GIAC Penetration Tester

Here you have the best GIAC GPEN practice exam questions

You have 79 total questions to study from
Each page has 5 questions, making a total of 16 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on May 24, 2025
This site is not affiliated with or endorsed by GIAC.

Question 1 of 79

ACME corporation has decided to setup wireless (IEEE 802.11) network in it's sales branch at Tokyo and found that channels 1, 6, 9,11 are in use by the neighboring offices. Which is the best channel they can use?

Correct Answer: A

Channels in the IEEE 802.11 wireless networks overlap with their adjacent channels. The non-overlapping channels usually utilized are 1, 6, and 11. Given that channels 1, 6, 9, and 11 are already in use, the best option would be channel 4 as it offers the least interference compared to others. It is far enough from channels 1, 6, and 11 to avoid significant overlap but still might slightly overlap with channel 6. Nonetheless, it presents the least interference among the given options.

Question 2 of 79

Which Metasploitvncinject stager will allow VNC communications from the attacker to a listening port of the attacker's choosing on the victim machine?

Vncinject/find.lag

Vncinject/reverse.tcp

Vncinject/reverse-http

Vncinject /bind.tcp

Correct Answer: B

Question 3 of 79

What is the MOST important document to obtain before beginning any penetration testing?

Project plan

Exceptions document

Project contact list

A written statement of permission

Correct Answer: D

The most important document to obtain before beginning any penetration testing is a written statement of permission. This document serves as legal consent from the organization authorizing the penetration testing activities. It ensures that the testers are legally protected and outlines the boundaries and scope of the testing activities. Without this document, any testing could be considered unauthorized and illegal.

Question 4 of 79

While reviewing traffic from a tcpdump capture, you notice the following commands being sent from a remote system to one of your web servers:

C:\>sc winternet.host.com create ncservicebinpath- "c:\tools\ncexe -I -p 2222 -e cmd.exe"

C:\>sc vJnternet.host.com query ncservice.

What is the intent of the commands?

The first command creates a backdoor shell as a service. It is being started on TCP2222 using cmd.exe. The second command verifies the service is created and itsstatus.

The first command creates a backdoor shell as a service. It is being started on UDP2222 using cmd.exe. The second command verifies the service is created and itsstatus.

This creates a service called ncservice which is linked to the cmd.exe command andits designed to stop any instance of nc.exe being run. The second command verifiesthe service is created and its status.

The first command verifies the service is created and its status. The secondcommand creates a backdoor shell as a service. It is being started on TCP

Correct Answer: A

The first command creates a backdoor shell as a service. It uses 'sc' to create a service named 'ncservice' that will run 'ncexe' with parameters to start a listener on TCP port 2222 and execute cmd.exe. The second command queries the status of the created service to ensure it has been set up correctly.

Question 5 of 79

Which of the following best describes a client side exploit?

Attack of a client application that retrieves content from the network

Attack that escalates user privileged to root or administrator

Attack of a service listening on a client system

Attack on the physical machine

Correct Answer: A

A client side exploit targets a client application that retrieves content from the network. This involves attacking software such as web browsers, email clients, and other applications that connect to the internet, often using malicious content or scripts delivered via email, web pages, or other internet-based means.