最新的GIAC GPEN免費考試真題

問題1

You have been contracted to perform a black box pen test against the Internet facing servers for a company. They want to know, with a high level of confidence, if their servers are vulnerable to external attacks. Your contract states that you can use all tools available to you to pen test the systems. What course of action would you use to generate a report with the lowest false positive rate?

A. Use a vulnerability or port scanner to find listening services and then try to exploitthose services.

B. Log into the system and record the patch levels of each service then generate areport that lists known vulnerabilities for all the running services.

C. Use a vulnerability scanner to generate a report of vulnerable services.

D. Use a port scanner to find open service ports and generate a report listing allvulnerabilities associated with those listening services.

正確答案: A

問題2

What is the purpose of die following command:
nc.exe -I -p 2222 -e cmd.exe

A. It is used to start a listener linked to cmd.exe on port 2222 TCP

B. It is used to start a persistent listener linked to cmd.exe on port 2222 TCP

C. It is used to start a listener linked to cmd.exe on port 2222 UDP

D. It is used to start a persistent listener linked to cmd.exe on port 2222 UDP

正確答案: C

問題3

Mark works as a Network Administrator for NetTech Inc. Several employees of the company work from the remote locations. The company provides a dial-up connection to employees to connect to the company's network using remote access service. Mark wants to implement call back feature for the employees who are dialing for long distance. Which of the following protocols will he use for remote access services to accomplish the task?

A. SLIP

B. UDP

C. WEP

D. PPP

正確答案: D

問題4

Raw netcat shells and telnet terminals share which characteristic?

A. Ability to adapt output to the size of display window

B. Ability to process standard output control sequences.

C. Shells and terminals are exactly the same.

D. Ability to send commands to a target machine.

正確答案: B

說明：（僅 Fast2test 成員可見）

問題5

You work as a Network Administrator in the Secure Inc. Your company is facing various network attacks due to the insecure wireless network. You are assigned a task to secure your wireless network. For this, you have turned off broadcasting of the SSID. However, the unauthorized users are still able to connect to the wireless network. Which of the following statements can be the reason for this issue?
Each correct answer represents a complete solution. Choose all that apply.

A. You have forgotten to turn off DHCP.

B. You are using the default SSID.

C. You are using WPA2 security scheme.

D. The SSID is still sent inside both client and AP packets.

正確答案: A,B,D

問題6

Why is OSSTMM beneficial to the pen tester?

A. It includes an automated testing engine similar to Metasploit

B. It provides a legal and contractual framework for testing

C. It provides in-depth knowledge on tools

D. It provides report templates

正確答案: D

說明：（僅 Fast2test 成員可見）

問題7

Which of the following ports is used for NetBIOS null sessions?

A. 143

B. 130

C. 139

D. 131

正確答案: C

問題8

192.168.116.9 Is an IP address forvvww.scanned-server.com. Why are the results from the two scans, shown below, different?

A. John.rec

B. John.ini

C. John conf

D. John.pot

正確答案: A

問題9

You have compromised a Windows workstation using Metasploit and have injected the Meterpreter payload into the svchost process. After modifying some files to set up a persistent backdoor you realize that you will need to change the modified and access times of the files to ensure that the administrator can't see the changes you made. Which Meterpreter module would you need to load in order to do this?

A. Stdapi

B. Core

C. Priv

D. Browser

正確答案: D

問題10

Which of the following tools is used to make fake authentication certificates?

A. WinSSLMiM

B. Netcat

C. Obiwan

D. Brutus

正確答案: A

最新的GIAC Certified Penetration Tester - GPEN免費考試真題

聯系我們

站內鏈接

最新更新