Online Access Free GXPN Practice Test

What common attack vector targets both network protocols and client systems effectively?
Response:

• A.Cross-site scripting (XSS)
• B.SQL Injection
• C.Man-in-the-middle (MITM) attacks
• D.Distributed Denial of Service (DDoS)

You are tasked with fuzzing a proprietary protocol to identify potential flaws. Which tool or framework would you use, and what would be your first step in the fuzzing process?
Response:

• A.Use Nmap to scan for open ports before starting fuzzing
• B.Use Metasploit and begin by exploiting existing vulnerabilities
• C.Use Wireshark and start by analyzing the protocol's traffic
• D.Use the Sulley framework and start by defining a protocol grammar

Which cryptographic weakness can be targeted in poorly implemented AES (Advanced Encryption Standard) encryption?
Response:

• A.Padding oracle attack
• B.Return-oriented programming (ROP)
• C.Ret2libc
• D.Heap spraying

You are tasked with gaining access to a restricted network that uses port-based NAC. Which of the following actions would you take to bypass the NAC and gain access?
Response:

• A.Use a TCP reset attack on the gateway
• B.Launch a man-in-the-middle (MITM) attack on the network
• C.Perform a brute-force attack on the NAC server
• D.Spoof a MAC address of an authorized device

Which two operations are handled by the heap in Linux memory management?
(Choose Two)
Response:

• A.Storing local function variables
• B.Managing memory for objects created at runtime
• C.Keeping track of function call returns
• D.Dynamic memory allocation