Vous allez choisir Pass4Test après essayer une partie de Q&A GIAC GPEN (gratuit à télécharger). Le guide d'étude produit par Pass4Test est une assurance 100% à vous aider à réussir le test Certification GIAC GPEN.
L'équipe de Pass4Test se composant des experts dans le domaine IT. Toutes les Q&As sont examinées par nos experts. Les Q&As offertes par Pass4Test sont réputées pour sa grande couverture ( presque 100%) et sa haute précision. Vous pouvez trouver pas mal de sites similaires que Pass4Test, ces sites peut-être peuvent vous offrir aussi les guides d'études ou les services en ligne, mais on doit admettre que Pass4Test peut être la tête de ces nombreux sites. La mise à jour, la grande couverture des questions, la haute précision des réponses nous permettent à augmenter le taux à réussir le test Certification GIAC GPEN. Tous les points mentionnés ci-dessus seront une assurance 100% pour votre réussite de test Certification GIAC GPEN.
Nous assurons seulement le succès de test certification, mais encore la mise à jour est gratuite pour vous. Si vous ne pouvez pas passer le test, votre argent sera 100% rendu. Toutefois, cette possibilité n'est presque pas de se produire. Vous pouvez tout d'abord télécharger le démo gratuit pour prendre un essai.
Bien qu'Il y ait plein de talentueux dans cette société, il manque beaucoup de professionnels dans les domaine en cours de développement, l'Industrie IT est l'un de ces domaines. Donc le test GIAC GPEN est un bon l'examination de technique informatique. Pass4Test est un site d'offrir la formation particulière au test GIAC GPEN.
Code d'Examen: GPEN
Nom d'Examen: GIAC (GIAC Certified Penetration Tester)
Questions et réponses: 384 Q&As
Vous aurez une assurance 100% à réussir le test GIAC GPEN si vous choisissez le produit de Pass4Test. Si malheuresement, vous ne passerez pas le test, votre argent seront tout rendu.
GPEN Démo gratuit à télécharger: http://www.pass4test.fr/GPEN.html
NO.1 TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the
target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker
and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port
will drop the packet. Which of the following operating systems can be easily identified with the help of TCP
FIN scanning.?
A. Solaris
B. Red Hat
C. Windows
D. Knoppix
Answer: C
GIAC certification GPEN GPEN
NO.2 Which of the following are the limitations for the cross site request forgery (CSRF) attack?
Each correct answer represents a complete solution. Choose all that apply.
A. The target site should have limited lifetime authentication cookies.
B. The attacker must target a site that doesn't check the referrer header.
C. The target site should authenticate in GET and POST parameters, not only cookies.
D. The attacker must determine the right values for all the form inputs.
Answer: B,D
GIAC GPEN GPEN GPEN
NO.3 Which of the following attacks is a form of active eavesdropping in which the attacker makes
independent connections with the victims and relays messages between them, making them believe that
they are talking directly to each other over a private connection, when in fact the entire conversation is
controlled by the attacker?
A. DoS
B. Sniffing
C. Man-in-the-middle
D. Brute force
Answer: C
certification GIAC GPEN GPEN GPEN GPEN GPEN
NO.4 A Web developer with your company wants to have wireless access for contractors that come in to work
on various projects. The process of getting this approved takes time. So rather than wait, he has put his
own wireless router attached to one of the network ports in his department. What security risk does this
present?
A. An unauthorized WAP is one way for hackers to get into a network.
B. It is likely to increase network traffic and slow down network performance.
C. This circumvents network intrusion detection.
D. None, adding a wireless access point is a common task and not a security risk.
Answer: A
certification GIAC GPEN GPEN examen GPEN examen GPEN
NO.5 Which of the following statements are true about MS-CHAPv2?
Each correct answer represents a complete solution. Choose all that apply.
