GIAC GPEN試験問題集にはPDF問題とテストエンジンを試せ！ [Q179-Q195]

GIAC GPEN試験問題集にはPDF問題とテストエンジンを試せ！

最新GPEN試験問題集には合格保証付きます

この認定試験は、情報セキュリティの専門家に実践的で実世界のトレーニングと認定プログラムを提供する組織であるGlobal Information Assurance Certification（GIAC）によって提供されます。 GIACは、サイバーセキュリティ業界の信頼できる非常に尊敬される組織であるSANS（Sysadmin、監査、ネットワーク、セキュリティ）研究所の一部門です。

 

質問 # 179
Which of the following are the two different file formats in which Microsoft Outlook saves e-mail messages based on system configuration?
Each correct answer represents a complete solution. Choose two.

• A. .xst
• B. .pst
• C. .txt
• D. .ost

正解：B、D

質問 # 180
You configure a wireless router at your home. To secure your home Wireless LAN (WLAN), you implement WEP. Now you want to connect your client computer to the WLAN. Which of the following is the required information that you will need to configure the client computer?
Each correct answer represents a part of the solution. Choose two.

• A. WEP key
• B. MAC address of the router
• C. IP address of the router
• D. SSID of the WLAN

正解：A、D

質問 # 181
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we- are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the We-aresecure server. Which of the following are countermeasures against a brute force attack?
Each correct answer represents a complete solution. Choose all that apply.

• A. The site should restrict the number of login attempts to only three times.
• B. The site should use CAPTCHA after a specific number of failed login attempts.
• C. The site should increase the encryption key length of the password.
• D. The site should force its users to change their passwords from time to time.

正解：A、B

解説：
Section: Volume C

質問 # 182
Which of the following is generally practiced by the police or any other recognized governmental authority?

• A. Spoofing
• B. Phishing
• C. SMB signing
• D. Wiretapping

正解：D

質問 # 183
You want to perform an active session hijack against Secure Inc. You have found a target that allows Telnet session. You have also searched an active session due to the high level of traffic on the network. What should you do next?

• A. Guess the sequence numbers.
• B. Use macoff to change MAC address.
• C. Use a sniffer to listen network traffic.
• D. Use brutus to crack telnet password.

正解：A

解説：
Section: Volume B

質問 # 184
The employees of EWS Inc. require remote access to the company's Web servers. In order to provide solid wireless security, the company uses EAP-TLS as the authentication protocol. Which of the following statements are true about EAP-TLS?
Each correct answer represents a complete solution. Choose all that apply.

• A. It uses a public key certificate for server authentication.
• B. It uses password hash for client authentication.
• C. It provides a moderate level of security.
• D. It is supported by all manufacturers of wireless LAN hardware and software.

正解：A、D

解説：
Section: Volume B

質問 # 185
Which of the following tools can be used to automate the MITM attack?

• A. Hotspotter
• B. Kismet
• C. IKECrack
• D. Airjack

正解：D

解説：
Section: Volume D

質問 # 186
A client has asked for a vulnerability scan on an internal network that does not have internet access. The rules of engagement prohibits any outside connection for the Nessus scanning machine. The customer has asked you to scan for a new critical vulnerability, which was released after the testing started, winch of the following methods of updating the Nessus plugins does not violate the rules of engagement?

• A. Proceed with the test and note the limitation of updating the plugins
• B. Connect the scanning machine via wireless bridge and download the updateddirectly
• C. Download the updates on an alternative machine and manually load on scanningmachine
• D. Change the routing and connect through an alternative gateway

正解：C

質問 # 187
A penetration tester obtains telnet access to a target machine using a captured credential. While trying to transfer her exploit to the target machine, the network intrusion detection systems keeps detecting her exploit and terminating her connection. Which of the following actions will help the penetration tester transfer an exploit and compile it in the target system?

• A. Use the ftp service in passive mode to push the file onto the target machine.
• B. Use the telnet service's ECHO option to pull the file onto the target machine
• C. Use the scp service, protocol SSHv2 to pull the file onto the target machine.
• D. Use the http service's PUT command to push the file onto the target machine.

正解：A

質問 # 188
Identify the network activity shown below;

• A. A flood of the local switch's CAM table.
• B. An attempt to impersonate the local gateway
• C. A sweep of available hosts on the local subnet
• D. An attempt to disassociate wireless clients.

正解：B

質問 # 189
You want to use a Windows-based GUI tool which can perform MITM attacks, along with sniffing and ARP poisoning. Which of the following tools will you use?

• A. Dsniff
• B. Cain and Abel
• C. Brutus
• D. Nmap

正解：B

質問 # 190
A junior penetration tester at your firm is using a non-transparent proxy for the first time to test a web server. He sees the web site In his browser but nothing shows up In the proxy. He tells you that he just installed the non-transparent proxy on his computer and didn't change any defaults. After verifying the proxy is running, you ask him to open up his browser configuration, as shown in the figure, which of the following recommendations will correctly allow him to use the transparent proxy with his browser?

• A. He should change the PORT: value to match the port used by the non-transparentproxy.
• B. He should select NO PROXY instead of MANUAL PROXY CONFIGURATION as thissetting is only necessary to access the Internet behind protected networks.
• C. He should select the checkbox "use this proxy server for all protocols" for theproxy to function correctly.
• D. He should change the HTTP PROXY value to 127.0.0.1 since the non-transparentproxy is running on the same machine as the browser.

正解：D

質問 # 191
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows: Which of the following tools is John using to crack the wireless encryption keys?

• A. PsPasswd
• B. AirSnort
• C. Kismet
• D. Cain

正解：B

質問 # 192
Which of the following methods can be used to detect session hijacking attack?

• A. sniffer
• B. Brutus
• C. ntop
• D. nmap

正解：A

質問 # 193
Which of the following tools is a wireless sniffer and analyzer that works on the Windows operating system?

• A. Kismet
• B. Void11
• C. Aeropeek
• D. Airsnort

正解：C

質問 # 194
You are conducting a penetration test for a private contractor located in Singapore. The scope extends to all internal hosts controlled by the company, you have gathered necessary hold-harmless and nondisclosure agreements. Which action by your group can incur criminal liability under Chapter 50a, Computer Misuse Act?

• A. Testing denial-of-service tolerance of the communications provider
• B. Cracking password hashes on the corporate domain server
• C. Exploiting vulnerable web services on internal hosts
• D. Attempts at social engineering employees via telephone calls

正解：B

質問 # 195
......

GIAC GPEN（GIAC Certified Penetration Tester）試験は、侵入テストの概念を完全に理解することを目指すセキュリティ専門家たちにとって、国際的に認められた資格認定試験です。GPEN は、侵入テストとエシカルハッキングの分野での候補者のスキルを検証し、ネットワークシステムの脆弱性やセキュリティの弱点を特定するために使用される手法、技術、ツールに対する知識を示すことができます。

 

信頼できるGIAC Information Security GPEN問題集PDFには2024年04月01日更新された問題です：https://www.jpntest.com/shiken/GPEN-mondaishu

必ず合格できるGIAC GPEN試験正確な405問題と解答あります：https://drive.google.com/open?id=1o9B-RKumizBoXx7NC77SgRxshG8hgVz6