.

GIAC GPEN practice exam giveaway

<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Wed Aug 21, 2013 4:34 am

GIAC GPEN practice exam giveaway

Hi,

I've got my GIAC GPEN exam this week, and I've got one unused practice exam left. Rather than use it up, I thought I'd offer it out to the community to help out others that were thinking of taking it, but weren't sure if they'd pass the exam without taking the SANS SEC560 course first.

The practice test expires October 23rd, 2013 10:11 UTC, and takes about 3 hours to do - so you must be able to use it before this time.

As there are always a couple of people after these exams - I thought I'd set a little quiz. This quiz is a direct representation of the types of questions you'll be asked in the practice exam - so if you look through the questions and they don't make sense to you, you're probably not ready to take the practice exam, and you'd be better letting someone else take it instead.

The rules of this quiz are:

1. No googling the answers. You must use no reference materials when attempting it (You don't get internet access when doing the GPEN exam)
2. All answers must be PM'd to me
3. All PMs must be sent by 28th August 2013, any submitted after that date will be disallowed
4. Once you've PM'd me, post something in this thread to let everyone else know that you're interested in taking the practice (so you might get another chance later on)

So without delay - here is the quiz:
  Code:
You have compromised a Windows system with Metasploit, and have injected Meterpreter into LSASS. While looking around the filesystem you notice a file called "passwords.txt". You attempt to gain access to this file but are denied. After some investigation you determine that the file is locked by a file manager application that is running. How would you use Meterpreter to access the file?


1. Use the execute command to launch your own copy of the file manager application to gain access to the file
2. Use the getpid command to determine the user the application is currently running under, and then use the impersonate command to impersonate that user
3. Use the migrate command to migrate to the file manager process to gain access to the file

  Code:
Analyse the network traffic below - what is happening?

16:52:54.903498 IP 172.16.10.12.38767 > 172.16.10.2.33434: UDP, length 32
16:52:54.903504 IP 172.16.10.12.44262 > 172.16.10.2.33435: UDP, length 32
16:52:54.903508 IP 172.16.10.12.35637 > 172.16.10.2.33436: UDP, length 32
16:52:54.903512 IP 172.16.10.12.58482 > 172.16.10.2.33437: UDP, length 32
16:52:54.903516 IP 172.16.10.12.55077 > 172.16.10.2.33438: UDP, length 32


1. A UDP traceroute from 172.16.10.12
2. An Nmap scan from 172.16.10.12
3. A DoS attack from 172.16.10.12


  Code:
You have gained access to a Linux machine through an exploit, but you aren't sure if you've got shell or terminal access. Which command would tell you the type of access you have


1. Vi
2. set
3. Terminal
4. tty

  Code:
What is a major difference between WPA1 and WPA2


1. WPA2 fully implements 802.11i, WPA1 does not
2. WPA1 is more backwards compatible than WPA2
3. WPA2 has greater bandwidth than WPA1


  Code:
What can be done to speed up port scanning, while maintaining accurate results?


1. Alter firewall rules to send TCP RESET messages for closed TCP ports
2. Alter firewall rules to send TCP SYN messages for closed TCP ports
3. Alter firewall rules to send TCP URG messages for closed TCP ports
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Wed Aug 21, 2013 10:04 am

Re: GIAC GPEN practice exam giveaway

PM sent....

**crosses fingers**

;D
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Wed Aug 21, 2013 10:59 am

Re: GIAC GPEN practice exam giveaway

Ziggy I've given it a couple of hours and I've still not got your PM.

Might be worth sending it again.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Wed Aug 21, 2013 11:13 am

Re: GIAC GPEN practice exam giveaway

Sent again...

**crosses fingers with both hands**
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Wed Aug 21, 2013 4:47 pm

Re: GIAC GPEN practice exam giveaway

UKSecurityGuy wrote:Hi,

I've got my GIAC GPEN exam this week....


Good luck!

PM sent....

@ziggy_567 Don't worry, I'm just curious if I got the answers right, for now. With GPEN you can't be far off GSE?
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Aug 21, 2013 5:05 pm

Re: GIAC GPEN practice exam giveaway

m0wgli wrote:@ziggy_567 Don't worry, I'm just curious if I got the answers right, for now. With GPEN you can't be far off GSE?


Yea, c'mon Ziggy. Challenge GPEN and GCIA and knock out the GSE written. The next lab isn't until September 14, so you have plenty of time!
The day you stop learning is the day you start becoming obsolete.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Thu Aug 22, 2013 8:32 am

Re: GIAC GPEN practice exam giveaway

Yea, c'mon Ziggy. Challenge GPEN and GCIA and knock out the GSE written.


I am planning to challenge the GPEN at some point. I'm not so sure about the GCIA. Those are the only practice tests I've failed. As much as I'd like to say I'm a wiz at reading packets....SANS/GIAC has other things to say! ;D

<whine src=self-pity>
Between work asking me to do the CISSP, finishing up my GWAPT, and recertifying my GSEC all in the next year added to all the activities that go along with 3 kids under the age of 6, I don't know when I'll get a chance to study like I need to for the GSE. It's on my list. Unfortunately my list seems to grow faster than shrink.
</whine>
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

josephTaito

User avatar

Newbie
Newbie

Posts: 9

Joined: Wed Aug 21, 2013 2:29 am

Post Fri Aug 23, 2013 8:42 am

Re: GIAC GPEN practice exam giveaway

@UKSecurityGuy,
Kindly let us know the outcome of the test----GPEN.
Above all I will like to know the materials you use
to prepare the exam.Currently I studying eccpt and will write
the exam first week of next month before I face GPEN.
Good luck and I suspect you will make it.
Thanks!
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Sat Aug 24, 2013 3:15 pm

Re: GIAC GPEN practice exam giveaway

Well - I passed!

I came very close to not taking the exam at all - some major family problems came up at home the day before the test, so I was 50/50 deciding whether I'd go ahead with it or not.

In the end I figured that I had nothing to lose, and either I don't take the test (and can't move it to another day as its less than 24 hours notice) or I go in there and give it a go.

So - with 3 hours sleep (and stressed waiting for the emergency phone call to pull me out of the testing centre) I had a crack at it.

The result - the GPEN completed in 1.5 hours, with a 95% passing score, so I'm fairly pleased with that.

I've had three PMs so far asking for the practice test - any more takers (or simply want to have a crack at answering the questions)?
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Sat Aug 24, 2013 3:46 pm

Re: GIAC GPEN practice exam giveaway

Congratulations! 8)
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

josephTaito

User avatar

Newbie
Newbie

Posts: 9

Joined: Wed Aug 21, 2013 2:29 am

Post Sun Aug 25, 2013 10:24 am

Re: GIAC GPEN practice exam giveaway

Congrats.
Please what study materials or books help you to knock out the exam?
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Mon Aug 26, 2013 6:21 am

Re: GIAC GPEN practice exam giveaway

I took the SANS SEC560 course (review coming up when I get some time) for preparation.

Most of the exam is common sense - unlike the SEC560 course, the GIAC GPEN exam is less about specific tools and more about how you would apply an area of tools to a problem.

As an example - the SEC560 focuses heavily on the ZAP proxy, but the GPEN focuses on any non-transparent proxy.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon Aug 26, 2013 7:43 am

Re: GIAC GPEN practice exam giveaway

Congratz on the pass!

I hope the family situation works itself out!
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Fri Aug 30, 2013 6:52 am

Re: GIAC GPEN practice exam giveaway

Well, there were a few PMs with really good answers in them - so in the end I flipped a coin and sent the practice exam to.......Ziggy!

Good luck on the practice Ziggy - let us know how you got on.

For those interested - the answers to the questions were:



Question 1

You have compromised a Windows system with Metasploit, and have injected Meterpreter into LSASS. While looking around the filesystem you notice a file called "passwords.txt". You attempt to gain access to this file but are denied. After some investigation you determine that the file is locked by a file manager application that is running. How would you use Meterpreter to access the file?



Answer 1

Use the migrate command to migrate to the file manager process to gain access to the file


The File Manager Application's process itself has the file locked, not a particular user. Once you migrate into the memory space of the process in question, you should be able to access the file


Question 2

Analyse the network traffic below - what is happening?

16:52:54.903498 IP 172.16.10.12.38767 > 172.16.10.2.33434: UDP, length 32
16:52:54.903504 IP 172.16.10.12.44262 > 172.16.10.2.33435: UDP, length 32
16:52:54.903508 IP 172.16.10.12.35637 > 172.16.10.2.33436: UDP, length 32
16:52:54.903512 IP 172.16.10.12.58482 > 172.16.10.2.33437: UDP, length 32
16:52:54.903516 IP 172.16.10.12.55077 > 172.16.10.2.33438: UDP, length 32



Answer 2

A UDP traceroute from 172.16.10.12


This is a bit of a nasty question. It could equally be any of the answers. The question itself is looking for the most likely scenario to generate this traffic. This traffic has been captured using TCPDump on a Linux machine, that is tracerouting to another machine on the local subnet. The reason this is more likely to be traceroute traffic than nmap or DoS is that it is UDP traffic starting at port 33434 and incrementing by one each time. By default, nmap randomises it's ports, and a DoS attack is focus'd on a single port.


Question 3

You have gained access to a Linux machine through an exploit, but you aren't sure if you've got shell or terminal access. Which command would tell you the type of access you have



Answer 3

tty


Try it yourself!


Question 4

What is a major difference between WPA1 and WPA2



Answer 4

WPA2 fully implements 802.11i, WPA1 does not



Question 5

What can be done to speed up port scanning, while maintaining accurate results?



Answer 5

Alter firewall rules to send TCP RESET messages for closed TCP ports


Nmap (and other scanners) use a variety of indicators to determine if a port is open or not. In the case of TCP, one of those indicators is if a RESET flag is set in a reply packet. Essentially the remote system is tearing down the connection (as there is nothing listening on the port specified) and nmap uses this to determine that the port is closed. Nearly all firewalls silently drop packets destined for ports they don't have rules for now, greatly slowing down scanning times.

Try it yourself - run a nmap scan against a host with a firewall (the Windows firewall will be fine for this) and then turn the firewall off. Notice how much faster the scan is!
<<

MableSoffer

User avatar

Newbie
Newbie

Posts: 2

Joined: Tue Sep 10, 2013 4:27 am

Post Tue Sep 10, 2013 4:42 am

Re: GIAC GPEN practice exam giveaway

As we all know,While the mobile phone brings great conveniences to people, it also raises new challenge on the security of confidential work. In recent years, the wiretap, cheating in examination, medical negligence and gas station explosion with mobile phone occurred and it has aroused great concern of the society. Maybe it's one of the reasons that promoted the appearance of mobile phone signal jammer.You may be watching a nice movie or enjoying your nap when you get free for sometime. Still you have chances of getting disturbed with your most loved ones and close friend chatting near you on the cell phone. At such hours, if you really care for your free time then you need to buy a cell phone jammer.
Next

Return to GPEN - GIAC Certified Penetration Tester

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software