Free GPEN Exam Dumps

Question 26

- (Topic 4)
What does TCSEC stand for?

A. Trusted Computer System Evaluation Criteria
B. Target Computer System Evaluation Criteria
C. Trusted Computer System Experiment Criteria
D. Trusted Computer System Evaluation Center

Correct Answer:A

Question 27

- (Topic 3)
Network mapping provides a security testing team with a blueprint of the organization. Which of the following steps is NOT a part of manual network mapping?

A. Collecting employees information
B. Gathering private and public IP addresses
C. Performing Neotracerouting
D. Banner grabbing

Correct Answer:C

Question 28

- (Topic 2)
You run the following PHP script:

What is the use of the mysql_real_escape_string() function in the above script. Each correct answer represents a complete solution. Choose all that apply

A. It escapes all special characters from strings $_POST["name"] and $_POST["password"].
B. It escapes all special characters from strings $_POST["name"] and $_POST["password"] except ' and ".
C. It can be used to mitigate a cross site scripting attac
D. It can be used as a countermeasure against a SQL injection attac

Correct Answer:AD

Question 29

- (Topic 4)
John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?
Each correct answer represents a complete solution. Choose all that apply.

A. Dictionary attack
B. Rule based attack
C. Hybrid attack
D. Brute Force attack

Correct Answer:ACD

Question 30

CORRECT TEXT - (Topic 2)
Write the appropriate attack name to fill in the blank.
In a _____________ DoS attack, the attacker sends a spoofed TCP SYN packet in which the IP address of the target is filled in both the source and destination fields.

Correct Answer:land