A. It is a connectionless protocol.
B. It can be replaced with EAP-TLS as the authentication mechanism for PPTP.
C. It provides an authenticator-controlled password change mechanism.
D. It is subject to offline dictionary attacks.
Answer: B,C,D
GIAC GPEN GPEN GPEN examen
NO.6 You work as a Network Administrator for Net World International. The company has a Windows Active
Directory-based single domain single forest network. The functional level of the forest is Windows Server
2003. There are ten Sales Managers in the company. The company has recently provided laptops to all its
Sales Managers. All the laptops run Windows XP Professional. These laptops will be connected to the
company's network through wireless connections. The company's management wants to implement
Shared Key authentication for these laptops. When you try to configure the network interface card of one
of the laptops for Shared Key authentication, you find no such option. What will you do to enable Shared
Key authentication?
A. Install PEAP-MS-CHAP v2
B. Install Service Pack 1
C. Enable WEP
D. Install EAP-TLS
Answer: C
GIAC certification GPEN GPEN GPEN examen GPEN
NO.7 Which of the following is NOT an example of passive footprinting?
A. Scanning ports.
B. Analyzing job requirements.
C. Performing the whois query.
D. Querying the search engine.
Answer: A
GIAC examen GPEN examen GPEN examen
NO.8 Which of the following tools is used to verify the network structure packets and confirm that the packets
are constructed according to specification?
A. EtherApe
B. Snort decoder
C. AirSnort
D. snort_inline
Answer: B
GIAC examen certification GPEN GPEN
NO.9 Adam works on a Linux system. He is using Sendmail as the primary application to transmit emails.
Linux uses Syslog to maintain logs of what has occurred on the system. Which of the following log files
contains e-mail information such as source and destination IP addresses, date and time stamps etc?
A. /log/var/logd
B. /var/log/logmail
C. /log/var/mailog
D. /var/log/mailog
Answer: D
GIAC certification GPEN certification GPEN GPEN examen GPEN
NO.10 Which of the following statements are true about WPA?
Each correct answer represents a complete solution. Choose all that apply.
A. WPA-PSK converts the passphrase into a 256-bit key.
B. WPA provides better security than WEP.
C. WPA-PSK requires a user to enter an 8-character to 63-character passphrase into a wireles s client.
D. Shared-key WPA is vulnerable to password cracking attacks if a weak passphrase is used.
Answer: A,B,C,D
certification GIAC GPEN certification GPEN
NO.11 You want to integrate the Nikto tool with nessus vulnerability scanner. Which of the following steps will
you take to accomplish the task?
Each correct answer represents a complete solution. Choose two.
A. Restart nessusd service.
B. Place nikto.pl file in the /var/www directory.
C. Place nikto.pl file in the /etc/nessus directory.
D. Place the directory containing nikto.pl in root's PATH environment variable.
Answer: A,D
GIAC GPEN GPEN examen GPEN examen
NO.12 Which of the following are the scanning methods used in penetration testing?
Each correct answer represents a complete solution. Choose all that apply.
A. Vulnerability
B. Port
C. Network
D. Services
Answer: A,B,C
GIAC GPEN examen GPEN examen GPEN
NO.13 Which of the following types of cyber stalking damage the reputation of their victim and turn other
people against them by setting up their own Websites, blogs or user pages for this purpose?
A. Encouraging others to harass the victim
B. False accusations
C. Attempts to gather information about the victim
D. False victimization
Answer: B
certification GIAC certification GPEN GPEN examen
NO.14 An executive in your company reports odd behavior on her PDA. After investigation you discover that a
trusted device is actually copying data off the PDA. The executive tells you that the behavior started
shortly after accepting an e-business card from an unknown person. What type of attack is this?
A. Session Hijacking
B. PDA Hijacking
C. Privilege Escalation
D. Bluesnarfing
Answer: D
certification GIAC certification GPEN GPEN certification GPEN
NO.15 Which of the following options holds the strongest password?
A. california
B. $#164aviD
没有评论:
发表评论