Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free GIAC GPEN Practice Exam with Questions & Answers | Set: 9

Questions 81

You've been contracted by the owner of a secure facility to try and break into their office in the middle of the night. Your client requested photographs of any sensitive information found as proof of your accomplishments. The job you've been hired to perform is an example of what practice?

Options:
A.

Penetration Testing

B.

Ethical Hacking

C.

Vulnerability Assessing

D.

Security Auditing

GIAC GPEN Premium Access
Questions 82

Which Metasploitvncinject stager will allow VNC communications from the attacker to a listening port of the attacker's choosing on the victim machine?

Options:
A.

Vncinject/find.lag

B.

Vncinject/reverse.tcp

C.

Vncinject/reverse-http

D.

Vncinject /bind.tcp

Questions 83

You are running a vulnerability scan on a remote network and the traffic Is not making It to the target system. You investigate the connection issue and determine that the traffic is making it to the internal interface of your network firewall, but not making. It to the external Interface or to any systems outside your firewall. What is the most likely problem?

Options:
A.

Your network firewall is blocking the traffic

B.

The NAT or pat tables on your network based firewall are filling up and droppingthe traffic

C.

A host based firewall is blocking the traffic

D.

Your ISP Is blocking the traffic

Questions 84

You are performing a vulnerability assessment using Nessus and your clients printers begin printing pages of random text and showing error messages. The client is not happy with the situation. What is the best way to proceed?

Options:
A.

Enable the "Skip all primers" option and re-scan

B.

Ensure Safe Checks is enabled in Nessus scan policies

C.

Remove primer IP addresses from your target list

D.

Verify primers are in scope and tell the client In progress scans cannot be stopped

Questions 85

You are conducting a penetration test for a private company located in the UK. The scope extends to all internal and external hosts controlled by the company. You have gathered necessary hold-harmless and non-disclosure agreements. Which action by your group can incur criminal liability under the computer Misuse Act of 1990?

Options:
A.

Sending crafted packets to internal hosts in an attempt to fingerprint the operatingsystems

B.

Recovering the SAM database of the domain server and attempting to crackpasswords

C.

Installing a password sniffing program on an employee's personal computer withoutconsent

D.

Scanning open ports on internal user workstations and exploiting vulnerableapplications

Questions 86

As pan or a penetration lest, your team is tasked with discovering vulnerabilities that could be exploited from an inside threat vector. Which of the following activities fall within that scope?

Options:
A.

SQL injection attacks against the hr intranet website.

B.

A competitor's employee's scanning the company's website.

C.

Wireless "war driving" the company manufacturing site.

D.

Running a Nessus scan from the sales department network.

E.

B, C, and D

F.

A, B. and D

G.

B and D

Questions 87

When DNS is being used for load balancing, why would a penetration tester choose to identify a scan target by its IP address rather than its host name?

Options:
A.

Asingle IP may have multiple domains.

B.

A single domain name can only have one IP address.

C.

Scanning tools only recognize IP addresses

D.

A single domain name may have multiple IP addresses.

Questions 88

What happens when you scan a broadcast IP address of a network?

Each correct answer represents a complete solution. Choose all that apply.

Options:
A.

It leads to scanning of all the IP addresses on that subnet at the same time.

B.

It will show an error in the scanning process.

C.

It may show smurf DoS attack in the network IDS of the victim.

D.

Scanning of the broadcast IP address cannot be performed.

Questions 89

Which of the following attacks allows an attacker to recover the key in an RC4 encrypted stream from a large number of messages in that stream?

Options:
A.

SYN flood attack

B.

Rainbow attack

C.

Zero Day attack

D.

FMS attack

Questions 90

You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will you use?

Options:
A.

Ettercap

B.

Nmap

C.

Netcraft

D.

Ethereal

Exam Code: GPEN
Certification Provider: GIAC
Exam Name: GIAC Penetration Tester
Last Update: Sep 12, 2025
Questions: 385

GIAC Related Exams

How to pass GIAC GCIA - GCIA – GIAC Certified Intrusion Analyst Practice Test Exam
How to pass GIAC GCIH - GIAC Certified Incident Handler Exam
How to pass GIAC GSEC - GIAC Security Essentials Exam
GCCC - GIAC Critical Controls Certification (GCCC)
GCFA - GIACCertified Forensics Analyst
GCFW - GIAC Certified Firewall Analyst
GASF - GIAC Advanced Smartphone Forensics
GSSP-Java - GIAC Secure Software Programmer – Java
GPYC - GIAC Python Coder (GPYC)
GISF - GIAC Information Security Fundamentals
GPPA - GIAC Certified Perimeter Protection Analyst
GICSP - Global Industrial Cyber Security Professional (GICSP)
G2700 - GIAC Certified ISO-2700 Specialist Practice Test
GISP - GIAC Information Security Professional
GSSP-.NET - GIAC GIAC Secure Software Programmer - C#.NET
GIAC Free Access
Get GIAC Full Access

GIAC Free Exams
GIAC Free Exams
Prepare for GIAC certification with free access to reliable study resources and practice tests at Examstrack.