GIAC GIAC Information Security GPEN Questions & Answers

• Question 371:

  You have compromised a Windows workstation using Metasploit and have injected the Meterpreter payload into the svchost process. After modifying some files to set up a persistent backdoor you realize that you will need to change the modified and access times of the files to ensure that the administrator can't see the changes you made. Which Meterpreter module would you need to load in order to do this?

  A. Core

  B. Priv

  C. Stdapi

  D. Browser

  Correct Answer: D

• Question 372:

  Which of the following describes the direction of the challenges issued when establishing a wireless (IEEE 802.11) connection?

  A. One-way, the client challenges the access point

  B. One-way, the access point challenges the client

  C. No challenges occur (or wireless connection

  D. Two-way, both the client and the access point challenge each other

  Correct Answer: D

• Question 373:

  You have gained shell on a Windows host and want to find other machines to pivot to, but the rules of engagement state that you can only use tools that are already available. How could you find other machines on the target network?

  A. Use the "ping" utility to automatically discover other hosts

  B. Use the "ping" utility in a for loop to sweep the network.

  C. Use the "edit" utility to read the target's HOSTS file.

  D. Use the "net share" utility to see who is connected to local shared drives.

  Correct Answer: B

  Reference: http://www.slashroot.in/what-ping-sweep-and-how-do-ping-sweep

• Question 374:

  A penetration tester obtains telnet access to a target machine using a captured credential. While trying to transfer her exploit to the target machine, the network intrusion detection systems keeps detecting her exploit and terminating her connection. Which of the following actions will help the penetration tester transfer an exploit and compile it in the target system?

  A. Use the http service's PUT command to push the file onto the target machine.

  B. Use the scp service, protocol SSHv2 to pull the file onto the target machine.

  C. Use the telnet service's ECHO option to pull the file onto the target machine

  D. Use the ftp service in passive mode to push the file onto the target machine.

  Correct Answer: D

• Question 375:

  What section of the penetration test or ethical hacking engagement final report is used to detail and prioritize the results of your testing?

  A. Methodology

  B. Conclusions

  C. Executive Summary

  D. Findings

  Correct Answer: C

• Question 376:

  You are pen testing a Windows system remotely via a raw netcat shell. You want to quickly change directories to where the Windows operating system resides, what command could you use?

  A. cd systemroot

  B. cd-

  C. cd /systemroot/

  D. cd %systemroot%

  Correct Answer: C

• Question 377:

  A client with 7200 employees in 14 cities (all connected via high speed WAN connections) has suffered a major external security breach via a desktop which cost them more than SI 72.000 and the loss of a high profile client. They ask you to perform a desktop vulnerability assessment to identify everything that needs to be patched. Using Nessus you find tens of thousands of vulnerabilities that need to be patched. In the report you find workstations running several Windows OS versions and service pack levels, anti-virus software from multiple vendors several major browser versions and different versions of Acrobat Reader. Which of the following recommendations should you provide with the report?

  A. The client should standardize their desktop software

  B. The client should eliminate workstations to reduce workload

  C. The client should hire more people to catch up on patches

  D. The client should perform monthly vulnerability assessments

  Correct Answer: C

• Question 378:

  Which Metasploit payload includes simple upload and download functionality for moving files to and from compromised systems?

  A. DLL inject

  B. Upexec

  C. Meterpreter

  D. Vncinject

  Correct Answer: D

  Reference: http://www.opensourceforu.com/2011/02/metasploit-meterpreter-payload/

• Question 379:

  A junior penetration tester at your firm is using a non-transparent proxy for the first time to test a web server. He sees the web site In his browser but nothing shows up In the proxy. He tells you that he just installed the non-transparent proxy on his computer and didn't change any defaults. After verifying the proxy is running, you ask him to open up his browser configuration, as shown in the figure, which of the following recommendations will correctly allow him to use the transparent proxy with his browser?

  

  A. He should change the PORT: value to match the port used by the non-transparentproxy.

  B. He should select the checkbox "use this proxy server for all protocols" for theproxy to function correctly.

  C. He should change the HTTP PROXY value to 127.0.0.1 since the non-transparentproxy is running on the same machine as the browser.

  D. He should select NO PROXY instead of MANUAL PROXY CONFIGURATION as thissetting is only necessary to access the Internet behind protected networks.

  Correct Answer: C

• Question 380:

  ACME corporation has decided to setup wireless (IEEE 802.11) network in it's sales branch at Tokyo and found that channels 1, 6, 9,11 are in use by the neighboring offices. Which is the best channel they can use?

  A. 4

  B. 5

  C. 10

  D. 2

  Correct Answer: D