GIAC GPEN Certification Sample Questions

GPEN Dumps, GPEN PDF, GPEN VCE, GIAC Penetration Tester VCEThe purpose of this Sample Question Set is to provide you with information about the GIAC Penetration Tester (GPEN) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the GPEN certification test. To get familiar with real exam environment, we suggest you try our Sample GIAC GPEN Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual GIAC Penetration Tester (GPEN) certification exam.

These sample questions are simple and basic questions that represent likeness to the real GIAC Penetration Tester exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium GIAC GPEN Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.

GIAC GPEN Sample Questions:

01. Which of the following is NOT a Back orifice plug-in?
c) BOPeep
d) Beast
02. In which of the following scanning methods does an attacker send SYN packets and then a RST packet?
a) TCP SYN scan
b) XMAS scan
c) IDLE scan
d) TCP FIN scan
03. Which of the following tools can be used to find a username from a SID?
b) SID
c) SID2User
04. If a password is seven characters or less, the second half of the LM hash is always ___________________.
a) 0xAAD3B4EE
b) 0xAAD3B4FF
c) 0xAAD3B435B51404FF
d) 0xAAD3B435B51404EE
05. Why is OSSTMM beneficial to the pen tester?
a) It provides a legal andcontractual framework for testing
b) It provides in-depth knowledge on tools
c) It provides report templates
d) It includes an automated testing engine similar to Metasploit
06. By default Active Directory Controllers store password representations in which file?
a) %system roots .system 32/ntds.dit
b) %System roots /ntds\ntds.dit
c) %System roots /ntds\sam.dat
d) %System roots /ntds\sam.dit
07. Which of the following nmap switches is used to perform NULL scan?
a) -sN
b) -sO
c) -sU
d) -sP
08. Which of the following techniques is used to monitor telephonic and Internet conversations by a third party?
a) War driving
b) War dialing
c) Web ripping
d) Wiretapping
09. How can a non-privileged user on a Unix system determine if shadow passwords are being used?
a) Read /etc/password and look for "x" or “II” in the second colon-delimited field
b) Read /etc/shadow and look for “x” or “II” in the second colon-delimited field
c) Verify that /etc/password has been replaced with /etc/shadow
d) Read /etc/shadow and look NULL values In the second comma delimited field
10. What does TCSEC stand for?
a) Trusted Computer System Evaluation Criteria
b) Target Computer System Evaluation Criteria
c) Trusted Computer System Experiment Criteria
d) Trusted Computer System Evaluation Center


Question: 01
Answer: d
Question: 02
Answer: a
Question: 03
Answer: c
Question: 04
Answer: d
Question: 05
Answer: c
Question: 06
Answer: a
Question: 07
Answer: a
Question: 08
Answer: d
Question: 09
Answer: b
Question: 10
Answer: a

Note: For any error in GIAC Penetration Tester (GPEN) certification exam sample questions, please update us by writing an email on

Rating: 4.5 / 5 (21 votes)