GPEN Online Practice Questions and Answers

A penetration tester obtains telnet access to a target machine using a captured credential. While trying to transfer her exploit to the target machine, the network intrusion detection systems keeps detecting her exploit and terminating her connection. Which of the following actions will help the penetration tester transfer an exploit and compile it in the target system?

A. Use the http service's PUT command to push the file onto the target machine.

B. Use the scp service, protocol SSHv2 to pull the file onto the target machine.

C. Use the telnet service's ECHO option to pull the file onto the target machine

D. Use the ftp service in passive mode to push the file onto the target machine.

Why is OSSTMM beneficial to the pen tester?

A. It provides a legal and contractual framework for testing

B. It provides in-depth knowledge on tools

C. It provides report templates

D. It includes an automated testing engine similar to Metasploit

A penetration tester used a client-side browser exploit from metasploit to get an unprivileged shell prompt on the target Windows desktop. The penetration tester then tried using the getsystem command to perform a local privilege escalation which failed. Which of the following could resolve the problem?

A. Load priv module and try getsystem again

B. Run getuid command, then getpriv command, and try getsystem again

C. Run getuid command and try getsystem again

D. Use getprivs command instead of getsystem

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com Website. The we-are-secure.com Web server is using Linux operating system. When you port scanned the we-are-secure.com Web server, you got that TCP port 23, 25, and 53 are open. When you tried to telnet to port 23, you got a blank screen in response. When you tried to type the dir, copy, date, del, etc. commands you got only blank spaces or underscores symbols on the screen. What may be the reason of such unwanted situation?

A. The we-are-secure.com server is using honeypot.

B. The we-are-secure.com server is using a TCP wrapper.

C. The telnet service of we-are-secure.com has corrupted.

D. The telnet session is being affected by the stateful inspection firewall.

You configure a wireless router at your home. To secure your home Wireless LAN (WLAN), you implement WEP. Now you want to connect your client computer to the WLAN. Which of the following is the required information that you will

need to configure the client computer?

Each correct answer represents a part of the solution. Choose two.

A. WEP key

B. MAC address of the router

C. IP address of the router

D. SSID of the WLAN

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. You install access points for enabling a wireless network. The sales team members and the managers in the company will be using laptops to connect to the LAN through wireless connections. Therefore, you install WLAN network interface adapters on their laptops. However, you want to restrict the sales team members and managers from communicating directly to each other. Instead, they should communicate through the access points on the network. Which of the following topologies will you use to accomplish the task?

A. Star

B. Ad hoc

C. Infrastructure

D. Mesh

Adam is a novice Internet user. He is using Google search engine to search documents of his interest. Adam wants to search the text present in the link of a Website. Which of the following operators will he use in his query to accomplish the task?

A. inanchor

B. info

C. link

D. site

You are concerned about war driving bringing hackers attention to your wireless network. What is the most basic step you can take to mitigate this risk?

A. Implement WEP

B. Implement WPA

C. Don't broadcast SSID

D. Implement MAC filtering

You want that some of your Web pages should not be crawled. Which one of the following options will you use to accomplish the task?

A. Use HTML NO Crawl tag in the Web page not to be crawled

B. Place the name of restricted Web pages in the private.txt file

C. Place the name of restricted Web pages in the robotes.txt file

D. Enable the SSL

Fill in the blank with the appropriate act name.

The ____act gives consumers the right to ask emailers to stop spamming them.

A. CAN-SPAM