GPEN GIAC Exam Questions and Free Practice Test

Question 13

- (Topic 1)
What concept do Rainbow Tables use to speed up password cracking?

A. Fast Lookup Crack Tables

B. Memory Swap Trades

C. Disk Recall Cracking

D. Time-Memory Trade-off

Correct Answer:D
Reference:
http://en.wikipedia.org/wiki/Space–time_tradeoff

Question 14

- (Topic 1)
You are pen testing a network and have shell access to a machine via Netcat. You try to use ssh to access another machine from the first machine. What is the expected result?

A. The ssh connection will succeed If you have root access on the intermediate machine

B. The ssh connection will fail

C. The ssh connection will succeed

D. The ssh connection will succeed if no password required

Correct Answer:C

Question 15

- (Topic 2)
Which of the following is the most common method for an attacker to spoof email?

A. Back door

B. Replay attack

C. Man in the middle attack

D. Open relay

Correct Answer:D

Question 16

CORRECT TEXT - (Topic 4)
Fill in the blank with the appropriate act name.
The ____act gives consumers the right to ask emailers to stop spamming them.

Correct Answer:CAN-SPAM

Question 17

- (Topic 1)
You have been contracted to penetration test an e-mail server for a client that wants to know for sure if the sendmail service is vulnerable to any known attacks. You have permission to run any type of test, how will you proceed to give the client the most valid answer?

A. Run all known sendmail exploits against the server and see if you can compromisethe service, even if it crashed the machine or service

B. Run a banner grabbing vulnerability checker to determine the sendmail version andpatch level, then look up and report all the vulnerabilities that exist for that versionand patch level

C. Run all sendmail exploits that will not crash the server and see if you cancompromise the service

D. Log into the e-mail and determine the sendmail version and patch level, then lookup and report all the vulnerabilities that exist for that version and patch level

Correct Answer:C

Question 18

- (Topic 3)
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. John has gained the access to the network of the organization and placed a backdoor in the network. Now, he wants to clear all event logs related to previous hacking attempts. Which of the following tools can John use if we-are-secure.com is using the Windows 2000 server?
Each correct answer represents a complete solution. Choose two.

A. elsave.exe

B. WinZapper

C. AuditPol

D. Blindside

Correct Answer:AB

START GPEN EXAM