SANS 560 ~ GPEN Study Set ACTUAL
QUESTIONS AND CORRECT ANSWERS
Which of the following correctly defines the Nmap Scripting Engine "intrusive" category?
Detects network-accessible backdoors
Looks for a vulnerability
Detects the version of a target's services
May leave logs, guess passwords, or otherwise impact the target - Correct answers✔May leave
logs, guess passwords, or otherwise impact the target
After scanning a network, a penetration tester has a list of open ports to be investigated. Which
Nmap feature can be used to probe the target machine and determine what software is actually
listening on those ports?
TCP connect scan
Version scanning
UDP port scan
TCP SYN scan - Correct answers✔Version scanning
,A penetration tester executes the command "dnsrecon -d [domain] -t axfr" to target the DNS
infrastructure of an organization. What are they doing?
Attempting a zone transfer
Performing a DNSSEC zone walk
Performing a reverse DNS lookup for IPaddress or CIDRrange
Scanning for DNS cache snooping using a supplied dictionary file - Correct
answers✔Attempting a zone transfer
Which Regional Internet Registry is responsible for Europe, the Middle East, and parts of
Central Asia?
RIPE NCC
ARIN
LACNIC
APNIC - Correct answers✔RIPE NCC
Which of the following implies that you are measuring things against a fixed, pre-determined,
rigorous set of standards?
Penetration testing
,Vulnerability scan
Security audit
Security assessment - Correct answers✔Security audit
In retaliation for being fired, a former employee wants to cause a network outage in an
organization. What is the former employee an example of?
Risk
Threat
Exploit
Vulnerability - Correct answers✔Threat
During a penetration testing engagement, the tester poses as a targeted user to a call center
operator and requests that the user's password be changed. What sort of penetration test is being
performed?
Network services test
Web application test
, Client-side test
Social engineering test - Correct answers✔Social engineering test
What is the default -T speed used by Nmap when scanning a target?
3
1
2
4 - Correct answers✔3
An organization is contracted to perform an external penetration test on a very large target
network. Which technique would be most effective to limit the scope of the scanning needed to
identify targets?
Scan using Nessus unsafe plugins.
Scan using a TCP SYN scan for all ports.
Scan using a TCP connect scan for all ports.
Scan a subset of commonly used ports. - Correct answers✔Scan a subset of commonly used
ports.
QUESTIONS AND CORRECT ANSWERS
Which of the following correctly defines the Nmap Scripting Engine "intrusive" category?
Detects network-accessible backdoors
Looks for a vulnerability
Detects the version of a target's services
May leave logs, guess passwords, or otherwise impact the target - Correct answers✔May leave
logs, guess passwords, or otherwise impact the target
After scanning a network, a penetration tester has a list of open ports to be investigated. Which
Nmap feature can be used to probe the target machine and determine what software is actually
listening on those ports?
TCP connect scan
Version scanning
UDP port scan
TCP SYN scan - Correct answers✔Version scanning
,A penetration tester executes the command "dnsrecon -d [domain] -t axfr" to target the DNS
infrastructure of an organization. What are they doing?
Attempting a zone transfer
Performing a DNSSEC zone walk
Performing a reverse DNS lookup for IPaddress or CIDRrange
Scanning for DNS cache snooping using a supplied dictionary file - Correct
answers✔Attempting a zone transfer
Which Regional Internet Registry is responsible for Europe, the Middle East, and parts of
Central Asia?
RIPE NCC
ARIN
LACNIC
APNIC - Correct answers✔RIPE NCC
Which of the following implies that you are measuring things against a fixed, pre-determined,
rigorous set of standards?
Penetration testing
,Vulnerability scan
Security audit
Security assessment - Correct answers✔Security audit
In retaliation for being fired, a former employee wants to cause a network outage in an
organization. What is the former employee an example of?
Risk
Threat
Exploit
Vulnerability - Correct answers✔Threat
During a penetration testing engagement, the tester poses as a targeted user to a call center
operator and requests that the user's password be changed. What sort of penetration test is being
performed?
Network services test
Web application test
, Client-side test
Social engineering test - Correct answers✔Social engineering test
What is the default -T speed used by Nmap when scanning a target?
3
1
2
4 - Correct answers✔3
An organization is contracted to perform an external penetration test on a very large target
network. Which technique would be most effective to limit the scope of the scanning needed to
identify targets?
Scan using Nessus unsafe plugins.
Scan using a TCP SYN scan for all ports.
Scan using a TCP connect scan for all ports.
Scan a subset of commonly used ports. - Correct answers✔Scan a subset of commonly used
ports.
