[Free] 2017(Sep) CollectDumps Dumpsleader GIAC GPEN Dumps with VCE and PDF 51-60

CollectDumps 2017 Sep GIAC Official New Released GPEN
100% Free Download! 100% Pass Guaranteed!
http://www.CollectDumps.com/GPEN.html

GIAC Penetration Tester

Question No: 51 – (Topic 1)

You are conducting a penetration test for a private contractor located in Singapore. The scope extends to all internal hosts controlled by the company, you have gathered necessary hold-harmless and nondisclosure agreements. Which action by your group can incur criminal liability under Chapter 50a, Computer Misuse Act?

  1. Exploiting vulnerable web services on internal hosts

  2. Attempts at social engineering employees via telephone calls

  3. Testing denial-of-service tolerance of the communications provider

  4. Cracking password hashes on the corporate domain server

Answer: D

Question No: 52 – (Topic 1)

A penetration tester used a client-side browser exploit from metasploit to get an unprivileged shell prompt on the target Windows desktop. The penetration tester then tried using the getsystem command to perform a local privilege escalation which failed. Which of the following could resolve the problem?

  1. Load priv module and try getsystem again

  2. Run getuid command, then getpriv command, and try getsystem again

  3. Run getuid command and try getsystem again

  4. Use getprivs command instead of getsystem

Answer: B

Question No: 53 – (Topic 1)

What is the purpose of the following command?

C:\gt;wmic /node:[target IP] /user:[admin-user]

/password:[password] process call create [command]

  1. Running a command on a remote Windows machine

  2. Creating a service on a remote Windows machine

  3. Creating an admin account on a remote Windows machine

  4. Listing the running processes on a remote windows machine

Answer: D

Question No: 54 – (Topic 1)

You have compromised a Windows XP system and Injected the Meterpreter payload into the lsass process. While looking over the system you notice that there is a popular password management program on the system. When you attempt to access the file that contains the password you find it is locked. Further investigation reveals that it is locked by the passmgr process. How can you use the Meterpreter to get access to this file?

  1. Use the getuid command to determine the user context the process is runningunder, then use the imp command to impersonate that user.

  2. use the getpid command to determine the user context the process is runningunder, then use the Imp command to impersonate that user.

  3. Use the execute command to the passmgr executable. That will give you access to the file.

  4. Use the migrate command to jump to the passmgr process. That will give you accessto the file.

Answer: C

Question No: 55 – (Topic 1)

Which of the following TCP packet sequences are common during a SYN (or half-open) scan?

  1. The source computer sends SYN and the destination computer responds with RST

  2. The source computer sends SYN-ACK and no response Is received from the destination computer

  3. The source computer sends SYN and no response is received from the destination computer

  4. The source computer sends SYN-ACK and the destination computer responds with RST-ACK

  5. A,B and C

  6. A and C

  7. C and D

  8. C and D

Answer: C

Question No: 56 – (Topic 1)

You are conducting a penetration test for a private company located in Canada. The scope extends to all internal-facing hosts controlled by the company. You have gathered necessary hold-harmless and non-disclosure agreements. Which action by your group can incur criminal liability under Criminal Code of Canada Sections 184 and 542 CC 184?

  1. Analyzing internal firewall router software for vulnerabilities

  2. Exploiting application vulnerabilities on end-user workstations

  3. Attempting to crack passwords on a development server

  4. Capturing a VoIP call to a third party without prior notice

Answer: D

Question No: 57 – (Topic 1)

The resulting business impact, of the penetration test or ethical hacking engagement is explained in what section of the final report?

  1. Problems

  2. Findings

  3. Impact Assessment

  4. Executive Summary

Answer: D

Reference:

http://www.frost.com/upld/get-data.do?id=1568233

Question No: 58 – (Topic 1)

You are using the Nmap Scripting Engine and want detailed output of the script as it runs. Which option do you include in the command string?

  1. Nmap -script-output -script-SSH-hostkey.nse 155.65.3.221 -p 22

  2. Nmap -script-trace -script-ssh-hostkey.nse 155.65.3.221 -p 22

  3. Nmap -script-verbose -scrlpr-ssh-hostkey.nse 155.65.3.221 -p 22

  4. Nmap -v -script=ssh-hostkey.nse 155.65.3.221 -p 22

Answer: C

Question No: 59 – (Topic 1)

A penetration tester obtains telnet access to a target machine using a captured credential. While trying to transfer her exploit to the target machine, the network intrusion detection systems keeps detecting her exploit and terminating her connection. Which of the following actions will help the penetration tester transfer an exploit and compile it in the target system?

  1. Use the http service#39;s PUT command to push the file onto the target machine.

  2. Use the scp service, protocol SSHv2 to pull the file onto the target machine.

  3. Use the telnet service#39;s ECHO option to pull the file onto the target machine

  4. Use the ftp service in passive mode to push the file onto the target machine.

Answer: D

Question No: 60 – (Topic 1)

Which of the following best describes a client side exploit?

  1. Attack of a client application that retrieves content from the network

  2. Attack that escalates user privileged to root or administrator

  3. Attack of a service listening on a client system

  4. Attack on the physical machine

Answer: C

100% Free Download!
Download Free Demo:GPEN Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps GPEN Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE