01. Which of the following are common methods for escalating privileges on a Linux system?
(Choose two)
a) Exploiting vulnerable services or daemons
b) Cracking passwords using brute force attacks
c) Modifying file permissions as a regular user
d) Abusing misconfigured network services
02. How should the success criteria of a red team engagement be determined?
a) By the number of vulnerabilities found
b) By achieving the predefined objectives without being detected
c) By the amount of time it takes to breach the system
d) By the feedback received from the organization's employees
03. What is the primary purpose of a Golden Ticket attack within an Active Directory environment?
a) To modify Active Directory schema
b) To extract plaintext passwords from the Active Directory database
c) To disrupt the availability of Active Directory services
d) To obtain persistent access and impersonate the domain's Kerberos Ticket Granting Ticket (TGT)
04. Why is it important to use both direct and indirect C2 channels in an attack infrastructure?
a) To ensure redundancy in case one communication channel is detected or disrupted
b) To provide different bandwidth options for data exfiltration
c) To comply with international cyber warfare conventions
d) To facilitate the segmentation of the compromised network
05. Adversary emulation differs from penetration testing primarily in that it:
a) Focuses solely on the exploitation of physical security controls
b) Emulates an adversary's actions based on real-world incidents and TTPs
c) Is an unstructured approach to identifying vulnerabilities
d) Is typically performed without any prior knowledge of the environment
06. What are effective strategies for the initial reconnaissance phase?
(Choose two)
a) Social engineering to gather intel from company employees
b) Deploying a wide range of automated scanning tools against the target
c) Reviewing publicly available information about the target
d) Physically breaking into the target's premises to gather intel
07. In network discovery, which types of information are typically gathered using SNMP enumeration?
(Choose two)
a) Network device types and roles
b) Usernames and passwords
c) Running services and processes
d) Network interface and routing information
08. Which technique is indicative of ransomware behavior within a network?
a) Incremental backups of essential files
b) Encryption of files with a demand for payment for decryption keys
c) Broadcasting SSID from the compromised system
d) Port scanning the internal network for open services
09. During the enumeration phase, why is it important to identify the domain controllers in an Active Directory environment?
a) To locate the physical servers in the data center
b) To determine the brand of hardware being used
c) To assess the environmental temperature controls
d) To target the primary sources of authentication and policy enforcement
10. In the context of persistence, what is the purpose of creating a hidden user account on the compromised system?
a) To enable the legitimate users to have enhanced privileges
b) To facilitate remote support and troubleshooting
c) To ensure the attacker can regain access even if other accounts are discovered or removed
d) To provide an account for guest users
The purpose of this Sample Question Set is to provide you with information about the GIAC Red Team Professional (GRTP) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the GRTP certification test. To get familiar with real exam environment, we suggest you try our Sample GIAC GRTP Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual GIAC Red Team Professional (GRTP) certification exam.