Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams


Free GPEN Sample Questions:

Q: 1
What happens when you scan a broadcast IP address of a network?
Each correct answer represents a complete solution. Choose all that apply.
A. It may show smurf DoS attack in the network IDS of the victim.
B. Scanning of the broadcast IP address cannot be performed.
C. It leads to scanning of all the IP addresses on that subnet at the same time.
D. It will show an error in the scanning process.
Answer: A,C

Q: 2
Which of the following attacks allows an attacker to sniff data frames on a local area network(LAN) or stop the traffic altogether?
A. Session hijacking
B. Port scanning
C. Man-in-the-middle
D. ARP spoofing
Answer: D

Q: 3
Which of the following penetration testing phases involves gathering data from whois, DNS, and network scanning, which helps in mapping a target network and provides valuable information regarding the operating system and applications running on the systems?
A. On-attack phase
B. Attack phase
C. Post-attack phase
D. Pre-attack phase
Answer: D

Q: 4
You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com Website. The Web server is using Linux operating system. When you port scanned the Web server, you got that TCP port 23, 25, and 53 are open. When you tried to telnet to port 23, you got a blank screen in response. When you tried to type the dir, copy, date, del, etc. commands you got only blank spaces or underscores symbols on the screen. What may be the reason of such unwanted situation?
A. The server is using a TCP wrapper.
B. The telnet service of has corrupted.
C. The telnet session is being affected by the stateful inspection firewall.
D. The server is using honeypot.
Answer: A

Q: 5
Which of the following tools uses exploits to break into remote operating systems?
A. Nessus
B. Metasploit framework
C. John the Ripper
D. Nmap
Answer: B

Q: 6
Which of the following tools can be used to perform Windows password cracking, Windows enumeration, and VoIP session sniffing?
A. John the Ripper
B. L0phtcrack
C. Cain
D. Pass-the-hash toolkit
Answer: C

Q: 7
You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com Web site. For this, you want to perform the idle scan so that you can get the ports open in the server. You are using Hping tool to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented on every query, regardless whether the ports are open or close. Sometimes, IPID is being incremented by more than one value. What may be the reason?
A. The zombie computer is the system interacting with some other system besides your computer.
B. The firewall is blocking the scanning process.
C. The zombie computer is not connected to the Web server.
D. Hping does not perform idle scanning.
Answer: A

Q: 8
Which of the following is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards and also detects wireless networks marking their relative position with a GPS?
A. Kismet
B. Ettercap
C. Tcpdump
D. NetStumbler
Answer: D

Q: 9
Which of the following tools is used to verify the network structure packets and confirm that the packets are constructed according to specification?
A. AirSnort
B. snort_inline
C. Snort decoder
D. EtherApe
Answer: C

Q: 10
Which of the following tools is used for vulnerability scanning and calls Hydra to launch a dictionary attack?
B. Whishker
C. Nessus
D. Nmap
Answer: C

Q: 11
John works as a Penetration Tester in a security service providing firm named you-are-secure Inc.
Recently, John's company has got a project to test the security of a promotional Website and assigned the pen-testing work to John. When John is performing penetration testing, he inserts the following script in the search box at the company home page:
<script>alert('Hi, John')</script>
After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John."
Which of the following attacks can be performed on the Web site tested by john while considering the above scenario?
A. CSRF attack
B. Replay attack
C. Buffer overflow attack
D. XSS attack
Answer: D

Q: 12
You execute the following netcat command:
c:\target\nc -1 -p 53 -d -e cmd.exe
What action do you want to perform by issuing the above command?
A. Capture data on port 53 and performing banner grabbing.
B. Listen the incoming traffic on port 53 and execute the remote shell.
C. Capture data on port 53 and delete the remote shell.
D. Listen the incoming data and performing port scanning.
Answer: B

Q: 13
John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-are-secure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?
A. Use the mysql_real_escape_string() function for escaping input
B. Use the escapeshellarg() function
C. Use the escapeshellcmd() function
D. Use the session_regenerate_id() function
Answer: A

Q: 14
You work as a professional Ethical Hacker. You are assigned a project to perform blackhat testing on You visit the office of as an aircondition mechanic. You claim that someone from the office called you saying that there is some fault in the air-conditioner of the server room. After some inquiries/arguments, the Security Administrator allows you to repair the air-conditioner of the server room.
When you get into the room, you found the server is Linux-based. You press the reboot button of the server after inserting knoppix Live CD in the CD drive of the server. Now, the server promptly boots backup into Knoppix. You mount the root partition of the server after replacing the root password in the /etc/shadow file with a known password hash and salt.
Further, you copy the netcat tool on the server and install its startup files to create a reverse tunnel and move a shell to a remote server whenever the server is restarted. You simply restart the server, pull out the Knoppix Live CD from the server, and inform that the airconditioner is working properly.
After completing this attack process, you create a security auditing report in which you mention various threats such as social engineering threat, boot from Live CD, etc. and suggest the countermeasures to stop booting from the external media and retrieving sensitive data. Which of the following steps have you suggested to stop booting from the external media and retrieving sensitive data with regard to the above scenario?
Each correct answer represents a complete solution. Choose two.
A. Setting only the root level access for sensitive data.
B. Encrypting disk partitions.
C. Placing BIOS password.
D. Using password protected hard drives.
Answer: B,D

Q: 15
Which of the following attacks can be overcome by applying cryptography?
A. DoS
B. Buffer overflow
C. Sniffing
D. Web ripping
Answer: C

© 2014, All Rights Reserved