Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: s2p65

Easiest Solution 2 Pass Your Certification Exams

GPEN GIAC Penetration Tester Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GIAC GPEN GIAC Penetration Tester certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

GIAC GPEN Premium Access     Download Demo    
Page: 3 / 6
Total 385 questions

Which of the following is a method of gathering user names from a Linux system?

A.

Displaying the owner information of system-specific binaries

B.

Reviewing the contents of the system log files

C.

Gathering listening services from the xinetd configuration files

D.

Extracting text strings from the system password file

All of the following are advantages of using the Metasploitpriv module for dumping hashes from a local Windows machine EXCEPT:

A.

Doesn't require SMB or NetBIOS access to the target machine

B.

Can run inside of a process owned by any user

C.

Provides less evidence for forensics Investigators to recover

D.

LSASS related reboot problems aren't an Issue

When sniffing wireless frames, the interface mode plays a key role in successfully collecting traffic. Which of the mode or modes are best used for sniffing wireless traffic?

A.

Master Ad-hoc

B.

RFMON

C.

RFMON. Ad-hoc

D.

Ad-hoc

What is the purpose of the following command?

C:\>wmic /node:[target IP] /user:[admin-user]

/password:[password] process call create [command]

A.

Running a command on a remote Windows machine

B.

Creating a service on a remote Windows machine

C.

Creating an admin account on a remote Windows machine

D.

Listing the running processes on a remote windows machine

Identify the network activity shown below;

A.

A sweep of available hosts on the local subnet

B.

A flood of the local switch's CAM table.

C.

An attempt to disassociate wireless clients.

D.

An attempt to impersonate the local gateway

You are pen testing a Windows system remotely via a raw netcat shell. You want to quickly change directories to where the Windows operating system resides, what command could you use?

A.

cd systemroot

B.

cd-

C.

cd /systemroot/

D.

cd %systemroot%

You've been asked to test a non-transparent proxy lo make sure it is working. After confirming the browser is correctly pointed at the proxy, you try to browse a web site. The browser indicates it is "loading" but never displays any part the page. Checking the proxy, you see a valid request in the proxy from your browser. Checking the response to the proxy, you see the results displayed in the accompanying screenshot. Which of the following answers is the most likely reason the browser hasn't displayed the page yet?

A.

The proxy is likely hung and must be restarted.

B.

The proxy is configured to trap responses.

C.

The proxy is configured to trap requests.

D.

The site you are trying to reach is currently down.

ACME corporation has decided to setup wireless (IEEE 802.11) network in it's sales branch at Tokyo and found that channels 1, 6, 9,11 are in use by the neighboring offices. Which is the best channel they can use?

A.

4

B.

5

C.

10

D.

2

Which Metasploit payload includes simple upload and download functionality for moving files to and from compromised systems?

A.

DLL inject

B.

Upexec

C.

Meterpreter

D.

Vncinject

What problem occurs when executing the following command from within a netcat raw shell? sudo cat /etc/shadow

A.

Sudo does not work at all from a shell

B.

Sudo works fine if the user and command are both in the /etc/sudoers file

C.

The display blanks after typing the sudo command

D.

You will not be able to type the password at the password prompt

Raw netcat shells and telnet terminals share which characteristic?

A.

Ability to send commands to a target machine.

B.

Ability to adapt output to the size of display window

C.

Shells and terminals are exactly the same.

D.

Ability to process standard output control sequences.

Analyze the screenshot below. What type of vulnerability is being attacked?

A.

Windows Server service

B.

Internet Explorer

C.

Windows Powershell

D.

Local Security Authority

What is the purpose of die following command:

nc.exe -I -p 2222 -e cmd.exe

A.

It is used to start a persistent listener linked to cmd.exe on port 2222 TCP

B.

It is used to start a listener linked to cmd.exe on port 2222 TCP

C.

It is used to start a listener linked to cmd.exe on port 2222 UDP

D.

It is used to start a persistent listener linked to cmd.exe on port 2222 UDP

What is the main difference between LAN MAN and NTLMv1 challenge/responses?

A.

NTLMv1 only pads IS bytes, whereas LANMAN pads to 21 bytes

B.

NTLMv1 starts with the NT hash, whereas LANMAN starts with the LANMAN hash

C.

NTLMv1utilizes DES, whereas LANMAN utilizes MD4

D.

NTLMv1 splits the hash into 3 eight-byte pieces, whereas LAN MAN splits the hash Into 3 seven-byte pieces

You are performing a wireless penetration lest and are currently looking for rogue access points in one of their large facilities. You need to select an antenna that you can setup in a building and monitor the area for several days to see if any access points are turned on during the duration of the test. What type of antenna will you be selecting for this task?

A.

High gain and Omni-Directional

B.

High gain and Directional

C.

Low gain and Omni-Directional

D.

Low gain and Directional

A pen tester is able to pull credential information from memory on a Windows system. Based on the command and output below, what advantage does this technique give a penetration tester when trying to access another windows system on the network?

A.

The technique is more effective through perimeter firewalls than otherauthentication attacks.

B.

It allows the tester to escalate the privilege level of the account,

C.

Access to the system can be gained without password guessing or cracking.

D.

Salts are removed from the hashes to allow for faster, offline cracking

Which of the following modes describes a wireless interface that is configured to passively grab wireless frames from one wireless channel and pass them to the operating system?

A.

Monitor Mode

B.

Promiscuous Mode

C.

Managed Mode

D.

Master Mode

You've been contracted by the owner of a secure facility to try and break into their office in the middle of the night. Your client requested photographs of any sensitive information found as proof of your accomplishments. The job you've been hired to perform is an example of what practice?

A.

Penetration Testing

B.

Ethical Hacking

C.

Vulnerability Assessing

D.

Security Auditing

John works as a Professional Ethical Hacker for we-are-secure Inc. The company is using a Wireless network. John has been assigned the work to check the security of WLAN of we-aresecure.

For this, he tries to capture the traffic, however, he does not find a good traffic to analyze data. He has already discovered the network using the ettercap tool. Which of the following tools can he use to generate traffic so that he can crack the Wep keys and enter into the network?

A.

ICMP ping flood tool

B.

Kismet

C.

Netstumbler

D.

AirSnort

Which of the following password cracking tools can work on the Unix and Linux environment?

A.

Brutus

B.

Cain and Abel

C.

Ophcrack

D.

John the Ripper

GIAC GPEN Premium Access     Download Demo    
Page: 3 / 6
Total 385 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved