What is the GPEN Certification?
The GIAC® Penetration Tester (GPEN) is a vendor-neutral certification created
and administered by the Global Information Assurance Certification (GIAC). The
GPEN certification is internationally recognized as a validation of
advanced-level penetration testing skills.
The certification is tailored for security personnel whose job duties involve
targeting networks to find security vulnerabilities. The exam tests the ability
of candidates to conduct penetration tests by using various methodologies, their
understanding the legal issues around penetration testing, and the technical and
non-technical aspects of pentesting.
Who Should Earn the GPEN?
The GPEN is a technical certification that demonstrates a person’s
understanding of utilizing a process-oriented approach to pentesting and
reporting. Professionals who may benefit from a GPEN certification include:
People responsible for conducting penetration tests or security assessments
Ethical hackers
IT security auditors
Incident responders and computer forensic investigators
IT and information security professionals who want to expand their knowledge
about offensive security
How Does the GPEN Certification Exam Work?
To obtain a GPEN certification, candidates must pass the certification exam.
The exam is proctored and has:
115 questions
A time limit of 3 hours
A minimum passing score of 74%
To register for a GPEN certification attempt, you need to submit an online
application and pay a $1,699 fee. Alternatively, you can take a training course
that includes an exam voucher, such as the GPEN boot camp offered by InfoSec
Institute.
The GPEN certification must be renewed after four years in order to keep up with
the ever-changing field of cybersecurity.
What Experience Do You Need to Take the GPEN Exam?
There are no specific prerequisites for the GPEN certification. However, you
should have a firm understanding of the Windows operating system, using the
Windows and Linux command line, computer networking and TCP/IP protocols, and a
basic understanding of cryptographic concepts.
A number of courses are available related to hacking and penetration testing in
addition to GPEN certification training.
What Are the Contents of the GPEN Certification?
There are sixteen outcome statements in the candidate handbook, which are the
topics for each exam part. Candidates need to grasp the skills taught within
these topics to pass the exam.
The statements are:
Advanced password attacks: Candidates need to be able to use methods to attack
password hashes and authentication technologies
Attacking password hashes: Candidates should be able to obtain and attack
password hashes and other password representations
Exploitation fundamentals: Candidates should be able to demonstrate the
fundamental concepts associated with the exploitation phase of a pentest
Initial target scanning: Candidates should be able to conduct port, operating
system, and service version scans and analyze the results
Metasploit: Candidates should be able to use and configure the Metasploit
Framework at an intermediate level
Moving files with exploits: Candidates should be able to use exploits to move
files between remote systems
Password attacks: Candidates should understand types of password attacks,
formats and defenses; the circumstances under which to use each password attack
variation, and be able to conduct password guessing attacks
Pentesting foundations: Candidates should be able to demonstrate the fundamental
concepts associated with pentesting
Pentesting process: Candidate sshould be able to utilize a process-oriented
approach to pentesting and reporting
Pentesting using PowerShell: Candidates should demonstrate an understanding of
the use of advanced Windows PowerShell skills during a penetration test
Penetration testing using the Windows command line: Candidates should
demonstrate an understanding of the use of advanced Windows command line skills
during a penetration test
Reconnaissance: Candidates should understand the fundamental concepts of
reconnaissance and how to obtain basic, high-level information about the target
organization and network
Scanning for targets: Candidates should be able to use the appropriate technique
to scan a network for potential targets
Vulnerability scanning: Candidates should be able to conduct vulnerability scans
and analyze the results
Web application attacks: Candidates should be able to utilize common web
application attacks
Web application reconnaissance: Candidates should demonstrate an understanding
of the use of tools and proxies to discover web application vulnerabilities
How Does GPEN Compare with Other Pentesting Certifications?
The execution of penetration tests requires a high level of hacking skills by
both self-study and trial-and-error. These skills range from conducting actual
tests to reporting and documenting findings to clients. There are several
certifications besides GPEN that aspiring pentesters may pursue:
EC-Council Certified Ethical Hacker (CEH): The CEH certification is a
penetration testing certification by EC-Council that establishes and governs the
minimum standards for professional ethical hackers. It also reinforces the fact
that ethical hacking is a unique and self-regulating profession. CEH is
vendor-neutral and covers various topics, including footprinting and
reconnaissance, scanning networks, host enumeration, system hacking and more.
IACRB Certified Penetration Tester (CPT): The CPT certification is offered by
IACRB and is designed to certify that candidates have working knowledge and
skills in relation to the field of penetration testing. The CPT consists of nine
domains directly relating to job duties of penetration testers.
IACRB Certified Expert Penetration Tester (CEPT): The CEPT if offered by IACRB
and is designed to certify that candidates have expert level knowledge and
skills in the nine domains directly relating to job duties of expert-level
penetration testers.
