SANS GPEN

Exit

Question 1 of 1

  Time Left


0 [{"id":183301,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 20:06:45","updated_at":"2017-03-28 20:06:45","questionName":"Which nmap command would you use to reliably scan for open ports on a subnet and at the same time avoid detection by applications that log connections? ","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183298,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 19:54:19","updated_at":"2017-03-28 19:54:19","questionName":"A penetration tester obtains a DHCP address on the internal client LAN, then sends manually crafted packets to a web server in the DMZ. Packets with malformed HTTP headers and packets with other protocols tunneled in the payload to not make it to the web server. Which technology would be used to block these types of packets?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183307,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 20:16:11","updated_at":"2017-03-28 20:16:11","questionName":"What is the main difference between LANMAN and NTLMv1 challenge\/responses?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"NTLMv1 starts with the NT hash, LANMAN starts with LANMAN. Otherwise the two are the same. ","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183315,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 20:32:42","updated_at":"2017-03-28 20:36:01","questionName":"1.\tA penetration tester wishes to stop the Windows Firewall process on a remote host running Windows Vista. She issues the following commands: c:\\Documents and Settings\\Owner>net use Z:\\\\Fileserver\\shared \/user Administrator The command completed successfully. C:\\Documents and Settings\\Owner>Z: Z:\\>sc stop MpsSvc [SC] ControlService FAILED 1062: The service has been stopped. Z:\\> A check of the remote host indicates that the Windows Firewall is still running. Why did the command fail?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"In order to issue the sc command against a remote server, the IP or system name (if it can be resolved) must be passed to the sc command on the command-line. Otherwise the command will work against the local machine. ","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183300,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 20:05:27","updated_at":"2017-03-28 20:05:27","questionName":" A penetration tester obtains telnet access to a target machine using a captured credential. While trying to transfer her exploit to the target machine, the network intrusion prevention systems keep detecting her exploit and terminating her connection. Which of the following actions will help the penetration tester transfer and exploit and compile it in the target system? ","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183316,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 20:37:24","updated_at":"2017-03-28 20:37:24","questionName":"Analyze the command output below. Given this information, which is the next step for the tester?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":"uploads\/sans-gpen\/q2.png","position":null,"explanation":"The nmap command shown only shows what ports responded, and what the best guess is for services running on the port. Requesting a list of shares from the scanned host, since the port is open, will verify that netbios-ssn services are running as well as ga","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183296,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 19:50:18","updated_at":"2017-03-28 19:50:18","questionName":"You have gained shell on a Windows host and want to find out other machines to pivot to, but the rules of engagement state that you can only use tools that are already availabile. How could you find other machines on the target network? ","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183297,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 19:52:19","updated_at":"2017-03-28 19:52:19","questionName":"Given the following Scapy information, how is default Layer 2 information derived?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":"uploads\/sans-gpen\/q27.png","position":null,"explanation":"1.\tScapy relies on the underlying operating system to construct Layer 2 information to use as a default. If not explicitly define, scapy and the underlying operating system construct Layer 2 information which is used as default. ","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183313,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 20:26:06","updated_at":"2017-03-28 20:26:06","questionName":"What meterpreter command is used to get the SAM database and its hashes from the target machine?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183303,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 20:13:19","updated_at":"2017-03-28 20:13:19","questionName":"A penetration tester gains shell access to a target system through a remote exploit and executes the following batch script to pull a file from her attacking machine. How does this method compare to using the default ftp client interactively? ","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":"uploads\/sans-gpen\/q32.png","position":null,"explanation":"The script creates another file that contains the answers that the FTP client requires to non-interactively connect to the attacking machine and pull the file exploit.exe to the target system. Thus the script overcomes the restrictions imposed by a shell ","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183312,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 20:26:06","updated_at":"2017-03-28 20:26:06","questionName":"What meterpreter command is used to get the SAM database and its hashes from the target machine?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183299,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 19:57:42","updated_at":"2017-03-28 19:57:42","questionName":"Why does nmap perform a port scan even when only directed to run a specific NSE script? ","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183308,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 20:19:02","updated_at":"2017-03-28 20:19:02","questionName":"You have connected to a Windows system remotely and have shell access via netcat. While connected to the remote system you notice that some Windows commands work normally while others do not. An example of this is shown in the picture below. Which of the following best describes why this is happening?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":"uploads\/sans-gpen\/q34.png","position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183311,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 20:23:47","updated_at":"2017-03-28 20:24:46","questionName":"What difference would you expect to result from running the following commands:","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":"uploads\/sans-gpen\/q35.png","position":null,"explanation":"To get dig to perform a zone transfer, we invoke it with the \u2013t AXFR notification as: $ dig @[server] [domain] \u2013t AXFR This syntax will pull all information about a given domain. Alternatively, dig can perform an incremental zone transfer, pulling only r","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":183306,"quiz_id":"11050","answer_id":null,"answerType_id":"0","created_at":"2017-03-28 20:16:11","updated_at":"2017-03-28 20:16:11","questionName":"What is the main difference between LANMAN and NTLMv1 challenge\/responses?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"NTLMv1 starts with the NT hash, LANMAN starts with LANMAN. Otherwise the two are the same. ","question_score_id":null,"lang":null,"questionAudioPath":null}]
183301
0
120
block

Which nmap command would you use to reliably scan for open ports on a subnet and at the same time avoid detection by applications that log connections?

Select the Correct Answers  

(0/0)












183298
0
120
none
183307
0
120
none
183315
0
120
none
183300
0
120
none
183316
0
120
none
183296
0
120
none
183297
0
120
none
183313
0
120
none
183303
0
120
none
183312
0
120
none
183299
0
120
none
183308
0
120
none
183311
0
120
none
183306
0
120
none