Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the GIAC Security Administration GPEN Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam GPEN Premium Access

View all detail and faqs for the GPEN exam

Go to Exam

742 Students Passed

93% Average Score

92% Same Questions
Viewing page 8 out of 12 pages
Viewing questions 71-80 out of questions
Questions # 71:

Analyze the command output below. What information can the tester infer directly from the Information shown?

Question # 71

Options:

A.

Usernames for the domain tesrdomain.com

B.

Directory indexing is allowed on the web server

C.

Vulnerable versions of Adobe software in use

D.

Naming convention for public documents

Questions # 72:

While performing an assessment on a banking site, you discover the following link:

hnps://mybank.com/xfer.aspMer_toMaccount_number]&amount-[dollars]

Assuming authenticated banking users can be lured to your web site, which crafted html tag may be used to launch a XSRF attack?

Options:

A.

B.

alert('hnps:/'mybank.com/xfer.a$p?xfer_io-[attacker_account]&amoutn-[dollars]')</script>

C.

document.\write('hTtp$://mybankxom/xfer.a$p?xfer_to-[attacker.accountl

&amount-[dollars)</script>

D.

Questions # 73:

Which Metasploitvncinject stager will allow VNC communications from the attacker to a listening port of the attacker's choosing on the victim machine?

Options:

A.

Vncinject/find.lag

B.

Vncinject/reverse.tcp

C.

Vncinject/reverse-http

D.

Vncinject /bind.tcp

Questions # 74:

Which of the following describes the direction of the challenges issued when establishing a wireless (IEEE 802.11) connection?

Options:

A.

One-way, the client challenges the access point

B.

One-way, the access point challenges the client

C.

No challenges occur (or wireless connection

D.

Two-way, both the client and the access point challenge each other

Questions # 75:

You have connected to a Windows system remotely and have shell access via netcat. While connected to the remote system you notice that some Windows commands work normally while others do not An example of this is shown in the picture below Which of the following best describes why tins is happening?

Question # 75

Options:

A.

Netcat cannot properly interpret certain control characters or Unicode sequences.

B.

The listener executed command.com instead of cmd.exe.

C.

Another application is already running on the port Netcat is listening on.

D.

TheNetcat listener is running with system level privileges.

Questions # 76:

You are using the Nmap Scripting Engine and want detailed output of the script as it runs. Which option do you include in the command string?

Options:

A.

Nmap --script-output -script-SSH-hostkey.nse 155.65.3.221 -p 22

B.

Nmap --script-trace --script-ssh-hostkey.nse 155.65.3.221 -p 22

C.

Nmap -script-verbose --scrlpr-ssh-hostkey.nse 155.65.3.221 -p 22

D.

Nmap -v --script=ssh-hostkey.nse 155.65.3.221 -p 22

Questions # 77:

You are conducting a penetration test for a private company located in Canada. The scope extends to all internal-facing hosts controlled by the company. You have gathered necessary hold-harmless and non-disclosure agreements. Which action by your group can incur criminal liability under Criminal Code of Canada Sections 184 and 542 CC 184?

Options:

A.

Analyzing internal firewall router software for vulnerabilities

B.

Exploiting application vulnerabilities on end-user workstations

C.

Attempting to crack passwords on a development server

D.

Capturing a VoIP call to a third party without prior notice

Questions # 78:

When sniffing wireless frames, the interface mode plays a key role in successfully collecting traffic. Which of the mode or modes are best used for sniffing wireless traffic?

Options:

A.

Master Ad-hoc

B.

RFMON

C.

RFMON. Ad-hoc

D.

Ad-hoc

Questions # 79:

A customer has asked for a scan or vulnerable SSH servers. What is the penetration tester attempting to accomplish using the following Nmap command?

Question # 79

Options:

A.

Checking operating system version

B.

Running an exploit against the target

C.

Checking configuration

D.

Checking protocol version

Questions # 80:

A junior penetration tester at your firm is using a non-transparent proxy for the first time to test a web server. He sees the web site In his browser but nothing shows up In the proxy. He tells you that he just installed the non-transparent proxy on his computer and didn't change any defaults. After verifying the proxy is running, you ask him to open up his browser configuration, as shown in the figure, which of the following recommendations will correctly allow him to use the transparent proxy with his browser?

Question # 80

Options:

A.

He should change the PORT: value to match the port used by the non-transparentproxy.

B.

He should select the checkbox "use this proxy server for all protocols" for theproxy to function correctly.

C.

He should change the HTTP PROXY value to 127.0.0.1 since the non-transparentproxy is running on the same machine as the browser.

D.

He should select NO PROXY instead of MANUAL PROXY CONFIGURATION as thissetting is only necessary to access the Internet behind protected networks.

Viewing page 8 out of 12 pages
Viewing questions 71-80 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PCNSE
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA