GPEN Online Practice Questions and Answers

Which Metasploitvncinject stager will allow VNC communications from the attacker to a listening port of the attacker's choosing on the victim machine?

A. Vncinject/find.lag

B. Vncinject/reverse.tcp

C. Vncinject/reverse-http

D. Vncinject /bind.tcp

How can web server logs be leveraged to perform Cross-Site Scripting (XSSI?

A. Web logs containing XSS may execute shell scripts when opened In a GUI textbrowser

B. XSS attacks cause web logs to become unreadable and therefore are an effective DOS attack.

C. If web logs are viewed in a web-based console, log entries containing XSS mayexecute on the browser.

D. When web logs are viewed in a terminal. XSS can escape to the shell and executecommands.

What is the impact on pre-calculated Rainbow Tables of adding multiple salts to a set of passwords?

A. Salts increases the time to crack the original password by increasing the number oftables that must be calculated.

B. Salts double the total size of a rainbow table database.

C. Salts can be reversed or removed from encoding quickly to produce unsaltedhashes.

D. Salts have little effect because they can be calculated on the fly with applicationssuch as Ophcrack.

All of the following are advantages of using the Metasploitpriv module for dumping hashes from a local Windows machine EXCEPT:

A. Doesn't require SMB or NetBIOS access to the target machine

B. Can run inside of a process owned by any user

C. Provides less evidence for forensics Investigators to recover

D. LSASS related reboot problems aren't an Issue

Why is OSSTMM beneficial to the pen tester?

A. It provides a legal and contractual framework for testing

B. It provides in-depth knowledge on tools

C. It provides report templates

D. It includes an automated testing engine similar to Metasploit

Which of the following tools uses exploits to break into remote operating systems?

A. Nessus

B. Metasploit framework

C. Nmap

D. John the Ripper

You want to run the nmap command that includes the host specification of 202.176.56-57.*. How many hosts will you scan?

A. 512

B. 64

C. 1024

D. 256

Which of the following is generally practiced by the police or any other recognized governmental authority?

A. Spoofing

B. Wiretapping

C. Phishing

D. SMB signing

What happens when you scan a broadcast IP address of a network?

Each correct answer represents a complete solution. Choose all that apply.

A. It leads to scanning of all the IP addresses on that subnet at the same time.

B. It will show an error in the scanning process.

C. It may show smurf DoS attack in the network IDS of the victim.

D. Scanning of the broadcast IP address cannot be performed.

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the We-aresecure server. Which of the following are countermeasures against a brute force attack? Each correct answer represents a complete solution. Choose all that apply.

A. The site should increase the encryption key length of the password.

B. The site should restrict the number of login attempts to only three times.

C. The site should force its users to change their passwords from time to time.

D. The site should use CAPTCHA after a specific number of failed login attempts.