New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium GIAC GCFA Dumps Questions Answers

Page: 1 / 12
Total 318 questions

GIACCertified Forensics Analyst Questions and Answers

Question 1

Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

Options:

A.

Copyright

B.

Utility model

C.

Cookie

D.

Trade secret

Buy Now
Question 2

Which of the following Acts enacted in United States amends Civil Rights Act of 1964, providing technical changes affecting the length of time allowed to challenge unlawful seniority provisions, to sue the federal government for discrimination and to bring age discrimination claims?

Options:

A.

Sexual Predators Act

B.

Civil Rights Act of 1991

C.

PROTECT Act

D.

The USA Patriot Act of 2001

Question 3

In which of the following security tests does the security testing team simulate as an employee or other person with an authorized connection to the organization's network?

Options:

A.

Remote network

B.

Remote dial-up network

C.

Stolen equipment

D.

Local network

Question 4

Which of the following is NOT an example of passive footprinting?

Options:

A.

Querying the search engine.

B.

Analyzing job requirements.

C.

Scanning ports.

D.

Performing the whois query.

Question 5

Your Windows XP hard drive has 2 partitions. The system partition is NTFS and the other is FAT. You wish to encrypt a folder created on the system partition for the purpose of data security. Which of the following statements is true about this situation?

Options:

A.

You can only encrypt files on the NTFS partition.

B.

You can only encrypt files on the FAT partition.

C.

Since the operating system is on the NTFS partition, you can encrypt files on both.

D.

You cannot encrypt files on either partition.

Question 6

You work as a Network Administrator for Tech Perfect Inc. The company has a Linux-based network. Users complain that they are unable to access resources on the network. However, there was no such problem the previous day. They are receiving the following error messages regularly:

Unable to resolve host name

As your primary step for resolving the issue, which of the following services will you verify whether it is running or not?

Options:

A.

APACHE

B.

BIND

C.

SAMBA

D.

SQUID

Question 7

What are the purposes of audit records on an information system?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Backup

B.

Investigation

C.

Upgradation

D.

Troubleshooting

Question 8

Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites?

Options:

A.

Child Pornography Prevention Act (CPPA)

B.

Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act)

C.

Sexual Predators Act

D.

USA PATRIOT Act

Question 9

Which of the following statements about SD cards are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It is used with mobile phones and digital cameras.

B.

It is a type of non-volatile memory card.

C.

It is a 184-pin memory module.

D.

It is used as RAM on client computers and servers.

Question 10

The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?

Options:

A.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

B.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

C.

HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"

D.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Question 11

Which of the following sections of United States Economic Espionage Act of 1996 criminalizes the misappropriation of trade secrets related to or included in a product that is produced for or placed in interstate commerce, with the knowledge or intent that the misappropriation will injure the owner of the trade secret?

Options:

A.

Title 18, U.S.C. 1839

B.

Title 18, U.S.C. 1832

C.

Title 18, U.S.C. 1831

D.

Title 18, U.S.C. 1834

Question 12

Adrian, the Network Administrator for Peach Tree Inc., wants to install a new computer on the company's network. He asks his assistant to make a boot disk with minimum files. The boot disk will be used to boot the computer, which does not have an operating system installed, yet. Which of the following files will he include on the disk?

Options:

A.

IO.SYS, MSDOS.SYS, COMMAND.COM, and AUTOEXEC.BAT.

B.

IO.SYS, MSDOS.SYS, and COMMAND.COM.

C.

IO.SYS, MSDOS.SYS, COMMAND.COM, and CONFIG.SYS.

D.

IO.SYS, MSDOS.SYS, COMMAND.COM, and FDISK.

Question 13

In a Windows 98 computer, which of the following utilities is used to convert a FAT16 partition to FAT32?

Options:

A.

CVT16.EXE

B.

CVT1.EXE

C.

CONVERT16.EXE

D.

CONVERT.EXE

Question 14

You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to set the hard disk geometry parameters, cylinders, heads, and sectors. Which of the following Unix commands can you use to accomplish the task?

Options:

A.

mkfs

B.

mkswap

C.

mke2fs

D.

hdparm

Question 15

Which of the following steps should be performed in order to optimize a system performance?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Run anti-spyware program regularly

B.

