SANS 560 ~ GPEN EXAM 2025 WITH 100%
ACCURATE SOLUTIONS
Which of the following correctly defines the Nmap Scripting Engine
“intrusive” category?
Detects network-accessible backdoors
Looks for a vulnerability
Detects the version of a target’s services
May leave logs, guess passwords, or otherwise impact the target – Answer
May leave logs, guess passwords, or otherwise impact the target
After scanning a network, a penetration tester has a list of open ports to
be investigated. Which Nmap feature can be used to probe the target
machine and determine what software is actually listening on those ports?
TCP connect scan
Version scanning
UDP port scan
TCP SYN scan – Answer Version scanning
,A penetration tester executes the command “dnsrecon -d [domain] -t
axfr” to target the DNS infrastructure of an organization. What are they
doing?
Attempting a zone transfer
Performing a DNSSEC zone walk
Performing a reverse DNS lookup for IPaddress or CIDRrange
Scanning for DNS cache snooping using a supplied dictionary file – Answer
Attempting a zone transfer
Which Regional Internet Registry is responsible for Europe, the Middle
East, and parts of Central Asia?
RIPE NCC
ARIN
LACNIC
APNIC – Answer RIPE NCC
Which of the following implies that you are measuring things against a
fixed, pre-determined, rigorous set of standards?
Penetration testing
Vulnerability scan
,Security audit
Security assessment – Answer Security audit
In retaliation for being fired, a former employee wants to cause a network
outage in an organization. What is the former employee an example of?
Risk
Threat
Exploit
Vulnerability – Answer Threat
During a penetration testing engagement, the tester poses as a targeted
user to a call center operator and requests that the user’s password be
changed. What sort of penetration test is being performed?
Network services test
Web application test
Client-side test
Social engineering test – Answer Social engineering test
What is the default -T speed used by Nmap when scanning a target?
3
, 1
2
4 – Answer 3
An organization is contracted to perform an external penetration test on a
very large target network. Which technique would be most effective to
limit the scope of the scanning needed to identify targets?
Scan using Nessus unsafe plugins.
Scan using a TCP SYN scan for all ports.
Scan using a TCP connect scan for all ports.
Scan a subset of commonly used ports. – Answer Scan a subset of
commonly used ports.
Upon gaining access to a Linux host, what directory could be useful to
review for interesting files such as account information and hashes?
Root
Etc
Passwd
Home – Answer ect
ACCURATE SOLUTIONS
Which of the following correctly defines the Nmap Scripting Engine
“intrusive” category?
Detects network-accessible backdoors
Looks for a vulnerability
Detects the version of a target’s services
May leave logs, guess passwords, or otherwise impact the target – Answer
May leave logs, guess passwords, or otherwise impact the target
After scanning a network, a penetration tester has a list of open ports to
be investigated. Which Nmap feature can be used to probe the target
machine and determine what software is actually listening on those ports?
TCP connect scan
Version scanning
UDP port scan
TCP SYN scan – Answer Version scanning
,A penetration tester executes the command “dnsrecon -d [domain] -t
axfr” to target the DNS infrastructure of an organization. What are they
doing?
Attempting a zone transfer
Performing a DNSSEC zone walk
Performing a reverse DNS lookup for IPaddress or CIDRrange
Scanning for DNS cache snooping using a supplied dictionary file – Answer
Attempting a zone transfer
Which Regional Internet Registry is responsible for Europe, the Middle
East, and parts of Central Asia?
RIPE NCC
ARIN
LACNIC
APNIC – Answer RIPE NCC
Which of the following implies that you are measuring things against a
fixed, pre-determined, rigorous set of standards?
Penetration testing
Vulnerability scan
,Security audit
Security assessment – Answer Security audit
In retaliation for being fired, a former employee wants to cause a network
outage in an organization. What is the former employee an example of?
Risk
Threat
Exploit
Vulnerability – Answer Threat
During a penetration testing engagement, the tester poses as a targeted
user to a call center operator and requests that the user’s password be
changed. What sort of penetration test is being performed?
Network services test
Web application test
Client-side test
Social engineering test – Answer Social engineering test
What is the default -T speed used by Nmap when scanning a target?
3
, 1
2
4 – Answer 3
An organization is contracted to perform an external penetration test on a
very large target network. Which technique would be most effective to
limit the scope of the scanning needed to identify targets?
Scan using Nessus unsafe plugins.
Scan using a TCP SYN scan for all ports.
Scan using a TCP connect scan for all ports.
Scan a subset of commonly used ports. – Answer Scan a subset of
commonly used ports.
Upon gaining access to a Linux host, what directory could be useful to
review for interesting files such as account information and hashes?
Root
Etc
Passwd
Home – Answer ect
