GPENPreview

Which of the following modes describes a wireless interface that is configured to passively grab wireless frames from one wireless channel and pass them to the operating system?

By default Active Directory Controllers store password representations in which file?

You are pen testing a Windows system remotely via a raw netcat shell. You want to quickly change directories to where the Windows operating system resides, what command could you use?

Which Metasploitvncinject stager will allow VNC communications from the attacker to a listening port of the attacker's choosing on the victim machine?

While reviewing traffic from a tcpdump capture, you notice the following commands being sent from a remote system to one of your web servers:
C:>sc winternet.host.com create ncservicebinpath- "c:\tools\ncexe -I -p 2222 -e cmd.exe"
C:>sc vJnternet.host.com query ncservice.
What is the intent of the commands?

A penetration tester obtains telnet access to a target machine using a captured credential. While trying to transfer her exploit to the target machine, the network intrusion detection systems keeps detecting her exploit and terminating her connection. Which of the following actions will help the penetration tester transfer an exploit and compile it in the target system?

Analyze the command output below. What information can the tester infer directly from the information shown?

Analyze the screenshot below. What type of vulnerability is being attacked?

Approximately how many packets are usually required to conduct a successful FMS attack onWEP?

Based on the partial appdefstrig rile listed below, which port scan signature is classified by AMap as harmful?

During a penetration test we determine that TCP port 22 is listening on a target host. Knowing that SSHD is the typical service that listens on that port we attempt to validate that assumption with an SSH client but our effort Is unsuccessful. It turns out that it is actually an Apache webserver listening on the port, which type of scan would have helped us to determine what service was listening on port 22?

During a penetration test you discover a valid set of SSH credentials to a remote system. How can this be used to your advantage in a Nessus scan?

Given the following Scapy information, how is default Layer 2 information derived?

How can a non-privileged user on a Unix system determine if shadow passwords are being used?

Which of the following TCP packet sequences are common during a SYN (or half-open) scan?

Which of the following describes the direction of the challenges issued when establishing a wireless (IEEE 802.11) connection?

You have been contracted to map me network and try to compromise the servers for a client. Which of the following would be an example of scope creep' with respect to this penetration testing project?

You have compromised a Windows workstation using Metasploit and have injected the Meterpreter payload into the svchost process. After modifying some files to set up a persistent backdoor you realize that you will need to change the modified and access times of the files to ensure that the administrator can't see the changes you made. Which Meterpreter module would you need to load in order to do this?

Raw netcat shells and telnet terminals share which characteristic?

You suspect that system administrators In one part of the target organization are turning off their systems during the times when penetration tests are scheduled, what feature could you add to the ' Rules of engagement' that could help your team test that part of the target organization?

You are using the Nmap Scripting Engine and want detailed output of the script as it runs. Which option do you include in the command string?

You successfully compromise a target system's web application using blind command injection. The command you injected is ping-n 1 192.168.1.200. Assuming your machine is 192.168.1 200, which of the following would you see?

A penetration tester wishes to stop the Windows Firewall process on a remote host running Windows Vista She issues the following commands:

A check of the remote host indicates that Windows Firewall is still running. Why did the command fail?

You are running a vulnerability scan on a remote network and the traffic Is not making It to the target system. You investigate the connection issue and determine that the traffic is making it to the internal interface of your network firewall, but not making. It to the external Interface or to any systems outside your firewall. What is the most likely problem?