Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free GIAC GPEN Practice Exam with Questions & Answers | Set: 7

Questions 61

Which of the following is a WEP weakness that makes it easy to Inject arbitrary clear text packets onto a WEP network?

Options:
A.

Reversible hashes use for IVs

B.

Cryptographically weak CRC32 checksum

C.

RC4 algorithm

D.

Small key space

GIAC GPEN Premium Access
Questions 62

While scanning a remote system that is running a web server with a UDP scan and monitoring the scan with a sniffer, you notice that the target is responding with ICMP Port Unreachable only once a second What operating system is the target likely running?

Options:
A.

Linux

B.

Windows

C.

OpenBSD

D.

Mac OS X

Questions 63

Your company has decided that the risk of performing a penetration test Is too great. You would like to figure out other ways to find vulnerabilities on their systems, which of the following is MOST likely to be a valid alternative?

Options:
A.

Network scope Analysis

B.

Baseline Data Reviews

C.

Patch Policy Review

D.

Configuration Reviews

Questions 64

You are conducting a penetration test for a private contractor located in Singapore. The scope extends to all internal hosts controlled by the company, you have gathered necessary hold-harmless and nondisclosure agreements. Which action by your group can incur criminal liability under Chapter 50a, Computer Misuse Act?

Options:
A.

Exploiting vulnerable web services on internal hosts

B.

Attempts at social engineering employees via telephone calls

C.

Testing denial-of-service tolerance of the communications provider

D.

Cracking password hashes on the corporate domain server

Questions 65

You have connected to a Windows system remotely and have shell access via netcat. While connected to the remote system you notice that some Windows commands work normally while others do not An example of this is shown in the picture below Which of the following best describes why tins is happening?

GPEN Question 65

Options:
A.

Netcat cannot properly interpret certain control characters or Unicode sequences.

B.

The listener executed command.com instead of cmd.exe.

C.

Another application is already running on the port Netcat is listening on.

D.

TheNetcat listener is running with system level privileges.

Questions 66

Analyze the command output below. What action is being performed by the tester?

GPEN Question 66

Options:
A.

Creating user accounts on 10.0.1.4 and testing privileges

B.

Collecting password hashes for users on 10.0.1.4

C.

Attempting to exploit windows File and Print Sharing service

D.

Gathering Security identifiers for accounts on 10.0.1.4

Questions 67

You have compromised a Windows XP system and Injected the Meterpreter payload into the lsass process. While looking over the system you notice that there is a popular password management program on the system. When you attempt to access the file that contains the password you find it is locked. Further investigation reveals that it is locked by the passmgr process. How can you use the Meterpreter to get access to this file?

Options:
A.

Use the getuid command to determine the user context the process is runningunder, then use the imp command to impersonate that user.

B.

use the getpid command to determine the user context the process is runningunder, then use the Imp command to impersonate that user.

C.

Use the execute command to the passmgr executable. That will give you access to

the file.

D.

Use the migrate command to jump to the passmgr process. That will give you accessto the file.

Questions 68

Analyze the command output below, what action is being performed by the tester?

GPEN Question 68

Options:
A.

Displaying a Windows SAM database

B.

Listing available workgroup services

C.

Discovering valid user accounts

D.

Querying locked out user accounts

Questions 69

You suspect that system administrators In one part of the target organization are turning off their systems during the times when penetration tests are scheduled, what feature could you add to the ' Rules of engagement' that could help your team test that part of the target organization?

Options:
A.

Un announced test

B.

Tell response personnel the exact lime the test will occur

C.

Test systems after normal business hours

D.

Limit tests to business hours

Questions 70

In the screen shot below, which selections would you need click in order to intercept and alter all http traffic passing through OWASP ZAP?

GPEN Question 70

Options:
A.

Trap response and continue

B.

Set Break and Continue

C.

Trap request and continue

D.

Continue and drop

Exam Code: GPEN
Certification Provider: GIAC
Exam Name: GIAC Penetration Tester
Last Update: Sep 12, 2025
Questions: 385

GIAC Related Exams

How to pass GIAC GCIA - GCIA – GIAC Certified Intrusion Analyst Practice Test Exam
How to pass GIAC GCIH - GIAC Certified Incident Handler Exam
How to pass GIAC GSEC - GIAC Security Essentials Exam
GISF - GIAC Information Security Fundamentals
GSSP-NET-CSHARP - GIAC GIAC Secure Software Programmer - C#.NET
GSSP-.NET - GIAC GIAC Secure Software Programmer - C#.NET
GCFA - GIACCertified Forensics Analyst
GCPM - GIAC Certified Project Manager Certification Practice Test
GCED - GIAC Certified Enterprise Defender
GSNA - GIAC Systems and Network Auditor
GCCC - GIAC Critical Controls Certification (GCCC)
GSLC - GIAC Security Leadership Certification (GSLC)
GPPA - GIAC Certified Perimeter Protection Analyst
GASF - GIAC Advanced Smartphone Forensics
GCFR - GIAC Cloud Forensics Responder (GCFR)
GIAC Free Access
Get GIAC Full Access

GIAC Free Exams
GIAC Free Exams
Prepare for GIAC certification with free access to reliable study resources and practice tests at Examstrack.