I've got my GIAC GPEN exam this week, and I've got one unused practice exam left. Rather than use it up, I thought I'd offer it out to the community to help out others that were thinking of taking it, but weren't sure if they'd pass the exam without taking the SANS SEC560 course first.
The practice test expires October 23rd, 2013 10:11 UTC, and takes about 3 hours to do - so you must be able to use it before this time.
As there are always a couple of people after these exams - I thought I'd set a little quiz. This quiz is a direct representation of the types of questions you'll be asked in the practice exam - so if you look through the questions and they don't make sense to you, you're probably not ready to take the practice exam, and you'd be better letting someone else take it instead.
The rules of this quiz are:
1. No googling the answers. You must use no reference materials when attempting it (You don't get internet access when doing the GPEN exam)
2. All answers must be PM'd to me
3. All PMs must be sent by 28th August 2013, any submitted after that date will be disallowed
4. Once you've PM'd me, post something in this thread to let everyone else know that you're interested in taking the practice (so you might get another chance later on)
So without delay - here is the quiz:
You have compromised a Windows system with Metasploit, and have injected Meterpreter into LSASS. While looking around the filesystem you notice a file called "passwords.txt". You attempt to gain access to this file but are denied. After some investigation you determine that the file is locked by a file manager application that is running. How would you use Meterpreter to access the file?
1. Use the execute command to launch your own copy of the file manager application to gain access to the file
2. Use the getpid command to determine the user the application is currently running under, and then use the impersonate command to impersonate that user
3. Use the migrate command to migrate to the file manager process to gain access to the file
Analyse the network traffic below - what is happening?
16:52:54.903498 IP 172.16.10.12.38767 > 172.16.10.2.33434: UDP, length 32
16:52:54.903504 IP 172.16.10.12.44262 > 172.16.10.2.33435: UDP, length 32
16:52:54.903508 IP 172.16.10.12.35637 > 172.16.10.2.33436: UDP, length 32
16:52:54.903512 IP 172.16.10.12.58482 > 172.16.10.2.33437: UDP, length 32
16:52:54.903516 IP 172.16.10.12.55077 > 172.16.10.2.33438: UDP, length 32
1. A UDP traceroute from 172.16.10.12
2. An Nmap scan from 172.16.10.12
3. A DoS attack from 172.16.10.12
You have gained access to a Linux machine through an exploit, but you aren't sure if you've got shell or terminal access. Which command would tell you the type of access you have
What is a major difference between WPA1 and WPA2
1. WPA2 fully implements 802.11i, WPA1 does not
2. WPA1 is more backwards compatible than WPA2
3. WPA2 has greater bandwidth than WPA1
What can be done to speed up port scanning, while maintaining accurate results?
1. Alter firewall rules to send TCP RESET messages for closed TCP ports
2. Alter firewall rules to send TCP SYN messages for closed TCP ports
3. Alter firewall rules to send TCP URG messages for closed TCP ports