Cyber Monday Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GIAC GPEN - GIAC Penetration Tester

GIAC GPEN Premium Access     Download Demo    
Page: 4 / 12
Total 385 questions

You are using the Nmap Scripting Engine and want detailed output of the script as it runs. Which option do you include in the command string?

A.

Nmap --script-output -script-SSH-hostkey.nse 155.65.3.221 -p 22

B.

Nmap --script-trace --script-ssh-hostkey.nse 155.65.3.221 -p 22

C.

Nmap -script-verbose --scrlpr-ssh-hostkey.nse 155.65.3.221 -p 22

D.

Nmap -v --script=ssh-hostkey.nse 155.65.3.221 -p 22

What concept do Rainbow Tables use to speed up password cracking?

A.

Fast Lookup Crack Tables

B.

Memory Swap Trades

C.

Disk Recall Cracking

D.

Time-Memory Trade-off

You are pen testing a network and have shell access to a machine via Netcat. You try to use ssh to access another machine from the first machine. What is the expected result?

A.

The ssh connection will succeed If you have root access on the intermediate

machine

B.

The ssh connection will fail

C.

The ssh connection will succeed

D.

The ssh connection will succeed if no password required

While scanning a remote system that is running a web server with a UDP scan and monitoring the scan with a sniffer, you notice that the target is responding with ICMP Port Unreachable only once a second What operating system is the target likely running?

A.

Linux

B.

Windows

C.

OpenBSD

D.

Mac OS X

What problem occurs when executing the following command from within a netcat raw shell? sudo cat /etc/shadow

A.

Sudo does not work at all from a shell

B.

Sudo works fine if the user and command are both in the /etc/sudoers file

C.

The display blanks after typing the sudo command

D.

You will not be able to type the password at the password prompt

When sniffing wireless frames, the interface mode plays a key role in successfully collecting traffic. Which of the mode or modes are best used for sniffing wireless traffic?

A.

Master Ad-hoc

B.

RFMON

C.

RFMON. Ad-hoc

D.

Ad-hoc

How can web server logs be leveraged to perform Cross-Site Scripting (XSSI?

A.

Web logs containing XSS may execute shell scripts when opened In a GUI textbrowser

B.

XSS attacks cause web logs to become unreadable and therefore are an effective DOS attack.

C.

If web logs are viewed in a web-based console, log entries containing XSS mayexecute on the browser.

D.

When web logs are viewed in a terminal. XSS can escape to the shell and executecommands.

You have compromised a Windows workstation using Metasploit and have injected the Meterpreter payload into the svchost process. After modifying some files to set up a persistent backdoor you realize that you will need to change the modified and access times of the files to ensure that the administrator can't see the changes you made. Which Meterpreter module would you need to load in order to do this?

A.

Core

B.

Priv

C.

Stdapi

D.

Browser

Why is OSSTMM beneficial to the pen tester?

A.

It provides a legal and contractual framework for testing

B.

It provides in-depth knowledge on tools

C.

It provides report templates

D.

It includes an automated testing engine similar to Metasploit

While performing an assessment on a banking site, you discover the following link:

hnps://mybank.com/xfer.aspMer_toMaccount_number]&amount-[dollars]

Assuming authenticated banking users can be lured to your web site, which crafted html tag may be used to launch a XSRF attack?

A.

B.

alert('hnps:/'mybank.com/xfer.a$p?xfer_io-[attacker_account]&amoutn-[dollars]')

C.

document.\write('hTtp$://mybankxom/xfer.a$p?xfer_to-[attacker.accountl

&amount-[dollars)

D.