Defragment the hard disk drive

C.

Edit registry regularly

D.

Delete the temporary files

Question 16

You want to change the attribute of a file named ACE.TXT to Hidden. Which command line will enable you to set the attribute?

Options:

A.

ATTRIB ACE.TXT -H

B.

ATTRIB ACE.TXT /HR

C.

ATTRIB ACE.TXT +H

D.

ATTRIB ACE.TXT /H

Question 17

You work as a Network Administrator for Web World Inc. You want to host an e-commerce Web site on your network. You want to ensure that storage of credit card information is secure. Which of the following conditions should be met to accomplish this?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

NT authentication should be required for all customers before they provide their credit card numbers.

B.

Strong encryption software should be used to store credit card information.

C.

Only authorized access should be allowed to credit card information.

D.

The NTFS file system should be implemented on a client computer.

Question 18

Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?

Options:

A.

Physical layer, data link layer, network layer, transport layer, presentation layer, session layer, and application layer

B.

application layer, presentation layer, network layer, transport layer, session layer, data link layer, and physical layer

C.

Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer

D.

Physical layer, network layer, transport layer, data link layer, session layer, presentation layer, and application layer

Question 19

Which of the following is the process of overwriting all addressable locations on a disk?

Options:

A.

Drive wiping

B.

Spoofing

C.

Sanitization

D.

Authentication

Question 20

Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

Options:

A.

DOS boot disk

B.

Linux Live CD

C.

Secure Authentication for EnCase (SAFE)

D.

EnCase with a hardware write blocker

Question 21

Nathan works as a professional Ethical Hacker. He wants to see all open TCP/IP and UDP ports of his computer. Nathan uses the netstat command for this purpose but he is still unable to map open ports to the running process with PID, process name, and path. Which of the following commands will Nathan use to accomplish the task?

Options:

A.

ping

B.

Psloggedon

C.

Pslist

D.

fport

Question 22

Which of the following tools can be used by a user to hide his identity?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Proxy server

B.

Anonymizer

C.

Rootkit

D.

IPchains

E.

War dialer

Question 23

Normally, RAM is used for temporary storage of data. But sometimes RAM data is stored in the hard disk, what is this method called?

Options:

A.

Cache memory

B.

Static memory

C.

Virtual memory

D.

Volatile memory

Question 24

You company suspects an employee of sending unauthorized emails to competitors. These emails are alleged to contain confidential company data. Which of the following is the most important step for you to take in preserving the chain of custody?

Options:

A.

Preserve the email server including all logs.

B.

Make copies of that employee's email.

C.

Seize the employee's PC.

D.

Place spyware on the employee's PC to confirm these activities.

Question 25

Which of the following tools are used for footprinting?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Sam spade

B.

Traceroute

C.

Whois

D.

Brutus

Question 26

Which of the following file systems cannot be used to install an operating system on the hard disk drive?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Windows NT file system (NTFS)

B.

High Performance File System (HPFS)

C.

Log-structured file system (LFS)

D.

Compact Disc File System (CDFS)

E.

Novell Storage Services (NSS)

Question 27

Which of the following types of evidence proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses?

Options:

A.

Conclusive evidence

B.

Best evidence

C.

Hearsay evidence

D.

Direct evidence

Question 28

By gaining full control of router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack Routers?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

By launching Social Engineering attack

B.

By launching Max Age attack

C.

Route table poisoning

D.

By launching Sequence++ attack

Question 29

The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Information dissemination policy

B.

Additional personnel security controls

C.

Incident response plan

D.

Electronic monitoring statement

Question 30

Adam works as a professional Computer Hacking Forensic Investigator with the local police of his area. A project has been assigned to him to investigate a PDA seized from a local drug dealer. It is expected that many valuable and important information are stored in this PDA. Adam follows investigative methods, which are required to perform in a pre-defined sequential manner for the successful forensic investigation of the PDA. Which of the following is the correct order to perform forensic investigation of PDA?

Options:

A.

Identification, Collection, Examination, Documentation

B.

Examination, Collection, Identification, Documentation

C.

Documentation, Examination, Identification, Collection

D.

Examination, Identification, Collection, Documentation

Question 31

Maria works as a professional Ethical Hacker. She recently got a project to test the security of Arrange the three pre-test phases of the attack to test the security of weare-secure.

Options:

A.

Question 32

Mark works as a Network Administrator for Net Perfect Inc. The company has a Linux-based network. Mark installs a Checkpoint Firewall NGX on a SecurePlatform device. He performs a scheduled backup of his system settings and products configuration. Where are these backup files stored?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

SCP

B.

TFTP

C.

Locally on the SecurePlatform machine hard drive

D.

On a PC in a file named userC

Question 33

Which of the following is the Windows feature on which the file management can be performed by a PC user?

Options:

A.

Activity Monitor

B.

Task Manager

C.

Windows Explorer

D.

Finder

Question 34

You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. You are configuring a wireless LAN on the network. You experience interference on your network. Through investigation, you come to know that three foreign WAPs are within the range of your LAN. Although they have different SSIDs than yours, they are working on the same channel as yours.

Which of the following steps will you take to reduce the interference?

Options:

A.

Configure the same SSID as of the foreign networks.

B.

Install a router on your network.

C.

Change your WAP's channel.

D.

Install an external antenna.

Question 35

Which of the following provides high availability of data?

Options:

A.

RAID

B.

Anti-virus software

C.

EFS

D.

Backup

Question 36

Which of the following file systems provides integrated security?

Options:

A.

CDFS

B.

EFS

C.

HPFS

D.

FAT32

Question 37

Which utility enables you to access files from a Windows .CAB file?

Options:

A.

ACCESS.EXE

B.

WINZIP.EXE

C.

XCOPY.EXE

D.

EXTRACT.EXE

Question 38

This type of virus infects programs that can execute and load into memory to perform predefined steps for infecting systems. It infects files with the extensions .EXE, .COM, .BIN, and .SYS. As it can replicate or destroy these types of files, the operating system becomes corrupted and needs reinstallation. This type of virus is known as __________.

Options:

A.

Polymorphic virus

B.

Stealth virus

C.

Boot sector virus

D.

File virus

E.

Multipartite virus

Question 39

Which of the following diagnostic codes sent by POST to the internal port h80 refers to the system board error?

Options:

A.

200 to 299

B.

100 to 199

C.

400 to 499

D.

300 to 399

Question 40

Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?

Options:

A.

18 U.S.C. 1030

B.

18 U.S.C. 1362

C.

18 U.S.C. 2701

D.

18 U.S.C. 2510

E.

18 U.S.C. 1029

Question 41

In the United States, Title VII of the 1964 Civil Rights Act was formulated to protect an employee from discrimination on the basis of religion, color, race, national origin, and sex. This law makes discrimination in employment illegal. Which of the following was the original emphasis of the Act?

Options:

A.

Protect fundamental rights of an employee

B.

Equal position to all employees

C.

Protect woman in the workplace

D.

Prevent child pornography

Question 42

John is a black hat hacker. FBI arrested him while performing some email scams. Under which of the following US laws will john be charged?

Options:

A.

18 U.S.C. 2701

B.

18 U.S.C. 1030

C.

18 U.S.C. 1362

D.

18 U.S.C. 2510

Question 43

You are a professional Computer Hacking forensic investigator. You have been called to collect the evidences of Buffer Overflows or Cookie snooping attack. Which of the following logs will you review to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

System logs

B.

Event logs

C.

Web server logs

D.

Program logs

Question 44

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

Options:

A.

Email spoofing

B.

Social engineering

C.

Steganography

D.

Web ripping

Question 45

Which of the following Windows XP system files handles memory management, I/O operations, and interrupts?

Options:

A.

Ntoskrnl.exe

B.

Win32k.sys

C.

Advapi32.dll

D.

Kernel32.dll

Question 46

Mark has been hired by a company to work as a Network Assistant. He is assigned the task to

configure a dial-up connection. He is configuring a laptop. Which of the following protocols should he disable to ensure that the password is encrypted during remote access?

Options:

A.

MSCHAP

B.

SPAP

C.

MSCHAP V2

D.

PAP

Question 47

Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

Options:

A.

Technical representative

B.

Information security representative

C.

Legal representative

D.

Lead investigator

Page: 1 / 12
Total 318 questions