GIAC GPEN practice exam giveaway

This topic contains 15 replies, has 6 voices, and was last updated by  MableSoffer 6 years, 2 months ago.

  • Author
    Posts
  • #8556
     UKSecurityGuy 
    Participant

    Hi,

    I’ve got my GIAC GPEN exam this week, and I’ve got one unused practice exam left. Rather than use it up, I thought I’d offer it out to the community to help out others that were thinking of taking it, but weren’t sure if they’d pass the exam without taking the SANS SEC560 course first.

    The practice test expires October 23rd, 2013 10:11 UTC, and takes about 3 hours to do – so you must be able to use it before this time.

    As there are always a couple of people after these exams – I thought I’d set a little quiz. This quiz is a direct representation of the types of questions you’ll be asked in the practice exam – so if you look through the questions and they don’t make sense to you, you’re probably not ready to take the practice exam, and you’d be better letting someone else take it instead.

    The rules of this quiz are:

    1. No googling the answers. You must use no reference materials when attempting it (You don’t get internet access when doing the GPEN exam)
    2. All answers must be PM’d to me
    3. All PMs must be sent by 28th August 2013, any submitted after that date will be disallowed
    4. Once you’ve PM’d me, post something in this thread to let everyone else know that you’re interested in taking the practice (so you might get another chance later on)

    So without delay – here is the quiz:


    You have compromised a Windows system with Metasploit, and have injected Meterpreter into LSASS. While looking around the filesystem you notice a file called "passwords.txt". You attempt to gain access to this file but are denied. After some investigation you determine that the file is locked by a file manager application that is running. How would you use Meterpreter to access the file?

    1. Use the execute command to launch your own copy of the file manager application to gain access to the file
    2. Use the getpid command to determine the user the application is currently running under, and then use the impersonate command to impersonate that user
    3. Use the migrate command to migrate to the file manager process to gain access to the file


    Analyse the network traffic below - what is happening?

    16:52:54.903498 IP 172.16.10.12.38767 > 172.16.10.2.33434: UDP, length 32
    16:52:54.903504 IP 172.16.10.12.44262 > 172.16.10.2.33435: UDP, length 32
    16:52:54.903508 IP 172.16.10.12.35637 > 172.16.10.2.33436: UDP, length 32
    16:52:54.903512 IP 172.16.10.12.58482 > 172.16.10.2.33437: UDP, length 32
    16:52:54.903516 IP 172.16.10.12.55077 > 172.16.10.2.33438: UDP, length 32

    1. A UDP traceroute from 172.16.10.12
    2. An Nmap scan from 172.16.10.12
    3. A DoS attack from 172.16.10.12


    You have gained access to a Linux machine through an exploit, but you aren't sure if you've got shell or terminal access. Which command would tell you the type of access you have

    1. Vi
    2. set
    3. Terminal
    4. tty


    What is a major difference between WPA1 and WPA2

    1. WPA2 fully implements 802.11i, WPA1 does not
    2. WPA1 is more backwards compatible than WPA2
    3. WPA2 has greater bandwidth than WPA1


    What can be done to speed up port scanning, while maintaining accurate results?

    1. Alter firewall rules to send TCP RESET messages for closed TCP ports
    2. Alter firewall rules to send TCP SYN messages for closed TCP ports
    3. Alter firewall rules to send TCP URG messages for closed TCP ports

  • #53405
     ziggy_567 
    Participant

    PM sent….

    **crosses fingers**

    ;D

  • #53406
     UKSecurityGuy 
    Participant

    Ziggy I’ve given it a couple of hours and I’ve still not got your PM.

    Might be worth sending it again.

  • #53407
     ziggy_567 
    Participant

    Sent again…

    **crosses fingers with both hands**

  • #53408
     m0wgli 
    Participant

    @uksecurityguy wrote:

    Hi,

    I’ve got my GIAC GPEN exam this week….

    Good luck!

    PM sent….

    @ziggy_567 Don’t worry, I’m just curious if I got the answers right, for now. With GPEN you can’t be far off GSE?

  • #53409
     dynamik 
    Participant

    @m0wgli wrote:

    @ziggy_567 Don’t worry, I’m just curious if I got the answers right, for now. With GPEN you can’t be far off GSE?

    Yea, c’mon Ziggy. Challenge GPEN and GCIA and knock out the GSE written. The next lab isn’t until September 14, so you have plenty of time!

  • #53410
     ziggy_567 
    Participant

    Yea, c’mon Ziggy. Challenge GPEN and GCIA and knock out the GSE written.

    I am planning to challenge the GPEN at some point. I’m not so sure about the GCIA. Those are the only practice tests I’ve failed. As much as I’d like to say I’m a wiz at reading packets….SANS/GIAC has other things to say! ;D

    Between work asking me to do the CISSP, finishing up my GWAPT, and recertifying my GSEC all in the next year added to all the activities that go along with 3 kids under the age of 6, I don’t know when I’ll get a chance to study like I need to for the GSE. It’s on my list. Unfortunately my list seems to grow faster than shrink.

  • #53411
     josephTaito 
    Participant

    @uksecurityguy,
    Kindly let us know the outcome of the test—-GPEN.
    Above all I will like to know the materials you use
    to prepare the exam.Currently I studying eccpt and will write
    the exam first week of next month before I face GPEN.
    Good luck and I suspect you will make it.
    Thanks!

  • #53412
     UKSecurityGuy 
    Participant

    Well – I passed!

    I came very close to not taking the exam at all – some major family problems came up at home the day before the test, so I was 50/50 deciding whether I’d go ahead with it or not.

    In the end I figured that I had nothing to lose, and either I don’t take the test (and can’t move it to another day as its less than 24 hours notice) or I go in there and give it a go.

    So – with 3 hours sleep (and stressed waiting for the emergency phone call to pull me out of the testing centre) I had a crack at it.

    The result – the GPEN completed in 1.5 hours, with a 95% passing score, so I’m fairly pleased with that.

    I’ve had three PMs so far asking for the practice test – any more takers (or simply want to have a crack at answering the questions)?

  • #53413
     m0wgli 
    Participant

    Congratulations! 8)

  • #53414
     josephTaito 
    Participant

    Congrats.
    Please what study materials or books help you to knock out the exam?

  • #53415
     UKSecurityGuy 
    Participant

    I took the SANS SEC560 course (review coming up when I get some time) for preparation.

    Most of the exam is common sense – unlike the SEC560 course, the GIAC GPEN exam is less about specific tools and more about how you would apply an area of tools to a problem.

    As an example – the SEC560 focuses heavily on the ZAP proxy, but the GPEN focuses on any non-transparent proxy.

  • #53416
     ziggy_567 
    Participant

    Congratz on the pass!

    I hope the family situation works itself out!

  • #53417
     UKSecurityGuy 
    Participant

    Well, there were a few PMs with really good answers in them – so in the end I flipped a coin and sent the practice exam to…….Ziggy!

    Good luck on the practice Ziggy – let us know how you got on.

    For those interested – the answers to the questions were:


    Question 1

    You have compromised a Windows system with Metasploit, and have injected Meterpreter into LSASS. While looking around the filesystem you notice a file called “passwords.txt”. You attempt to gain access to this file but are denied. After some investigation you determine that the file is locked by a file manager application that is running. How would you use Meterpreter to access the file?


    Answer 1

    Use the migrate command to migrate to the file manager process to gain access to the file

    The File Manager Application’s process itself has the file locked, not a particular user. Once you migrate into the memory space of the process in question, you should be able to access the file


    Question 2

    Analyse the network traffic below – what is happening?

    16:52:54.903498 IP 172.16.10.12.38767 > 172.16.10.2.33434: UDP, length 32
    16:52:54.903504 IP 172.16.10.12.44262 > 172.16.10.2.33435: UDP, length 32
    16:52:54.903508 IP 172.16.10.12.35637 > 172.16.10.2.33436: UDP, length 32
    16:52:54.903512 IP 172.16.10.12.58482 > 172.16.10.2.33437: UDP, length 32
    16:52:54.903516 IP 172.16.10.12.55077 > 172.16.10.2.33438: UDP, length 32


    Answer 2

    A UDP traceroute from 172.16.10.12

    This is a bit of a nasty question. It could equally be any of the answers. The question itself is looking for the most likely scenario to generate this traffic. This traffic has been captured using TCPDump on a Linux machine, that is tracerouting to another machine on the local subnet. The reason this is more likely to be traceroute traffic than nmap or DoS is that it is UDP traffic starting at port 33434 and incrementing by one each time. By default, nmap randomises it’s ports, and a DoS attack is focus’d on a single port.


    Question 3

    You have gained access to a Linux machine through an exploit, but you aren’t sure if you’ve got shell or terminal access. Which command would tell you the type of access you have


    Answer 3

    tty

    Try it yourself!


    Question 4

    What is a major difference between WPA1 and WPA2


    Answer 4

    WPA2 fully implements 802.11i, WPA1 does not


    Question 5

    What can be done to speed up port scanning, while maintaining accurate results?


    Answer 5

    Alter firewall rules to send TCP RESET messages for closed TCP ports

    Nmap (and other scanners) use a variety of indicators to determine if a port is open or not. In the case of TCP, one of those indicators is if a RESET flag is set in a reply packet. Essentially the remote system is tearing down the connection (as there is nothing listening on the port specified) and nmap uses this to determine that the port is closed. Nearly all firewalls silently drop packets destined for ports they don’t have rules for now, greatly slowing down scanning times.

    Try it yourself – run a nmap scan against a host with a firewall (the Windows firewall will be fine for this) and then turn the firewall off. Notice how much faster the scan is!

  • #53418
     MableSoffer 
    Participant

    As we all know,While the mobile phone brings great conveniences to people, it also raises new challenge on the security of confidential work. In recent years, the wiretap, cheating in examination, medical negligence and gas station explosion with mobile phone occurred and it has aroused great concern of the society. Maybe it’s one of the reasons that promoted the appearance of mobile phone signal jammer.You may be watching a nice movie or enjoying your nap when you get free for sometime. Still you have chances of getting disturbed with your most loved ones and close friend chatting near you on the cell phone. At such hours, if you really care for your free time then you need to buy a cell phone jammer.

  • #53419
     MableSoffer 
    Participant

    As we all know,While the mobile phone brings great conveniences to people, it also raises new challenge on the security of confidential work. In recent years, the wiretap, cheating in examination, medical negligence and gas station explosion with mobile phone occurred and it has aroused great concern of the society. Maybe it’s one of the reasons that promoted the appearance of mobile phone signal jammer.You may be watching a nice movie or enjoying your nap when you get free for sometime. Still you have chances of getting disturbed with your most loved ones and close friend chatting near you on the cell phone. At such hours, if you really care for your free time then you need to buy a cell phone jammer.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?