GPEN Online Practice Questions and Answers

Which type of Cross-Sire Scripting (XSS> vulnerability is hardest for automated testing tools to detect, and for what reason?

A. Stored XSS. because it may be located anywhere within static or dynamic sitecontent

B. Stored XSS. because it depends on emails and instant messaging systems.

C. Reflected XSS. because It can only be found by analyzing web server responses.

D. Reflected XSS: because it is difficult to find within large web server logs.

You are conducting a penetration test for a private company located in the UK. The scope extends to all internal and external hosts controlled by the company. You have gathered necessary hold-harmless and non-disclosure agreements. Which action by your group can incur criminal liability under the computer Misuse Act of 1990?

A. Sending crafted packets to internal hosts in an attempt to fingerprint the operatingsystems

B. Recovering the SAM database of the domain server and attempting to crackpasswords

C. Installing a password sniffing program on an employee's personal computer withoutconsent

D. Scanning open ports on internal user workstations and exploiting vulnerableapplications

Why is it important to have a cheat sheet reference of database system tables when performing SQL Injection?

A. This is where sites typically store sensitive information such as credit card numbers.

B. These tables contain a list of allowed database applications

C. The information in these tables will reveal details about the web application's code.

D. These tables contain metadata that can be queried to gain additional helpful information.

You work as a professional Ethical Hacker. You are assigned a project to perform blackhat testing on www.we-are-secure.com. You visit the office of we-are-secure.com as an air-condition mechanic. You claim that someone from the office called you saying that there is some fault in the air-conditioner of the server room. After some inquiries/arguments, the Security Administrator allows you to repair the air-conditioner of the server room. When you get into the room, you found the server is Linux-based. You press the reboot button of the server after inserting knoppix Live CD in the CD drive of the server. Now, the server promptly boots backup into Knoppix. You mount the root partition of the server after replacing the root password in the /etc/shadow file with a known password hash and salt. Further, you copy the netcat tool on the server and install its startup files to create a reverse tunnel and move a shell to a remote server whenever the server is restarted. You simply restart the server, pull out the Knoppix Live CD from the server, and inform that the air-conditioner is working properly. After completing this attack process, you create a security auditing report in which you mention various threats such as social engineering threat, boot from Live CD, etc. and suggest the countermeasures to stop booting from the external media and retrieving sensitive data. Which of the following steps have you suggested to stop booting from the external media and retrieving sensitive data with regard to the above scenario? Each correct answer represents a complete solution. Choose two.

A. Setting only the root level access for sensitive data.

B. Encrypting disk partitions.

C. Placing BIOS password.

D. Using password protected hard drives.

You want to scan your network quickly to detect live hosts by using ICMP ECHO Requests. What type of scanning will you perform to accomplish the task?

A. Idle scan

B. TCP SYN scan

C. Ping sweep scan

D. XMAS scan

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. Rick, your assistant, is configuring some laptops for wireless access. For security, WEP needs to be configured for wireless communication. By mistake, Rick configures different WEP keys in a laptop than that is configured on the Wireless Access Point (WAP). Which of the following statements is true in such situation?

A. The laptop will be able to access the wireless network but the security will be compromised

B. The WAP will allow the connection with the guest account's privileges.

C. The laptop will be able to access the wireless network but other wireless devices will be unable to communicate with it.

D. The laptop will not be able to access the wireless network.

Which of the following tools allows you to download World Wide Web sites from the Internet to a local computer?

A. Netcraft

B. HTTrack

C. Netstat

D. Cheops-ng

Which of the following tools are used for footprinting?

Each correct answer represents a complete solution. Choose all that apply.

A. Brutus

B. Sam spade

C. Whois

D. Traceroute

You are concerned about war driving bringing hackers attention to your wireless network. What is the most basic step you can take to mitigate this risk?

A. Implement WEP

B. Implement WPA

C. Don't broadcast SSID

D. Implement MAC filtering

Which of the following options holds the strongest password?

A. Joe12is23good

B. $#164aviD^%

C. california

D. Admin1234