GIAC GPEN - GIAC Penetration Tester

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully performed the following steps of the preattack phase to check the security of the We-are-secure network:

l Gathering information

l Determining the network range

l Identifying active systems

Now, he wants to find the open ports and applications running on the network. Which of the following tools will he use to accomplish his task?

Ryan wants to create an ad hoc wireless network so that he can share some important files with another employee of his company. Which of the following wireless security protocols should he choose for setting up an ad hoc wireless network?

Each correct answer represents a part of the solution. Choose two.

Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?

Which of the following attacks can be overcome by applying cryptography?

The scope of your engagement is to include a target organization located in California with a /24 block of addresses that they claim to completely own. Which site could you utilize to confirm that you have been given accurate information before starting reconnaissance activities?

You want to search the Apache Web server having version 2.0 using google hacking. Which of the following search queries will you use?

Which of the following vulnerability scanner scans from CGI, IDA, Unicode, and Nimda vulnerabilities?

You want to use a Windows-based GUI tool which can perform MITM attacks, along with sniffing and ARP poisoning. Which of the following tools will you use?

Which of the following tools is spyware that makes Windows clients send their passwords as clear text?

Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from Web server databases?