[NEW] GIAC Penetration Tester (GPEN)

Vulnerability Identification and Risk Management (23%): Developing the ability to accurately identify weaknesses and assess the business risk they pose.

Exploitation and Post-Exploitation (20%): Learning the technical execution of exploits, how to pivot through a network, and methods for maintaining access securely.

Network Scanning and Enumeration (17%): Perfecting information gathering, advanced scanning techniques, and deep service enumeration.

B. To detect the version of the services running on open ports.

C. To flood the target with ICMP Echo Requests to check for liveliness.

D. To automatically exploit any found vulnerabilities.

E. To change the MAC address of the tester's machine.

F. To bypass a web application firewall using fragmented packets.

Correct Answer: B

Explanation:

A (Incorrect): This is achieved using the -sS flag.

C (Incorrect): This describes a ping sweep, typically associated with -sn or -PE.

D (Incorrect): Nmap is a scanner, not an automated exploitation framework like Metasploit.

E (Incorrect): MAC spoofing is handled by the --spoof-mac flag.

F (Incorrect): While Nmap can fragment packets, -sV is not the command for that specific evasion technique.

Question 2: In the context of Penetration Testing Methodologies, why is a "Rules of Engagement" (RoE) document considered a best practice before any technical work begins?

B. It defines the legal boundaries, scope, and allowed techniques to protect both the tester and the client.

C. It acts as a manual for installing Linux on the target servers.

D. It is used to calculate the final invoice based on the number of bugs found.

E. It serves as a public press release for the company's security audit.

F. It automatically grants the tester administrative rights to the client's cloud.

Correct Answer: B

Explanation:

A (Incorrect): An RoE defines boundaries, not specific technical payloads.

C (Incorrect): It is a contractual document, not a technical installation guide.

D (Incorrect): While it mentions scope, it is not primarily a billing or pricing document.

E (Incorrect): Penetration tests are sensitive; the RoE is usually a confidential agreement.

F (Incorrect): Access must still be gained through agreed-upon technical means or provided credentials.

Question 3: A tester has successfully gained access to a Windows workstation and is now attempting "Post-Exploitation." Which of the following best describes the goal of "Pivoting"?

B. Changing the physical location of the attacker's laptop.

C. Using the compromised system as a gateway to scan and attack other systems in an internal network.

D. Deleting the initial exploit code to save disk space.

E. Sending an email to the HR department to report the vulnerability.

F. Updating the BIOS of the compromised machine.

Correct Answer: C

Explanation:

A (Incorrect): This would destroy the access the tester just gained.

B (Incorrect): Pivoting is a logical network movement, not a physical one.

D (Incorrect): While cleaning up is a phase, it is not the definition of pivoting.

E (Incorrect): This is part of the "Reporting" phase, not a post-exploitation movement technique.

F (Incorrect): This is hardware maintenance, not a penetration testing objective.

You can retake the exams as many times as you want

This is a huge original question bank

I provide support from instructors if you have questions

Each question has a detailed explanation

Mobile-compatible with the Udemy app

30-days money-back guarantee if you're not satisfied