[Free] 2017(Sep) CollectDumps Dumpsleader GIAC GPEN Dumps with VCE and PDF 71-80

CollectDumps 2017 Sep GIAC Official New Released GPEN
100% Free Download! 100% Pass Guaranteed!
http://www.CollectDumps.com/GPEN.html

GIAC Penetration Tester

Question No: 71 – (Topic 1)

You have connected to a Windows system remotely and have shell access via netcat. While connected to the remote system you notice that some Windows commands work normally while others do not An example of this is shown in the picture below Which of the following best describes why tins is happening?

Collectdumps 2017 PDF and VCE

  1. Netcat cannot properly interpret certain control characters or Unicode sequences.

  2. The listener executed command.com instead of cmd.exe.

  3. Another application is already running on the port Netcat is listening on.

  4. TheNetcat listener is running with system level privileges.

Answer: D

Question No: 72 – (Topic 1)

Analyze the excerpt from a packet capture between the hosts 192.168.116.9 and 192.168.116.101. What factual conclusion can the tester draw from this output?

Collectdumps 2017 PDF and VCE

  1. Port 135 is filtered, port 139 is open.

  2. Pons 135 and 139 are filtered.

  3. Ports 139 and 135 are open.

  4. Port 139 is closed, port 135 is open

Answer: C

Question No: 73 – (Topic 1)

As pan or a penetration lest, your team is tasked with discovering vulnerabilities that could be exploited from an inside threat vector. Which of the following activities fall within that scope?

  1. SQL injection attacks against the hr intranet website.

  2. A competitor#39;s employee#39;s scanning the company#39;s website.

  3. Wireless quot;war drivingquot; the company manufacturing site.

  4. Running a Nessus scan from the sales department network.

  5. B, C, and D

  6. A, B. and D

  7. B and D

  8. A and D

Answer: C

Question No: 74 – (Topic 1)

Where are Netcat#39;s own network activity messages, such as when a connection occurs, sent?

  1. Standard Error

  2. Standard input

  3. Standard Logfile

  4. Standard Output

Answer: A

Reference:

http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

Question No: 75 – (Topic 1)

How does OWASP ZAP function when used for performing web application assessments?

  1. It is a non-transparent proxy that sits between your web browser and the targetapplication.

  2. It is a transparent policy proxy that sits between Java servers and |SP web pages.

  3. It is a non-transparent proxy that passively sniffs network traffic for HTTPvulnerabilities.

  4. It is a transparent proxy that sits between a target application and the backenddatabase.

Answer: D

Question No: 76 – (Topic 1)

Analyze the command output below. What action is being performed by the tester?

Collectdumps 2017 PDF and VCE

  1. Creating user accounts on 10.0.1.4 and testing privileges

  2. Collecting password hashes for users on 10.0.1.4

  3. Attempting to exploit windows File and Print Sharing service

  4. Gathering Security identifiers for accounts on 10.0.1.4

Answer: C

Question No: 77 – (Topic 1)

You are conducting a penetration test for a private company located in the UK. The scope extends to all internal and external hosts controlled by the company. You have gathered necessary hold-harmless and non-disclosure agreements. Which action by your group can incur criminal liability under the computer Misuse Act of 1990?

  1. Sending crafted packets to internal hosts in an attempt to fingerprint the operatingsystems

  2. Recovering the SAM database of the domain server and attempting to crackpasswords

  3. Installing a password sniffing program on an employee#39;s personal computer withoutconsent

  4. Scanning open ports on internal user workstations and exploiting vulnerableapplications

Answer: B

Question No: 78 – (Topic 1)

A tester has been contracted to perform a penetration test for a corporate client. The scope of the test is limited to end-user workstations and client programs only. Which of die following actions is allowed in this test?

  1. Attempting to redirect the internal gateway through ARP poisoning

  2. Activating bot clients and performing a denial-of-service against the gateway.

  3. Sniffing and attempting to crack the Domain Administrators password hash.

  4. Sending a malicious pdf to a user and exploiting a vulnerable Reader version.

Answer: B

Question No: 79 – (Topic 1)

Given the following Scapy information, how is default Layer 2 information derived?

Collectdumps 2017 PDF and VCE

  1. The default layer 2 information is contained in a local scapy.cfg configuration fileon the local system.

  2. If not explicitly defined, the Ether type field value Is created using the hex value ofthe destination port, in this case 80

  3. If not explicitly defined, pseudo-random values are generated for the Layer 2 defaultinformation.

  4. Scapy relies on the underlying operating system to construct Layer 2 information touse as default.

Answer: C

Question No: 80 – (Topic 1)

You are performing a vulnerability assessment using Nessus and your clients printers begin printing pages of random text and showing error messages. The client is not happy with the situation. What is the best way to proceed?

  1. Enable the quot;Skip all primersquot; option and re-scan

  2. Ensure Safe Checks is enabled in Nessus scan policies

  3. Remove primer IP addresses from your target list

  4. Verify primers are in scope and tell the client In progress scans cannot be stopped

Answer: B

100% Free Download!
Download Free Demo:GPEN Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps GPEN Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE