• support@dumpspool.com
SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$35.00 Free Updates Upto 90 Days

  • GPEN Dumps PDF
  • 385 Questions
  • Updated On April 15, 2024

PDF + Test Engine

$60.00 Free Updates Upto 90 Days

  • GPEN Question Answers
  • 385 Questions
  • Updated On April 15, 2024

Test Engine

$50.00 Free Updates Upto 90 Days

  • GPEN Practice Questions
  • 385 Questions
  • Updated On April 15, 2024
Check Our Free GIAC GPEN Online Test Engine Demo.

How to pass GIAC GPEN exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest GIAC GPEN Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know GIAC GPEN Dumps are Worth it?

Did we mention our latest GPEN Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just GIAC Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our GIAC Penetration Tester Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using GIAC Penetration Tester Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get GPEN Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the GPEN exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

GIAC GPEN Sample Question Answers

Question # 1

Which of the following methods will free up bandwidth in a Wireless LAN (WLAN)?

A. Implement WEP.
B. Disabling SSID broadcast.
C. Change hub with switch.
D. Deploying a powerful antenna.

Question # 2

You are concerned about war driving bringing hackers attention to your wireless network. What is the most basic step you can take to mitigate this risk?

A. Implement WEP
B. Implement MAC filtering
C. Don't broadcast SSID
D. Implement WPA

Question # 3

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IPbased network. Rick, your assistant, is configuring some laptops for wireless access. For security, WEP needs to be configured for wireless communication. By mistake, Rick configures different WEP keys in a laptop than that is configured on the Wireless Access Point (WAP). Which of the following statements is true in such situation? 

A. The laptop will be able to access the wireless network but the security will becompromised
B. The WAP will allow the connection with the guest account's privileges.
C. The laptop will be able to access the wireless network but other wireless devices will beunable to communicate with it.
D. The laptop will not be able to access the wireless network.

Question # 4

John works as a professional Ethical Hacker. He has been assigned the project of testingthe security of www.we-are-secure.com. He has successfully completed the following preattack phases while testing the security of the server:Footprinting Scanning Now he wants to conduct the enumeration phase. Which of thefollowing tools can John use to conduct it?Each correct answer represents a complete solution. Choose all that apply.

A. PsFile
B. PsPasswd
C. UserInfo
D. WinSSLMiM

Question # 5

You want to run the nmap command that includes the host specification of 202.176.56-57.*.How many hosts will you scan?

A. 512
B. 64
C. 1024
D. 256

Question # 6

Fill in the blank with the appropriate act name.The___ act gives consumers the right to ask emailers to stop spamming them.  

Question # 7

John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-are-secure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack? 

A. Use the escapeshellarg() function
B. Use the session_regenerate_id() function
C. Use the mysql_real_escape_string() function for escaping input
D. Use the escapeshellcmd() function

Question # 8

You execute the following netcat command:c:\target\nc -1 -p 53 -d -e cmd.exeWhat action do you want to perform by issuing the above command?

A. Capture data on port 53 and performing banner grabbing.
B. Capture data on port 53 and delete the remote shell.
C. Listen the incoming traffic on port 53 and execute the remote shell.
D. Listen the incoming data and performing port scanning.

Question # 9

Fill in the blank with the appropriate tool name.__________is a wireless network cracking tool that exploits the vulnerabilities in the RC4Algorithm, which comprises the WEP security parameters.

Question # 10

The scope of your engagement is to include a target organization located in California witha /24 block of addresses that they claim to completely own. Which site could you utilize toconfirm that you have been given accurate information before starting reconnaissanceactivities?

A. www.whois.net
B. www.arin.nei
C. www.apnic.net
D. www.ripe.net

Question # 11

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the Linux operating system. He wants to use a wireless sniffer to sniff the We-are-secure network. Which of the following tools will he use to accomplish his task? 

A. NetStumbler
B. Snadboy's Revelation
C. WEPCrack
D. Kismet

Question # 12

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He enters the following command on the Linux terminal:chmod 741 secure.c Considering the above scenario, which of the following statements are true? Each correct answer represents a complete solution. Choose all that apply.

A. John is restricting a guest to only write or execute the secure.c file.
B. John is providing all rights to the owner of the file.
C. By the octal representation of the file access permission, John is restricting the groupmembers to only read the secure.c file.
D. The textual representation of the file access permission of 741 will be -rwxr--rw-.

Question # 13

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He enters the following command on the Linux terminal:chmod 741 secure.c Considering the above scenario, which of the following statements are true? Each correct answer represents a complete solution. Choose all that apply.

A. John is restricting a guest to only write or execute the secure.c file.
B. John is providing all rights to the owner of the file.
C. By the octal representation of the file access permission, John is restricting the groupmembers to only read the secure.c file.
D. The textual representation of the file access permission of 741 will be -rwxr--rw-.

Question # 14

Which of the following security policies will you implement to keep safe your data when youconnect your Laptop to the office network over IEEE 802.11 WLANs?Each correct answer represents a complete solution. Choose two.

A. Using personal firewall software on your Laptop.
B. Using a protocol analyzer on your Laptop to monitor for risks.
C. Using portscanner like nmap in your network.
D. Using an IPSec enabled VPN for remote connectivity. 

Question # 15

Which of the following tools monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools? 

A. IDS
B. Firewall
C. Snort
D. WIPS

Question # 16

You have forgotten your password of an online shop. The web application of that onlineshop asks you to enter your email so that they can send you a new password. You enteryour email you@gmail.com' and press the submit button. The Web application displays theserver error.What can be the reason of the error?

A. The remote server is down.
B. You have entered any special character in email.
C. Your internet connection is slow.
D. Email entered is not valid.

Question # 17

In which of the following attacks does an attacker use packet sniffing to read network traffic between two parties to steal the session cookie? 

A. Cross-site scripting
B. Session fixation
C. Session sidejacking
D. ARP spoofing

Question # 18

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com Web site. For this, you want to perform the idle scan so that you can get the ports open in the we-are-secure.com server. You are using Hping tool to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented on every query, regardless whether the ports are open or close. Sometimes, IPID is being incremented by more than one value. What may be the reason? 

A. The zombie computer is the system interacting with some other system besides yourcomp uter.
B. The firewall is blocking the scanning process.
C. The zombie computer is not connected to the we-are-secure.com Web server.
D. Hping does not perform idle scanning.

Question # 19

You send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024 using hping2 utility. This attack is known as __________. 

A. Port scanning
B. Spoofing
C. Cloaking
D. Firewalking

Question # 20

What is the sequence in which packets are sent when establishing a connection to a secured network? 

A. Auth, Associate and Probe  
B. Probe, Auth and Associate
C. Associate, Probe and Auth
D. Probe. Associate and Auth

Question # 21

Which of the following attacks allows an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether?

A. Man-in-the-middle
B. ARP spoofing
C. Port scanning
D. Session hijacking

Question # 22

Which of the following can be used as a countermeasure against the SQL injection attack?Each correct answer represents a complete solution. Choose two

A. mysql_real_escape_string()
B. Prepared statement
C. mysql_escape_string()
D. session_regenerate_id()

Question # 23

You want to search the Apache Web server having version 2.0 using google hacking. Which of the following search queries will you use?

A. intitle:"Test Page for Apache Installation" "You are free"  
B. intitle:"Test Page for Apache Installation" "It worked!"
C. intitle:test.page "Hey, it worked !" "SSl/TLS aware"
D. intitle:Sample.page.for.Apache Apache.Hook.Function

Question # 24

Which of the following tools is spyware that makes Windows clients send their passwords as clear text?

A. Pwddump2
B. SMBRelay
C. KrbCrack
D. C2MYAZZ

Question # 25

What difference would you expect to result from running the following commands;(I). S dig ©ns domain.com target.com -t AXFRand(2). S dig ©ns.domain.com target.com -t IXFR=1002200301

A. Command (I) will display incremental information about a domain and command (2)Will provide only 1002200301 bytes of information
B. Command (1) will display all information about a domain and command (2) willprovideonly incremental updates from SOA 1002200301
C. Command (I) will display all information about a domain and command (2) willprovideonly incremental updates up to SOA 1002200301
D. Command (I) will display all information about a domain and command (2) willprovideonly 1002200301 bytes of information 

Question # 26

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects ofsecurity auditing. Recently, your company has assigned you a project to test the security ofthe we-aresecure. com Web site. For this, you want to perform the idle scan so that youcan get the ports open in the we-are-secure.com server. You are using Hping tool toperform the idle scan by using a zombie computer. While scanning, you notice that everyIPID is being incremented on every query, regardless whether the ports are open or close.Sometimes, IPID is being incremented by more than one value. What may be the reason?

A. The zombie computer is not connected to the we-are-secure.com Web server.
B. The zombie computer is the system interacting with some other system besides yourcomp uter.
C. Hping does not perform idle scanning.
D. The firewall is blocking the scanning process.

Question # 27

This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows:It displays the signal strength of a wireless network, MAC address, SSID, channel details,etc.It is commonly used for the following purposes: a. War drivingb. Detecting unauthorized access pointsc. Detecting causes of interference on a WLANd. WEP ICV error trackinge. Making Graphs and Alarms on 802.11 Data, including Signal StrengthThis tool is known as __________.

A. Absinthe
B. THC-Scan
C. NetStumbler
D. Kismet

Question # 28

Which of the following penetration testing phases involves gathering data from whois, DNS,and network scanning, which helps in mapping a target network and provides valuableinformation regarding the operating system and applications running on the systems?

A. Post-attack phase
B. Attack phase
C. Pre-attack phase
D. On-attack phase

Question # 29

Which protocol would need to be available on a target in order for Nmap to identify serviceslike IMAPS and POP3S?

A. HTTPS
B. SSL
C. LDAP
D. TLS

Question # 30

You want to search the Apache Web server having version 2.0 using google hacking. Which of the following search queries will you use?

A. intitle:Sample.page.for.Apache Apache.Hook.Function 
B. intitle:"Test Page for Apache Installation" "It worked!" 
C. intitle:test.page "Hey, it worked !" "SSl/TLS aware"
D. intitle:"Test Page for Apache Installation" "You are free"

Question # 31

Which of the following tools can be used to automate the MITM attack?

A. Hotspotter
B. Airjack
C. Kismet
D. IKECrack 

Question # 32

You run the following bash script in Linux:for i in 'cat hostlist.txt' ;do nc -q 2 -v $i 80 < request.txt done where, hostlist.txt file containsthe list of IP addresses and request.txt is the output file.Which of the following tasks do you want to perform by running this script?

A. You want to perform port scanning to the hosts given in the IP address list.
B. You want to transfer file hostlist.txt to the hosts given in the IP address list.
C. You want to perform banner grabbing to the hosts given in the IP address list.
D. You want to put nmap in the listen mode to the hosts given in the IP address list.

Question # 33

Which of the following Web authentication techniques uses a single sign-on scheme? 

A. NTLM authentication
B. Microsoft Passport authentication
C. Basic authentication
D. Digest authentication

Question # 34

Which of the following statements are true about firewalking? Each correct answer represents a complete solution. Choose all that apply. 

A. To use firewalking, the attacker needs the IP address of the last known gateway beforethe firewall and the IP address of a host located behind the firewall.
B. Firewalking works on the UDP packets.
C. In this technique, an attacker sends a crafted packet with a TTL value that is set toexpire one hop past the firewall.
D. A malicious attacker can use firewalking to determine the types of ports/protocols thatcan bypass the firewall.

Question # 35

John works as a Penetration Tester in a security service providing firm named you-aresecure Inc.Recently, John's company has got a project to test the security of a promotional Websitewww.missatlanta.com and assigned the pen-testing work to John. When John is performingpenetration testing, he inserts the following script in the search box at the company homepage:<script>alert('Hi, John')</script>After pressing the search button, a pop-up box appears on his screen with the text - "Hi,John."Which of the following attacks can be performed on the Web site tested by john whileconsidering the above scenario?

A. Replay attack
B. Buffer overflow attack
C. CSRF attack
D. XSS attack

Question # 36

You want to perform an active session hijack against Secure Inc. You have found a targetthat allows Telnet session. You have also searched an active session due to the high levelof traffic on the network. What should you do next?

A. Use a sniffer to listen network traffic.
B. Use macoff to change MAC address.
C. Guess the sequence numbers.
D. Use brutus to crack telnet password. 

Question # 37

John works as a professional Ethical Hacker. He has been assigned a project to test thesecurity of www.we-are-secure.com. He performs Web vulnerability scanning on the Weare-secure server.The output of the scanning test is as follows:C:\whisker.pl -h target_IP_address-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - == Host: target_IP_address= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22+ 200 OK: HEAD /cgi-bin/printenvJohn recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in theWe_are_secure server. Which of the following statements about 'Printenv' vulnerability aretrue?Each correct answer represents a complete solution. Choose all that apply

A. 'Printenv' vulnerability maintains a log file of user activities on the Website, which maybe useful for the attacker.
B. The countermeasure to 'printenv' vulnerability is to remove the CGI script.
C. This vulnerability helps in a cross site scripting attack.
D. With the help of 'printenv' vulnerability, an attacker can input specially crafted linksand/or other malicious scripts.

Question # 38

Every network device contains a unique built in Media Access Control (MAC) address, which is used to identify the authentic device to limit the network access. Which of the following addresses is a valid MAC address?

A. A3-07-B9-E3-BC-F9
B. F936.28A1.5BCD.DEFA 
C. 1011-0011-1010-1110-1100-0001 
D. 132.298.1.23

Question # 39

You want to scan your network quickly to detect live hosts by using ICMP ECHO Requests.What type of scanning will you perform to accomplish the task?

A. Idle scan  
B. TCP SYN scan
C. Ping sweep scan
D. XMAS scan

Question # 40

Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from Web server databases? 

A. Fragroute
B. Absinthe
C. Stick
D. ADMutate

Question # 41

You are concerned about war driving bringing hackers attention to your wireless network. What is the most basic step you can take to mitigate this risk?

A. Implement WEP
B. Implement WPA
C. Don't broadcast SSID
D. Implement MAC filtering 

Question # 42

You want to create a binary log file using tcpdump. Which of the following commands willyou use?

A. tcpdump -B
B. tcpdump -dd
C. tcpdump -w
D. tcpdump –d 

Question # 43

Which of the following tasks can be performed by using netcat utility?Each correct answer represents a complete solution. Choose all that apply.

A. Firewall testing
B. Creating a Backdoor
C. Port scanning and service identification
D. Checking file integrity

Question # 44

Which of the following tools can be used to perform Windows password cracking, Windows enumeration, and VoIP session sniffing?

A. L0phtcrack
B. John the Ripper
C. Cain
D. Pass-the-hash toolkit 

Question # 45

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com Website. The we-are-secure.com Web server is using Linux operating system. When you port scanned the we-are-secure.com Web server, you got that TCP port 23, 25, and 53 are open. When you tried to telnet to port 23, you got a blank screen in response. When you tried to type the dir, copy, date, del, etc. commands you got only blank spaces or underscores symbols on the screen. What may be the reason of such unwanted situation?

A. The we-are-secure.com server is using honeypot.
B. The telnet session is being affected by the stateful inspection firewall.
C. The telnet service of we-are-secure.com has corrupted.
D. The we-are-secure.com server is using a TCP wrapper. 

Question # 46

Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary attack? 

A. Whishker
B. SARA
C. Nmap
D. Nessus 

Question # 47

You have just set up a wireless network for customers at a coffee shop. Which of thefollowing are good security measures to implement?Each correct answer represents a complete solution. Choose two.

A. MAC filtering the router
B. Using WPA encryption
C. Using WEP encryption
D. Not broadcasting SSID

Question # 48

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a multimedia enabled mobile phone, which is suspected to be used in a cyber crime. Adam uses a tool, with the help of which he can recover deleted text messages, photos, and call logs of the mobile phone. Which of the following tools is Adam using?

A. FTK Imager
B. FAU
C. Device Seizure
D. Galleta 

Question # 49

A pen tester is able to pull credential information from memory on a Windows system. Based on the command and output below, what advantage does this technique give a penetration tester when trying to access another windows system on the network?   

A. The technique is more effective through perimeter firewalls than otherauthentication attacks. 
B. It allows the tester to escalate the privilege level of the account, 
C. Access to the system can be gained without password guessing or cracking. 
D. Salts are removed from the hashes to allow for faster, offline cracking 

Question # 50

You work as an Administrator for Bluesky Inc. The company has 145 Windows XPProfessional client computers and eighty Windows 2003 Server computers. You want toinstall a security layer of WAP specifically designed for a wireless environment. You alsowant to ensure that the security layer provides privacy, data integrity, and authentication forclient-server communications over a wireless network. Moreover, you want a client andserver to be authenticated so that wireless transactions remain secure and the connectionis encrypted. Which of the following options will you use to accomplish the task?

A. Wired Equivalent Privacy (WEP)
B. Virtual Private Network (VPN)
C. Wireless Transport Layer Security (WTLS)
D. Recovery Console

Question # 51

Peter, a malicious hacker, obtains e-mail addresses by harvesting them from postings, blogs, DNS listings, and Web pages. He then sends large number of unsolicited commercial e-mail (UCE) messages on these addresses. Which of the following e-mail crimes is Peter committing? 

A. E-mail Spam
B. E-mail Storm
C. E-mail spoofing
D. E-mail bombing 

Question # 52

John works as an Ethical Hacker for uCertify Inc. He wants to find out the ports that areopen in uCertify's server using a port scanner. However, he does not want to establish afull TCP connection. Which of the following scanning techniques will he use to accomplishthis task?

A. TCP FIN 
B. Xmas tree 
C. TCP SYN/ACK 
D. TCP SYN 

Question # 53

Analyze the output of the two commands below: Which of the following can be factually inferred from the results of these commands?

A. The router 192.16S.U6.1 is filtering UDP traceroute.
B. The host 10.63.104.1 is silently dropping UDP packets.
C. The host 10.63.104.1 is not issuing ICMP packets.
D. The router 10 63.104 206 is dropping ICMP traceroute.

Question # 54

Analyze the screenshot below. What type of vulnerability is being attacked? 

A. Windows Server service 
B. Internet Explorer 
C. Windows Powershell 
D. Local Security Authority 

Question # 55

Which of the following tools can be used as a Linux vulnerability scanner that is capable ofidentifying operating systems and network services?Each correct answer represents a complete solution. Choose all that apply.

A. Cheops
B. Fport
C. Elsave
D. Cheops-ng

Question # 56

Based on the partial appdefstrig rile listed below, which port scan signature is classified by AMap as harmful?

A. smtp 
B. netbios-session 
C. http-trace 
D. ms-remote-desktop-protocol 

Question # 57

192.168.116.9 Is an IP address forvvww.scanned-server.com. Why are the results from the two scans, shown below, different?

A. John.pot 
B. John conf 
C. John.rec 
D. John.ini 

Question # 58

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. He enters a single quote in the input field of the login page of the Weare- secure Web site and receives the following error message: Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14' This error message shows that the We-are-secure Website is vulnerable to __________.

A. A SQL injection attack
B. A Denial-of-Service attack
C. A buffer overflow
D. An XSS attack 

Question # 59

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com network. Now, when you have finished your penetration testing, you find that the weare- secure.com server is highly vulnerable to SNMP enumeration. You advise the we-are-secure Inc. to turn off SNMP; however, this is not possible as the company is using various SNMP services on its remote nodes. What other step can you suggest to remove SNMP vulnerability? Each correct answer represents a complete solution. Choose two. 

A. Close port TCP 53. 
B. Change the default community string names. 
C. Upgrade SNMP Version 1 with the latest version.
D. Install antivirus. 

Question # 60

Given the following Scapy information, how is default Layer 2 information derived? 

A. The default layer 2 information is contained in a local scapy.cfg configuration fileon the local system. 
B. If not explicitly defined, the Ether type field value Is created using the hex value ofthe destination port, in this case 80 
C. If not explicitly defined, pseudo-random values are generated for the Layer 2 defaultinformation. 
D. Scapy relies on the underlying operating system to construct Layer 2 information touse as default. 

Question # 61

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the We-aresecure server. Which of the following are countermeasures against a brute force attack? Each correct answer represents a complete solution. Choose all that apply.

A. The site should use CAPTCHA after a specific number of failed login attempts. 
B. The site should restrict the number of login attempts to only three times. 
C. The site should force its users to change their passwords from time to time. 
D. The site should increase the encryption key length of the password. 

Question # 62

Analyze the command output below. What action is being performed by the tester? 

A. Creating user accounts on 10.0.1.4 and testing privileges 
B. Collecting password hashes for users on 10.0.1.4 
C. Attempting to exploit windows File and Print Sharing service 
D. Gathering Security identifiers for accounts on 10.0.1.4 

Question # 63

How many bits does SYSKEY use for encryption?

A. 32
B. 64 
C. 512
D. 128

Question # 64

Which of the following are the countermeasures against WEP cracking? Each correct answer represents a part of the solution. Choose all that apply. 

