[Free] 2017(Sep) CollectDumps Dumpsleader GIAC GPEN Dumps with VCE and PDF 61-70

CollectDumps 2017 Sep GIAC Official New Released GPEN
100% Free Download! 100% Pass Guaranteed!

GIAC Penetration Tester

Question No: 61 – (Topic 1)

In the screen shot below, which selections would you need click in order to intercept and alter all http traffic passing through OWASP ZAP?

Collectdumps 2017 PDF and VCE

  1. Trap response and continue

  2. Set Break and Continue

  3. Trap request and continue

  4. Continue and drop

Answer: B

Question No: 62 – (Topic 1)

A penetration tester wishes to stop the Windows Firewall process on a remote host running Windows Vista She issues the following commands:

Collectdumps 2017 PDF and VCE

A check of the remote host indicates that Windows Firewall is still running. Why did the command fail?

  1. The kernel prevented the command from being executed.

  2. The user does not have the access level needed to stop the firewall.

  3. The sc command needs to be passed the IP address of the target.

  4. The remote server timed out and did not complete the command.

Answer: C

Question No: 63 – (Topic 1)

A client with 7200 employees in 14 cities (all connected via high speed WAN connections) has suffered a major external security breach via a desktop which cost them more than SI

72.000 and the loss of a high profile client. They ask you to perform a desktop vulnerability assessment to identify everything that needs to be patched. Using Nessus you find tens of thousands of vulnerabilities that need to be patched. In the report you find workstations running several Windows OS versions and service pack levels, anti-virus software from multiple vendors several major browser versions and different versions of Acrobat Reader. Which of the following recommendations should you provide with the report?

  1. The client should standardize their desktop software

  2. The client should eliminate workstations to reduce workload

  3. The client should hire more people to catch up on patches

  4. The client should perform monthly vulnerability assessments

Answer: C

Question No: 64 – (Topic 1)

Analyze the command output below, what action is being performed by the tester?

Collectdumps 2017 PDF and VCE

  1. Displaying a Windows SAM database

  2. Listing available workgroup services

  3. Discovering valid user accounts

  4. Querying locked out user accounts

Answer: C

Question No: 65 – (Topic 1)

By default Active Directory Controllers store password representations in which file?

  1. %system roots .system 32/ntds.dit

  2. %System roots /ntds\ntds.dit

  3. %System roots /ntds\sam.dat

  4. %System roots /ntds\sam.dit

Answer: A


http://www.scribd.com/doc/212238158/Windows-Administrator-L2-Interview-Question- System-Administrator#scribd

Question No: 66 – (Topic 1)

When sniffing wireless frames, the interface mode plays a key role in successfully collecting traffic. Which of the mode or modes are best used for sniffing wireless traffic?

  1. Master Ad-hoc

  2. RFMON

  3. RFMON. Ad-hoc

  4. Ad-hoc

Answer: A

Reference: http://www.willhackforsushi.com/books/377_eth_2e_06.pdf

Question No: 67 – (Topic 1)

What is the MOST important document to obtain before beginning any penetration testing?

  1. Project plan

  2. Exceptions document

  3. Project contact list

  4. A written statement of permission

Answer: A


Before starting a penetration test, all targets must be identified. These targets should be obtained from the customer during the initial questionnaire phase. Targets can be given in the form of specific IP addresses, network ranges, or domain names by the customer. In some instances, the only target the customer provides is the name of the organization and expects the testers be able to identify the rest on their own. It is important to define if systems like firewalls and IDS/IPS or networking equipment that are between the tester and the final target are also part of the scope. Additional elements such as upstream providers, and other 3rd party providers should be identified and defined whether they are in scope or not.

Question No: 68 – (Topic 1)

What section of the penetration test or ethical hacking engagement final report is used to detail and prioritize the results of your testing?

  1. Methodology

  2. Conclusions

  3. Executive Summary

  4. Findings

Answer: C

Question No: 69 – (Topic 1)

While performing an assessment on a banking site, you discover the following link:


Assuming authenticated banking users can be lured to your web site, which crafted html tag may be used to launch a XSRF attack?

  1. lt;imgsrc-quot;java script alert (‘document cookie#39;):quot;gt;

  2. lt;scripigt;alert(#39;hnps:/#39;mybank.com/xfer.a$p?xfer_io-[attacker_account]amp;amoutn- [dollars]#39;)lt;/scriptgt;

  3. lt;scriprgt;document.\write(#39;hTtp$://mybankxom/xfer.a$p?xfer_to-[attacker.accountl


  4. lt;img src-#39;https/mybank.com/xfer.asp?xfer_to=[artacker_account]amp;amount= [dollars]quot;gt;

Answer: C

Question No: 70 – (Topic 1)

What concept do Rainbow Tables use to speed up password cracking?

  1. Fast Lookup Crack Tables

  2. Memory Swap Trades

  3. Disk Recall Cracking

  4. Time-Memory Trade-off

Answer: D

Reference: http://en.wikipedia.org/wiki/Space–time_tradeoff

100% Free Download!
Download Free Demo:GPEN Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps GPEN Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE