← Back to exam page

GPEN GIAC Penetration Tester

Loading demo links...

Showing 7–9 of 15 questions

Question 7 (Volume C)

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com network. Now, when you have finished your penetration testing, you find that the weare- secure.com server is highly vulnerable to SNMP enumeration. You advise the we-are-secure Inc. to turn off SNMP; however, this is not possible as the company is using various SNMP services on its remote nodes. What other step can you suggest to remove SNMP vulnerability?

Each correct answer represents a complete solution. Choose two.

Select all that apply, then click Submit answer.

  • Close port TCP 53.

  • Change the default community string names.

  • Upgrade SNMP Version 1 with the latest version.

  • Install antivirus.
Question 8 (Volume D)

Which of the following techniques is used to monitor telephonic and Internet conversations by a third party?

Select an option, then click Submit answer.

  • War driving

  • War dialing

  • Web ripping

  • Wiretapping
Question 9 (Volume A)

A penetration tester used a client-side browser exploit from metasploit to get an unprivileged shell prompt on the target Windows desktop. The penetration tester then tried using the getsystem command to perform a local privilege escalation which failed. Which of the following could resolve the problem?

Select an option, then click Submit answer.

  • Load priv module and try getsystem again

  • Run getuid command, then getpriv command, and try getsystem again

  • Run getuid command and try getsystem again

  • Use getprivs command instead of getsystem