• Home
  • Blogs
  • Free GPEN pdf Files With Updated and Accurate Dumps Training [Q176-Q191]

Free GPEN pdf Files With Updated and Accurate Dumps Training [Q176-Q191]

Share

Free GPEN pdf Files With Updated and Accurate Dumps Training

Top-Class GPEN Question Answers Study Guide

NEW QUESTION # 176
You run the following PHP script:
<?php $name = mysql_real_escape_string($_POST["name"]);
$password = mysql_real_escape_string($_POST["password"]);?>
What is the use of the mysql_real_escape_string() function in the above script.
Each correct answer represents a complete solution. Choose all that apply

  • A. It can be used to mitigate a cross site scripting attack.
  • B. It escapes all special characters from strings $_POST["name"] and $_POST["password"].
  • C. It can be used as a countermeasure against a SQL injection attack.
  • D. It escapes all special characters from strings $_POST["name"] and $_POST["password"] except ' and ".

Answer: B,C


NEW QUESTION # 177
While performing a code audit, you discover a SQL injection vulnerability assuming the following vulnerable query, what user input could be injected to make the query true and return data?
select * from widgets where name = '[user-input]';

  • A. 'or 1=1--
  • B. 'or l=l...
  • C. 'or l=1'
  • D. 'or 1=1

Answer: C


NEW QUESTION # 178
LM hash is one of the password schemes that Microsoft LAN Manager and Microsoft Windows versions prior to the Windows Vista use to store user passwords that are less than 15 characters long. If you provide a password seven characters or less, the second half of the LM hash is always
__________.

  • A. 0xAAD3B435B51404EE
  • B. 0xBBC3C435C51504EF
  • C. 0xAAD3B435B51404FF
  • D. 0xBBD3B435B51504FF

Answer: A

Explanation:
Section: Volume C


NEW QUESTION # 179
Adam works as a professional Computer Hacking Forensic Investigator. He works with the local police. A project has been assigned to him to investigate an iPod, which was seized from a student of the high school. It is suspected that the explicit child pornography contents are stored in the iPod. Adam wants to investigate the iPod extensively. Which of the following operating systems will Adam use to carry out his investigations in more extensive and elaborate manner?

  • A. Mac OS
  • B. MINIX 3
  • C. Windows XP
  • D. Linux

Answer: A

Explanation:
Section: Volume B


NEW QUESTION # 180
You have compromised a Windows XP system and Injected the Meterpreter payload into the lsass process. While looking over the system you notice that there is a popular password management program on the system. When you attempt to access the file that contains the password you find it is locked. Further investigation reveals that it is locked by the passmgr process. How can you use the Meterpreter to get access to this file?

  • A. Use the getuid command to determine the user context the process is runningunder, then use the imp command to impersonate that user.
  • B. Use the execute command to the passmgr executable. That will give you access to the file.
  • C. Use the migrate command to jump to the passmgr process. That will give you accessto the file.
  • D. use the getpid command to determine the user context the process is runningunder, then use the Imp command to impersonate that user.

Answer: B


NEW QUESTION # 181
Which of the following tools can be used for cracking the password of Server Message Block (SMB)?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Pwddump2
  • B. KrbCrack
  • C. SMBRelay
  • D. L0phtCrack

Answer: C,D


NEW QUESTION # 182
You work as a Network Administrator in the SecureTech Inc. The SecureTech Inc. is using Linuxbased server. Recently, you have updated the password policy of the company in which the server will disable passwords after four trials. What type of attack do you want to stop by enabling this policy?

  • A. Cookie poisoning
  • B. Brute force
  • C. XSS
  • D. Replay

Answer: B


NEW QUESTION # 183
TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop the packet. Which of the following operating systems can be easily identified with the help of TCP FIN scanning?

  • A. Knoppix
  • B. Red Hat
  • C. Solaris
  • D. Windows

Answer: D


NEW QUESTION # 184
CORRECT TEXT
Fill in the blank with the appropriate tool name.
__________is a wireless network cracking tool that exploits the vulnerabilities in the RC4 Algorithm, which comprises the WEP security parameters.

Answer:

Explanation:
WEPcrack


NEW QUESTION # 185
All of the following are advantages of using the Metasploitpriv module for dumping hashes from a local Windows machine EXCEPT:

  • A. LSASS related reboot problems aren't an Issue
  • B. Doesn't require SMB or NetBIOS access to the target machine
  • C. Provides less evidence for forensics Investigators to recover
  • D. Can run inside of a process owned by any user

Answer: D

Explanation:
Reference:
http://www.vita.virginia.gov/uploadedFiles/VITA_Main_Public/Security/Meetings/ISOAG/2012/201
2 _Jan_ISOAG.pdf


NEW QUESTION # 186
You have inserted a Trojan on your friend's computer and you want to put it in the startup so that whenever the computer reboots the Trojan will start to run on the startup. Which of the following registry entries will you edit to accomplish the task?

  • A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Start
  • B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Auto
  • C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Startup
  • D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Answer: D


NEW QUESTION # 187
Which of the following file transfer programs will automatically convert end-of line characters between different platforms when placed in ASCII Mode?

  • A. nc
  • B. tftp
  • C. ftp
  • D. scp

Answer: C

Explanation:
Section: Volume A
Explanation/Reference:
https://wiki.filezilla-project.org/Data_Type


NEW QUESTION # 188
Which of the following are considered Bluetooth security violations?
Each correct answer represents a complete solution. Choose two.

  • A. Cross site scripting attack
  • B. Bluesnarfing
  • C. Bluebug attack
  • D. Social engineering
  • E. SQL injection attack

Answer: B,C

Explanation:
Section: Volume D


NEW QUESTION # 189
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He enters the following command on the
Linux terminal:chmod 741 secure.c
Considering the above scenario, which of the following statements are true?
Each correct answer represents a complete solution. Choose all that apply.

  • A. John is restricting a guest to only write or execute the secure.c file.
  • B. John is providing all rights to the owner of the file.
  • C. The textual representation of the file access permission of 741 will be -rwxr--rw-.
  • D. By the octal representation of the file access permission, John is restricting the group members to only read the secure.c file.

Answer: B,D


NEW QUESTION # 190
John works as a Penetration Tester in a security service providing firm named you-are-secure Inc.
Recently, John's company has got a project to test the security of a promotional Website www.missatlanta.com and assigned the pen-testing work to John. When John is performing penetration testing, he inserts the following script in the search box at the company home page:
<script>alert('Hi, John')</script>
After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John."
Which of the following attacks can be performed on the Web site tested by john while considering the above scenario?

  • A. Replay attack
  • B. Buffer overflow attack
  • C. CSRF attack
  • D. XSS attack

Answer: D


NEW QUESTION # 191
......


To earn the GPEN certification, applicants must pass a proctored, timed exam with 115 multiple-choice questions. Questions cover a range of topics such as exploitation, password attacks, web application vulnerabilities, and network enumeration. Candidates have 3 hours to complete the exam, with an additional 30 minutes given to those taking the test in a non-native language. The test-taker needs to score at least 74% to earn the GPEN certification.

 

Real Updated GPEN Questions & Answers Pass Your Exam Easily: https://www.braindumpquiz.com/GPEN-exam-material.html

Easily To Pass New GPEN Verified & Correct Answers: https://drive.google.com/open?id=1RV-MBSmEYcezUS5g6sfyOPsw2GeVwtsc

Related Blogs

more
GIAC GPEN Certification Practice Exam

Copyright © 2026 BRAINDUMPQUIZ.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.