InfoSec Institute’s 10-day Penetration Testing boot camp helps students achieve
all three certifications (CEH, CPT and CEPT).
How to Maintain a GPEN Certification
GIAC certifications such as GPEN require renewal every four years. Registration
is enabled at the two-year mark prior to your certification expiration date.
GPEN holders need to accumulate 36 Continuing Professional Experience (CPE)
credits in order to maintain their certifications. You are required to submit
your CPE information and documentation in advance of your certification
expiration date. You should also allow for a 30-day processing period from the
time of completed submission. The submitting and tracking of CPE credits and
assignment of CPE credits to specific certification renewals such as the GPEN
are all completed through your online GIAC account dashboard.
The certification maintenance fee is a non-refundable $429 payment, due every
four years at the time of registration. If multiple renewals are done within the
two-year renewal period, each qualifies for a discount with the initial renewal
fee being $429 and successive renewals being $219 each.
What Is the Best Way to Train for the GPEN Certification?
There are a variety of ways to train for the GPEN certification, including:
Self-studying GPEN topic areas via books, practice exams and other resources
until you are confident you can pass the exam
Using websites like SkillSet to test your exam readiness in various topic areas
Taking a training boot camp, such as the GPEN certification training provided by
InfoSec Institute
Conclusion
The GIAC Penetration Tester certification requires a hands-on approach and is
one of the most desired technical cybersecurity certifications. The
certification is awarded to penetration testers who have proven their ability to
conduct pentesting on a wide range of infrastructure.
Obtaining and maintaining a GPEN or other pentesting certification helps to
prove your technical ability and verify that you up to date with the latest
technologies.
QUESTION: 1
ACME corporation has decided to setup wireless (IEEE 802.11) network in it’s sales branch at Tokyo
and found that channels 1, 6, 9,11 are in use by the neighboring offices. Which is the best channel
they can use?
A. 4
B. 5
C. 10
D. 2
Answer: D
QUESTION: 2
Which Metasplogtvncinject stager will allow VNC communications from the attacker to a listening
port of the attacker’s choosing on the victim machine?
A. Vncinject/find.lag
B. Vncinject/reverse.tcp
C. Vncinject/reverse-http
D. Vncinject /bind.tcp
Answer: B
Explanation:
Reference:
https://www.rapid7.com/db/modules/payload/windows/vncinject/reverse_tcp
QUESTION: 3
What is the MOST important document to obtain before beginning any penetration testing?
A. Project plan
B. Exceptions document
C. Project contact list
D. A written statement of permission
Answer: A
Explanation:
Reference:
Before starting a penetration test, all targets must be identified. These targets should be obtained
from the customer during the initial questionnaire phase. Targets can be given in the form of specific
IP addresses, network ranges, or domain names by the customer. In some instances, the only target
the customer provides is the name of the organization and expects the testers be able to identify the
rest on their own. It is important to define if systems like firewalls and IDS/IPS or networking
equipment that are between the tester and the final target are also part of the scope. Additional
elements such as upstream providers, and other 3rd party providers should be identified and defined
whether they are in scope or not.
QUESTION: 4
While reviewing traffic from a tcpdump capture, you notice the following commands being sent from
a remote system to one of your web servers:
C:\>sc winternet.host.com create ncservicebinpath- “c:\tools\ncexe -I -p 2222 -e cmd.exe”
C:\>sc vJnternet.host.com query ncservice.
What is the intent of the commands?
A. The first command creates a backdoor shell as a service. It is being started on TCP2222 using
cmd.exe. The second command verifies the service is created and itsstatus.
B. The first command creates a backdoor shell as a service. It is being started on UDP2222 using
cmd.exe. The second command verifies the service is created and itsstatus.
C. This creates a service called ncservice which is linked to the cmd.exe command andits designed to
stop any instance of nc.exe being run. The second command verifiesthe service is created and its
status.
D. The first command verifies the service is created and its status. The secondcommand creates a
backdoor shell as a service. It is being started on TCP 2222connected to cmd.exe.
Answer: C
QUESTION: 5
Which of the following best describes a client side explogt?
A. Attack of a client application that retrieves content from the network
B. Attack that escalates user privileged to root or administrator
C. Attack of a service listening on a client system
D. Attack on the physical machine
Answer: C
QUESTION: 6
Which of the following TCP packet sequences are common during a SYN (or half-open) scan?
A. The source computer sends SYN and the destination computer responds with RST
B. The source computer sends SYN-ACK and no response Is received from the destination computer
C. The source computer sends SYN and no response is received from the destination computer
D. The source computer sends SYN-ACK and the destination computer responds with RST-ACK
A. A,B and C
B. A and C
C. C and D
D. C and D
Answer: C
Click here to
view complete Q&A of GPEN exam
Certkingdom Review,
Certkingdom PDF Torrents
Best GIAC GPEN Certification, GIAC GPEN Training at certkingdom.com