GPEN Online Practice Questions and Answers

Which Metasploitvncinject stager will allow VNC communications from the attacker to a listening port of the attacker's choosing on the victim machine?

A. Vncinject/find.lag

B. Vncinject/reverse.tcp

C. Vncinject/reverse-http

D. Vncinject /bind.tcp

You are conducting a penetration test for a private contractor located in Singapore. The scope extends to all internal hosts controlled by the company, you have gathered necessary hold-harmless and nondisclosure agreements. Which action by your group can incur criminal liability under Chapter 50a, Computer Misuse Act?

A. Exploiting vulnerable web services on internal hosts

B. Attempts at social engineering employees via telephone calls

C. Testing denial-of-service tolerance of the communications provider

D. Cracking password hashes on the corporate domain server

During a penetration test we determine that TCP port 22 is listening on a target host. Knowing that SSHD is the typical service that listens on that port we attempt to validate that assumption with an SSH client but our effort Is unsuccessful. It turns out that it is actually an Apache webserver listening on the port, which type of scan would have helped us to determine what service was listening on port 22?

A. Version scanning

B. Port scanning

C. Network sweeping

D. OS fingerprinting

What is the purpose of die following command:

nc.exe -I -p 2222 -e cmd.exe

A. It is used to start a persistent listener linked to cmd.exe on port 2222 TCP

B. It is used to start a listener linked to cmd.exe on port 2222 TCP

C. It is used to start a listener linked to cmd.exe on port 2222 UDP

D. It is used to start a persistent listener linked to cmd.exe on port 2222 UDP

Why is it important to have a cheat sheet reference of database system tables when performing SQL Injection?

A. This is where sites typically store sensitive information such as credit card numbers.

B. These tables contain a list of allowed database applications

C. The information in these tables will reveal details about the web application's code.

D. These tables contain metadata that can be queried to gain additional helpful information.

Peter, a malicious hacker, obtains e-mail addresses by harvesting them from postings, blogs, DNS listings, and Web pages. He then sends large number of unsolicited commercial e-mail (UCE) messages on these addresses. Which of the following e-mail crimes is Peter committing?

A. E-mail spoofing

B. E-mail Spam

C. E-mail bombing

D. E-mail Storm

Adam works as a professional Computer Hacking Forensic Investigator. He works with the local police. A project has been assigned to him to investigate an iPod, which was seized from a student of the high school. It is suspected that the explicit child pornography contents are stored in the iPod. Adam wants to investigate the iPod extensively. Which of the following operating systems will Adam use to carry out his investigations in more extensive and elaborate manner?

A. Windows XP

B. Mac OS

C. MINIX 3

D. Linux

Which of the following statements are true about NTLMv1?

Each correct answer represents a complete solution. Choose all that apply.

A. It uses the LANMAN hash of the user's password.

B. It is mostly used when no Active Directory domain exists.

C. It is a challenge-response authentication protocol.

D. It uses the MD5 hash of the user's password.

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. On the We-are-secure login page, he enters ='or''=' as a username and successfully logs in to the user page of the Web site. The We-are-secure login page is vulnerable to a __________.

A. Replay attack

B. Land attack

C. SQL injection attack

D. Dictionary attack

You enter the following URL on your Web browser:

http://www.we-are-secure.com/scripts/..%co%af../..%co% af../windows/system32/cmd.exe?/c+dir+c:\

What task do you want to perform?

A. Perform buffer overflow attack.

B. Perform DDoS attack.

C. View the directory list of c drive.

D. Perform DoS attack.

LM hash is one of the password schemes that Microsoft LAN Manager and Microsoft Windows versions prior to the Windows Vista use to store user passwords that are less than 15 characters long. If you provide a password seven characters or less, the second half of the LM hash is always __________.

A. 0xBBD3B435B51504FF

B. 0xAAD3B435B51404FF

C. 0xBBC3C435C51504EF

D. 0xAAD3B435B51404EE

Which of the following can be used to mitigate the evil twin phishing attack?

A. Magic Lantern

B. Obiwan

C. IPSec VPN

D. SARA

Which of the following is the most common method for an attacker to spoof email?

A. Back door

B. Replay attack

C. Man in the middle attack

D. Open relay

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows: Which of the following tools is John using to crack the wireless encryption keys?

A. Kismet

B. AirSnort

C. Cain

D. PsPasswd

Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?

A. Internet layer

B. Application layer

C. Transport Layer

D. Link layer