A. Using a 16 bit SSID
B. Changing keys often. 
C. Using the longest key supported by hardware. 
D. Using a non-obvious key.

Question # 65

Which of the following attacks can be overcome by applying cryptography?

A. Web ripping
B. Sniffing
C. DoS 
D. Buffer overflow 

Question # 66

The employees of EWS Inc. require remote access to the company's Web servers. In order to provide solid wireless security, the company uses EAP-TLS as the authentication protocol. Which of the following statements are true about EAP-TLS? Each correct answer represents a complete solution. Choose all that apply

A. It is supported by all manufacturers of wireless LAN hardware and software. 
B. It uses a public key certificate for server authentication. 
C. It uses password hash for client authentication. 
D. It provides a moderate level of security. 

Question # 67

Adam, a malicious hacker, hides a hacking tool from a system administrator of his company by using Alternate Data Streams (ADS) feature. Which of the following statements is true in context with the above scenario?

A. Alternate Data Streams is a feature of Linux operating system. 
B. Adam's system runs on Microsoft Windows 98 operating system.
C. Adam is using FAT file system. 
D. Adam is using NTFS file  system.

Question # 68

Fill in the blanks with the appropriate protocol. CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is an IEEE___ encryption protocol created to replace both TKIP and WEP.

Question # 69

You work as an IT Technician for uCertify Inc. You have to take security measures for the You work as an IT Technician for uCertify Inc. You have to take security measures for the

A. MAC Filtering
B. SSID
C. RAS
D. WEP 

Question # 70

Which of the following password cracking tools can work on the Unix and Linux environment?

A. Brutus
B. Cain and Abel 
C. Ophcrack
D. John the Ripper

Question # 71

Which of the following are the drawbacks of the NTLM Web authentication scheme? Each correct answer represents a complete solution. Choose all that apply. 

A. It can be brute forced easily. 
B. It works only with Microsoft Internet Explorer
B. It works only with Microsoft Internet Explorer
D. The password is sent in hashed format to the Web server. 

Question # 72

LM hash is one of the password schemes that Microsoft LAN Manager and Microsoft Windows versions prior to the Windows Vista use to store user passwords that are less than 15 characters long. If you provide a password seven characters or less, the second half of the LM hash is always

A. 0xBBD3B435B51504FF 
B. 0xAAD3B435B51404FF 
C. 0xBBC3C435C51504EF 
D. 0xAAD3B435B51404EE

Question # 73

Analyze the excerpt from a packet capture between the hosts 192.168.116.9 and 192.168.116.101. What factual conclusion can the tester draw from this output?

A. Port 135 is filtered, port 139 is open.  
B. Pons 135 and 139 are filtered. 
C. Ports 139 and 135 are open. 
D. Port 139 is closed, port 135 is open 

Question # 74

Peter, a malicious hacker, obtains e-mail addresses by harvesting them from postings,blogs, DNS listings, and Web pages. He then sends large number of unsolicitedcommercial e-mail (UCE) messages on these addresses. Which of the following e-mailcrimes is Peter committing?

A. E-mail spoofing
B. E-mail Spam
C. E-mail bombing
D. E-mail Storm

Question # 75

You have connected to a Windows system remotely and have shell access via netcat. While connected to the remote system you notice that some Windows commands work normally while others do not An example of this is shown in the picture below Which of the following best describes why tins is happening?    

A. Netcat cannot properly interpret certain control characters or Unicode sequences. 
B. The listener executed command.com instead of cmd.exe. 
C. Another application is already running on the port Netcat is listening on. 
D. TheNetcat listener is running with system level privileges. 

Question # 76

You work as a Web developer in the IBM Inc. Your area of proficiency is PHP. Since youhave proper knowledge of security, you have bewared from rainbow attack. For mitigatingthis attack, you design the PHP code based on the following algorithm:key = hash(password + salt)for 1 to 65000 do key = hash(key + salt)Which of the following techniques are you implementing in the above algorithm?

A. Key strengthening
B. Hashing
C. Sniffing
D. Salting

Question # 77

What happens when you scan a broadcast IP address of a network?Each correct answer represents a complete solution. Choose all that apply.

A. It will show an error in the scanning process.
B. Scanning of the broadcast IP address cannot be performed.
C. It may show smurf DoS attack in the network IDS of the victim.
D. It leads to scanning of all the IP addresses on that subnet at the same time.