GPEN GIAC Certified Penetration Tester

What is the GPEN Certification?
The GIAC® Penetration Tester (GPEN) is a vendor-neutral certification created and administered by the Global Information Assurance Certification (GIAC). The GPEN certification is internationally recognized as a validation of advanced-level penetration testing skills.

The certification is tailored for security personnel whose job duties involve targeting networks to find security vulnerabilities. The exam tests the ability of candidates to conduct penetration tests by using various methodologies, their understanding the legal issues around penetration testing, and the technical and non-technical aspects of pentesting.

Who Should Earn the GPEN?
The GPEN is a technical certification that demonstrates a person’s understanding of utilizing a process-oriented approach to pentesting and reporting. Professionals who may benefit from a GPEN certification include:

People responsible for conducting penetration tests or security assessments
Ethical hackers
IT security auditors
Incident responders and computer forensic investigators
IT and information security professionals who want to expand their knowledge about offensive security

How Does the GPEN Certification Exam Work?
To obtain a GPEN certification, candidates must pass the certification exam. The exam is proctored and has:

115 questions
A time limit of 3 hours
A minimum passing score of 74%

To register for a GPEN certification attempt, you need to submit an online application and pay a $1,699 fee. Alternatively, you can take a training course that includes an exam voucher, such as the GPEN boot camp offered by InfoSec Institute.

The GPEN certification must be renewed after four years in order to keep up with the ever-changing field of cybersecurity.
What Experience Do You Need to Take the GPEN Exam?

There are no specific prerequisites for the GPEN certification. However, you should have a firm understanding of the Windows operating system, using the Windows and Linux command line, computer networking and TCP/IP protocols, and a basic understanding of cryptographic concepts.

A number of courses are available related to hacking and penetration testing in addition to GPEN certification training.
What Are the Contents of the GPEN Certification?

There are sixteen outcome statements in the candidate handbook, which are the topics for each exam part. Candidates need to grasp the skills taught within these topics to pass the exam.

The statements are:

Advanced password attacks: Candidates need to be able to use methods to attack password hashes and authentication technologies
Attacking password hashes: Candidates should be able to obtain and attack password hashes and other password representations
Exploitation fundamentals: Candidates should be able to demonstrate the fundamental concepts associated with the exploitation phase of a pentest
Initial target scanning: Candidates should be able to conduct port, operating system, and service version scans and analyze the results
Metasploit: Candidates should be able to use and configure the Metasploit Framework at an intermediate level
Moving files with exploits: Candidates should be able to use exploits to move files between remote systems
Password attacks: Candidates should understand types of password attacks, formats and defenses; the circumstances under which to use each password attack variation, and be able to conduct password guessing attacks
Pentesting foundations: Candidates should be able to demonstrate the fundamental concepts associated with pentesting
Pentesting process: Candidate sshould be able to utilize a process-oriented approach to pentesting and reporting
Pentesting using PowerShell: Candidates should demonstrate an understanding of the use of advanced Windows PowerShell skills during a penetration test
Penetration testing using the Windows command line: Candidates should demonstrate an understanding of the use of advanced Windows command line skills during a penetration test
Reconnaissance: Candidates should understand the fundamental concepts of reconnaissance and how to obtain basic, high-level information about the target organization and network
Scanning for targets: Candidates should be able to use the appropriate technique to scan a network for potential targets
Vulnerability scanning: Candidates should be able to conduct vulnerability scans and analyze the results
Web application attacks: Candidates should be able to utilize common web application attacks
Web application reconnaissance: Candidates should demonstrate an understanding of the use of tools and proxies to discover web application vulnerabilities

How Does GPEN Compare with Other Pentesting Certifications?

The execution of penetration tests requires a high level of hacking skills by both self-study and trial-and-error. These skills range from conducting actual tests to reporting and documenting findings to clients. There are several certifications besides GPEN that aspiring pentesters may pursue:

EC-Council Certified Ethical Hacker (CEH): The CEH certification is a penetration testing certification by EC-Council that establishes and governs the minimum standards for professional ethical hackers. It also reinforces the fact that ethical hacking is a unique and self-regulating profession. CEH is vendor-neutral and covers various topics, including footprinting and reconnaissance, scanning networks, host enumeration, system hacking and more.
IACRB Certified Penetration Tester (CPT): The CPT certification is offered by IACRB and is designed to certify that candidates have working knowledge and skills in relation to the field of penetration testing. The CPT consists of nine domains directly relating to job duties of penetration testers.
IACRB Certified Expert Penetration Tester (CEPT): The CEPT if offered by IACRB and is designed to certify that candidates have expert level knowledge and skills in the nine domains directly relating to job duties of expert-level penetration testers.

InfoSec Institute’s 10-day Penetration Testing boot camp helps students achieve all three certifications (CEH, CPT and CEPT).
How to Maintain a GPEN Certification

GIAC certifications such as GPEN require renewal every four years. Registration is enabled at the two-year mark prior to your certification expiration date.

GPEN holders need to accumulate 36 Continuing Professional Experience (CPE) credits in order to maintain their certifications. You are required to submit your CPE information and documentation in advance of your certification expiration date. You should also allow for a 30-day processing period from the time of completed submission. The submitting and tracking of CPE credits and assignment of CPE credits to specific certification renewals such as the GPEN are all completed through your online GIAC account dashboard.

The certification maintenance fee is a non-refundable $429 payment, due every four years at the time of registration. If multiple renewals are done within the two-year renewal period, each qualifies for a discount with the initial renewal fee being $429 and successive renewals being $219 each.
What Is the Best Way to Train for the GPEN Certification?

There are a variety of ways to train for the GPEN certification, including:

Self-studying GPEN topic areas via books, practice exams and other resources until you are confident you can pass the exam
Using websites like SkillSet to test your exam readiness in various topic areas
Taking a training boot camp, such as the GPEN certification training provided by InfoSec Institute

Conclusion

The GIAC Penetration Tester certification requires a hands-on approach and is one of the most desired technical cybersecurity certifications. The certification is awarded to penetration testers who have proven their ability to conduct pentesting on a wide range of infrastructure.

Obtaining and maintaining a GPEN or other pentesting certification helps to prove your technical ability and verify that you up to date with the latest technologies.


QUESTION: 1
ACME corporation has decided to setup wireless (IEEE 802.11) network in it’s sales branch at Tokyo
and found that channels 1, 6, 9,11 are in use by the neighboring offices. Which is the best channel
they can use?

A. 4
B. 5
C. 10
D. 2

Answer: D


QUESTION: 2
Which Metasplogtvncinject stager will allow VNC communications from the attacker to a listening
port of the attacker’s choosing on the victim machine?

A. Vncinject/find.lag
B. Vncinject/reverse.tcp
C. Vncinject/reverse-https:
D. Vncinject /bind.tcp

Answer: B

Explanation:
Reference:
http://www.rapid7.com/db/modules/payload/windows/vncinject/reverse_tcp


QUESTION: 3
What is the MOST important document to obtain before beginning any penetration testing?

A. Project plan
B. Exceptions document
C. Project contact list
D. A written statement of permission

Answer: A

Explanation:
Reference:
Before starting a penetration test, all targets must be identified. These targets should be obtained
from the customer during the initial questionnaire phase. Targets can be given in the form of specific
IP addresses, network ranges, or domain names by the customer. In some instances, the only target
the customer provides is the name of the organization and expects the testers be able to identify the
rest on their own. It is important to define if systems like firewalls and IDS/IPS or networking
equipment that are between the tester and the final target are also part of the scope. Additional
elements such as upstream providers, and other 3rd party providers should be identified and defined
whether they are in scope or not.


QUESTION: 4
While reviewing traffic from a tcpdump capture, you notice the following commands being sent from
a remote system to one of your web servers:
C:\>sc winternet.host.com create ncservicebinpath- “c:\tools\ncexe -I -p 2222 -e cmd.exe”
C:\>sc vJnternet.host.com query ncservice.
What is the intent of the commands?

A. The first command creates a backdoor shell as a service. It is being started on TCP2222 using
cmd.exe. The second command verifies the service is created and itsstatus.
B. The first command creates a backdoor shell as a service. It is being started on UDP2222 using
cmd.exe. The second command verifies the service is created and itsstatus.
C. This creates a service called ncservice which is linked to the cmd.exe command andits designed to
stop any instance of nc.exe being run. The second command verifiesthe service is created and its
status.
D. The first command verifies the service is created and its status. The secondcommand creates a
backdoor shell as a service. It is being started on TCP 2222connected to cmd.exe.

Answer: C


QUESTION: 5
Which of the following best describes a client side explogt?

A. Attack of a client application that retrieves content from the network
B. Attack that escalates user privileged to root or administrator
C. Attack of a service listening on a client system
D. Attack on the physical machine

Answer: C


QUESTION: 6
Which of the following TCP packet sequences are common during a SYN (or half-open) scan?

A. The source computer sends SYN and the destination computer responds with RST
B. The source computer sends SYN-ACK and no response Is received from the destination computer
C. The source computer sends SYN and no response is received from the destination computer
D. The source computer sends SYN-ACK and the destination computer responds with RST-ACK

A. A,B and C
B. A and C
C. C and D
D. C and D

Answer: C

Click here to view complete Q&A of GPEN exam
Certkingdom Review
, Certkingdom PDF Torrents

MCTS Training, MCITP Trainnig

Best GIAC GPEN Certification, GIAC GPEN Training at certkingdom.com

GPEN GIAC Certified Penetration Tester
Scroll to top