Latest GPEN Practice Tests

Premium

GPEN Dumps - Full Mock Test

GIAC Certified Penetration Tester

385 Questions
120 MINUTES
2024-11-07 Updated

Full Access

QUESTION 31

- (Topic 4)
Which of the following is an open source Web scanner?

A. Nikto
B. GFI LANguird
C. NetRecon
D. Internet scanner

Correct Answer: A

QUESTION 32

- (Topic 2)
The employees of EWS Inc. require remote access to the company's Web servers. In order to provide solid wireless security, the company uses EAP-TLS as the authentication protocol. Which of the following statements are true about EAP-TLS?
Each correct answer represents a complete solution. Choose all that apply.

A. It provides a moderate level of securit
B. It uses password hash for client authenticatio
C. It uses a public key certificate for server authenticatio
D. It is supported by all manufacturers of wireless LAN hardware and softwar

Correct Answer: CD

QUESTION 33

- (Topic 1)
While performing an assessment on a banking site, you discover the following link:
hnps://mybank.com/xfer.aspMer_toMaccount_number]&amount-[dollars]
Assuming authenticated banking users can be lured to your web site, which crafted html
tag may be used to launch a XSRF attack?

A. <imgsrc-"java script alert (‘document cookie'):">
B. <scripi>alert('hnps:/'mybank.com/xfer.a$p?xfer_io-[attacker_account]&amoutn-[dollars]')</script>
C. <scripr>document.\write('hTtp$://mybankxom/xfer.a$p?xfer_to-[attacker.accountl &amount-[dollars)</script>
D. <img src-'https/mybank.com/xfer.asp?xfer_to=[artacker_account]&amount= [dollars]">

Correct Answer: C

QUESTION 34

- (Topic 4)
Which of the following is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards and also detects wireless networks marking their relative position with a GPS?

A. Kismet
B. NetStumbler
C. Ettercap
D. Tcpdump

Correct Answer: B

QUESTION 35

- (Topic 1)
Which of the following best explains why you would warn to clear browser slate (history. cache, and cookies) between examinations of web servers when you've been trapping and altering values with a non-transparent proxy?

A. Values trapped and stored in the browser will reveal the techniques you've used toexamine the web server
B. Trapping and changing response values is beneficial for web site testing but usingthe same cached values in your browser will prevent you from being able to changethose value
C. Trapping and changing response values is beneficial for web site testing but willcause browser instability if not cleare
D. Values trapped and changed in the proxy, such as a cookie, will be stored by thebrowser and may impact further testin

Correct Answer: D