Download SANS 560 ~ GPEN EXAM 2025 WITH 100% ACCURATE SOLUTIONS and more Exams Nursing in PDF only on Docsity!
SANS 560 ~ GPEN EXAM 2025 WITH 100%
ACCURATE SOLUTIONS
Which of the following correctly defines the Nmap Scripting Engine “intrusive” category? Detects network-accessible backdoors Looks for a vulnerability Detects the version of a target’s services May leave logs, guess passwords, or otherwise impact the target – Answer May leave logs, guess passwords, or otherwise impact the target After scanning a network, a penetration tester has a list of open ports to be investigated. Which Nmap feature can be used to probe the target machine and determine what software is actually listening on those ports? TCP connect scan Version scanning UDP port scan
TCP SYN scan – Answer Version scanning A penetration tester executes the command “dnsrecon -d [domain] -t axfr” to target the DNS infrastructure of an organization. What are they doing? Attempting a zone transfer Performing a DNSSEC zone walk Performing a reverse DNS lookup for IPaddress or CIDRrange Scanning for DNS cache snooping using a supplied dictionary file – Answer Attempting a zone transfer Which Regional Internet Registry is responsible for Europe, the Middle East, and parts of Central Asia? RIPE NCC ARIN LACNIC APNIC – Answer RIPE NCC
Web application test Client-side test Social engineering test – Answer Social engineering test What is the default -T speed used by Nmap when scanning a target? 3 1 2 4 – Answer 3 An organization is contracted to perform an external penetration test on a very large target network. Which technique would be most effective to limit the scope of the scanning needed to identify targets? Scan using Nessus unsafe plugins. Scan using a TCP SYN scan for all ports. Scan using a TCP connect scan for all ports.
Scan a subset of commonly used ports. – Answer Scan a subset of commonly used ports. Upon gaining access to a Linux host, what directory could be useful to review for interesting files such as account information and hashes? Root Etc Passwd Home – Answer ect Which of the following NSE Script categories detects backdoors running on a target machine when Nmap is invoked? Malware Fuzzer Default Vuln – Answer Malware Which of the following can a penetration tester typically perform with information they have gathered about an organization’s recent activity?
World-writable files Hidden files – Answer Files with the SETUID bit set A pen tester tests a TCP connection over port 80 to see if a web server is running on a host and uses software to send a TCP packet with the SYN control bit set. What would be the expected response from the target system if a web server was listening on that port? SYN-ACK response SYN-RST response ACK response RST-ACK response – Answer SYN-ACK response Which of the following is provided by EyeWitness? Host status Port status HTTP header information Firewall filtering status – Answer HTTP header information
Your customer is concerned about a potential system crash. How can you mitigate the potential for negative impact? Only use psexec to deliver exploits. Purchase insurance. Test during a maintenance window. Request permission for Denial-of-service. – Answer Test during a maintenance window. Masscan supports converting results to which format? Docx Csv Html report Grepable text – Answer grepable text While performing TCP SYN scanning to identify targets, a pen tester receives an ICMP port unreachable response to a TCP SYN scan of a particular port. What does this likely indicate? The port is only accessible via UDP.
Scanning of the environment from the target machine – Answer Use of Macro- enabled office files for phishing Which of the following Linux files is world readable and can be viewed to see a list of user accounts? /root/bash.rc /etc/shadow /root/.ssh/known_hosts /etc/passwd – Answer /etc/passwd What interface to Metasploit offers functionality via a customized and interactive command prompt? Msfvenom Msfrpcd Msfconsole Msfcli – Answer Msfconsole Within the context of Metasploit, which of the following best describes the purpose of stages and stagers?
Stagers and stages are interchangeable, but stagers tend to be more flexible. Stages focus on flexible communications, including binding on a TCP port, making reverse connections, and more; stagers implement shell, Meterpreter, or VNC access. Stagers perform functions such as port scans, fuzzing, and denial of service; stages focus on remote shell access. Stagers load a stage into a target’s memory and provide communications with it; stages provide functionality when running on the target system. – Answer Stagers load a stage into a target’s memory and provide communications with it; stages provide functionality when running on the target system. Which of the following applications support Dynamic Data Exchange (DDE)? Word and Excel Word and PowerPoint Access and Outlook Excel and Outlook – Answer Excel and Outlook Within the Metasploit Framework, what type of modules are associated with scanning for vulnerable systems and launching denial-of-service attacks?
Fun Lateral movement Exfiltration – Answer Exfiltration A penetration tester has gained access to a Linux machine and would like to collect information about machines with which the compromised machine is currently communicating with. Which of the following commands will provide this information? Nmap -sS Ss -t state established Ipconfig /all Hostname – Answer ss -t state established What is the purpose of the pw-inspector tool? Estimates the complexity of user-chosen passwords Highlights problems with the password policy Provides the basis for random password generation for user accounts
Reduces the wordlist used for password guessing – Answer Reduces the wordlist used for password guessing What is the purpose of the msfrpcd within the Metasploit Framework? It is the daemon that provides logging and reporting functionality. It is the daemon that allows Metasploit to exploit Remote Procedure Call, , vulnerabilities. It is the daemon that provides GUI access to target machines. It is a daemon that allows other programs to access Metasploit functionality. – Answer It is a daemon that allows other programs to access Metasploit functionality. How does the Sliver C2 framework differ from other post-exploitation frameworks? Uses PowerShell but does not require powershell.exe Individual payload RSA key pairs are created for each instance It requires Metasploit integration Focus on defensive and blue team operations – Answer Individual payload RSA key pairs are created for each instance
Windows-side Server-side Service-side Client-side – Answer Client-side Microsoft Office Macros are written in which of the following scripting languages? PowerShell LUA JavaScript Visual Basic for Applications – Answer Visual Basic for Applications Which of the following tools performs several security-oriented, host-survey safety checks from both offensive and defensive security perspectives? SharpDump Powersploit Seatbelt
SharpRoast – Answer Seatbelt Penetration testers often rely on what to gain initial access? Lateral movement Physical access Exploitable services Beacons – Answer Exploitable services Which category of Empire modules is useful during post-exploitation activities to ensure the agent continues to be accessible following a reboot of the target machine? Exploitation Persistence Lateral movement Fun – Answer Persistence A penetration tester wants GUI remote control of a target system. In deciding on a Metasploit payload, which would provide GUI control?
Nmap Netcat – Answer Bloodhound Which of the following require elevated privileges on a system before they can be performed? Sniff network traffic Send phishing email Lateral movement Data access – Answer Sniff network traffic What Windows feature is designed to protect an administrator user from making unintended changes to a system and prevent malicious programs from damaging the system. Two-factor authentication Local Security Policy User Account Control Group Policy – Answer User Account Control
How do you make Hashcat provide a status update as it is running? Press the P key Press the CTRL-P key Press the CTRL-S key Press the s key – Answer Press the s key Which file, possibly containing usernames and passwords, is sometimes found in organizations that perform unattended installs and fail to properly clean up after the process? Install.xml Sysprep.sys Unattend.sys Unattend.xml – Answer Unattend.xml A penetration tester discovers the following service path with the service running under a privileged account:C:\Apps\Apache Web\bin\webstart.exeHow could this information be used by the tester to attempt to escalate privileges on the system?
