The GIAC Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the GPEN certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guide for the GPEN will help guide you through the study process for your certification.

GPENGIAC Penetration Tester Exam Summary

Exam Name: GIAC Penetration Tester (GPEN)

Exam Code: GPEN

Exam Price: $1699 (USD)

Duration: 180 mins

Number of Questions: 115

Passing Score: 74%

Schedule Exam: Pearson VUE

Sample Questions: GIAC GPEN Sample Questions

Recommended Practice: GIAC GPEN Certification Practice Exam

Exam Syllabus: GPEN GIAC Penetration Tester (GPEN)

1. Advanced Password Attacks

The candidate will be able to use additional methods to attack password hashes and authenticate.

2. Attacking Password Hashes

The candidate will be able to obtain and attack password hashes and other password representations.

3. Enumerating Users

The candidate will be able to enumerate users through different methods.

4. Exploitation Fundamentals

The candidate will be able to demonstrate the fundamental concepts associated with the exploitation phase of a pentest.

5. Initial Target Scanning

The candidate will be able to conduct port, operating system and service version scans and analyze the results.

6. Metasploit

The candidate will be able to use and configure the Metasploit Framework at an intermediate level.

7. Moving Files with Exploits

The candidate will be able to use exploits to move files between remote systems.

8. Password Attacks

The candidate will understand types of password attacks, formats, defenses, and the circumstances under which to use each password attack variation. The candidate will be able to conduct password guessing attacks.

9. Pen-testing Foundations

The candidate will be able to demonstrate the fundamental concepts associated with pen-testing.

10.Pen-testing Process

The candidate will be able to utilize a process-oriented approach to pentesting and reporting.

11. Penetration Testing using Power Shell

The candidate will demonstrate an understanding of the use of advanced Windows Power Shell skills during a penetration test.

12. Penetration Testing using the Windows Command Line

The candidate will demonstrate an understanding of the use of advanced Windows command line skills during a penetration test.

13. Reconnaissance

The candidate will understand the fundamental concepts of reconnaissance and will understand how to obtain basic, high level information about the target organization and network, often considered information leakage, including but not limited to technical and non technical public contacts, IP address ranges, document formats, and supported systems.

14. Scanning for Targets

The candidate will be able to use the appropriate technique to scan a network for potential targets.

15. Vulnerability Scanning

The candidate will be able to conduct vulnerability scans and analyze the results.

16. Web Application Attacks

The candidate will be able to utilize common web application attacks.

17. Web Application Reconnaisance

The candidate will demonstrate an understanding of the use of tools and proxies to discover web application vulnerabilities.

GIAC GPEN Certification Sample Questions and Answers:-

To make you familiar with GIAC Penetration Tester (GPEN) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for GPEN GPENCertification to test your understanding of GIAC GPENprocess with real GIAC certification exam environment.

GPENGIAC Penetration Tester Sample Questions:-

01. Which of the following is NOT a Back orifice plug-in?

a) BOSOCK32

b) STCPIO

c) BOPeep

d) Beast

02. In which of the following scanning methods does an attacker send SYN packets and then a RST packet?

a) TCP SYN scan

b) XMAS scan

c) IDLE scan

d) TCP FIN scan

03. Which of the following tools can be used to find a username from a SID?

a) SNMPENUM

b) SID

c) SID2User

d) SIDENUM

04. If a password is seven characters or less, the second half of the LM hash is always ___________________.

a) 0xAAD3B4EE

b) 0xAAD3B4FF

c) 0xAAD3B435B51404FF

d) 0xAAD3B435B51404EE

05. Why is OSSTMM beneficial to the pen tester?

a) It provides a legal andcontractual framework for testing

b) It provides in-depth knowledge on tools

c) It provides report templates

d) It includes an automated testing engine similar to Metasploit

06. By default Active Directory Controllers store password representations in which file?

a) %system roots .system 32/ntds.dit

b) %System roots \ntds\ntds.dit

c) %System roots \ntds\sam.dat

d) %System roots \ntds\sam.dit

07. Which of the following nmap switches is used to perform NULL scan?

a) -sN

b) -sO

c) -sU

d) -sP

08. Which of the following techniques is used to monitor telephonic and Internet conversations by a third party?

a) War driving

b) War dialing

c) Web ripping

d) Wiretapping

09. How can a non-privileged user on a Unix system determine if shadow passwords are being used?

a) Read /etc/password and look for "x" or “II” in the second colon-delimited field

b) Read /etc/shadow and look for “x” or “II” in the second colon-delimited field

c) Verify that /etc/password has been replaced with /etc/shadow

d) Read /etc/shadow and look NULL values In the second comma delimited field

10. What does TCSEC stand for?

a) Trusted Computer System Evaluation Criteria

b) Target Computer System Evaluation Criteria

c) Trusted Computer System Experiment Criteria

d) Trusted Computer System Evaluation Center

Answers:-

Answer 1 :- d

Answer 2 :- a

Answer 3 :- c

Answer 4 :- d

Answer 5 :- c

Answer 6 :- b

Answer 7 :- a

Answer 8 :- d

Answer 9 :- a

Answer 10:- a