emfis-data

MAC Address: 00:30:1amp;:B8:14:8B (Shuttle)

warning: OSS can results may be unreliable because we could not find at least l open and l closed port

Device type, general purpose Running: Microsoft Windows XP

OS details: Microsoft Windows XP SP2 Network Distance : 1 hop

Nmap done: I IP address (I host up) scanned in l .263 seconds

  1. Determine the MAC address of the scanned host.

  2. Send a single SYN packet to port 139/tcp on the host.

  3. Send spoofed packets to attempt to evade any firewall

  4. Request a list of shares from the scanned host.

Answer: B

Question No: 40 – (Topic 1)

What problem occurs when executing the following command from within a netcat raw shell? sudo cat /etc/shadow

  1. Sudo does not work at all from a shell

  2. Sudo works fine if the user and command are both in the /etc/sudoers file

  3. The display blanks after typing the sudo command

  4. You will not be able to type the password at the password prompt

Answer: A

100% Free Download!
Download Free Demo:GPEN Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps GPEN Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE