GPEN Practice Questions: Exploitation Fundamentals & Escalation Domain
Test your GPEN knowledge with 5 practice questions from the Exploitation Fundamentals & Escalation domain. Includes detailed explanations and answers.
GPEN Practice Questions
Master the Exploitation Fundamentals & Escalation Domain
Test your knowledge in the Exploitation Fundamentals & Escalation domain with these 5 practice questions. Each question is designed to help you prepare for the GPEN certification exam with detailed explanations to reinforce your learning.
Question 1
You have access to a Windows server and want to maintain persistence. Which technique should you consider?
Show Answer & Explanation
Correct Answer: B
Explanation: Creating a startup script is a common method to maintain persistence as it ensures that your payload runs on system startup. Modifying the bootloader and BIOS settings are risky and less practical, while disabling the firewall is noisy and easily detected.
Question 2
Which of the following is a common post-exploitation method to escalate privileges on a Windows machine?
Show Answer & Explanation
Correct Answer: A
Explanation: Exploiting a vulnerable service running as SYSTEM is a common method for privilege escalation. Disabling UAC, password spraying, and modifying group policies are not typically used for privilege escalation.
Question 3
You've gained access to a Linux machine with limited privileges. Which command could help identify kernel version vulnerabilities?
Show Answer & Explanation
Correct Answer: A
Explanation: The 'uname -r' command reveals the kernel version, which can be checked for known vulnerabilities. 'ifconfig', 'ps -ef', and 'netstat -tuln' provide network and process information, not kernel details.
Question 4
During a penetration test, you gain access to a Linux server. Which method should you prioritize to escalate privileges?
Show Answer & Explanation
Correct Answer: B
Explanation: Searching for misconfigured SUID binaries is a common and efficient method for privilege escalation on Linux systems. Exploiting a kernel vulnerability may not be feasible without a specific exploit, brute-forcing is noisy and often against rules of engagement, and scanning for open services is not directly related to privilege escalation.
Question 5
During a penetration test, you gain access to a Linux server. To escalate privileges, which file should you examine for potential SUID misconfigurations?
Show Answer & Explanation
Correct Answer: D
Explanation: The /usr/bin directory often contains binaries with SUID permissions. Misconfigured SUID binaries can be exploited for privilege escalation. /etc/passwd, /etc/shadow, and /etc/hosts do not typically contain SUID binaries.
Ready to Accelerate Your GPEN Preparation?
Join thousands of professionals who are advancing their careers through expert certification preparation with FlashGenius.
- ✅ Unlimited practice questions across all GPEN domains
- ✅ Full-length exam simulations with real-time scoring
- ✅ AI-powered performance tracking and weak area identification
- ✅ Personalized study plans with adaptive learning
- ✅ Mobile-friendly platform for studying anywhere, anytime
- ✅ Expert explanations and study resources
Already have an account? Sign in here
About GPEN Certification
The GPEN certification validates your expertise in exploitation fundamentals & escalation and other critical domains. Our comprehensive practice questions are carefully crafted to mirror the actual exam experience and help you identify knowledge gaps before test day.