GIACCertified Forensics Analyst v6.0 (GCFA)

Page:    1 / 22   
Total 318 questions

Mark is the Administrator of a Linux computer. He wants to check the status of failed
Telnet-based login attempts on the Linux computer. Which of the following shell commands will he use to accomplish the task?

  • A. GREP
  • B. CP
  • C. FSCK
  • D. CAT


Answer : A

Which of the following modules of OS X kernel (XNU) provides the primary system program interface?

  • A. BSD
  • B. LIBKERN
  • C. I/O Toolkit
  • D. Mach


Answer : A

You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

  • A. History folder
  • B. Temporary Internet Folder
  • C. Download folder
  • D. Cookies folder


Answer : A,B,D

Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of
Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive documents and database files from the computer. After performing these malicious tasks,
Adam finally runs the following command on the Linux command box before disconnecting. for (( i = 0;i<11;i++ )); do dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done
Which of the following actions does Adam want to perform by the above command?

  • A. Making a bit stream copy of the entire hard disk for later download.
  • B. Deleting all log files present on the system.
  • C. Wiping the contents of the hard disk with zeros.
  • D. Infecting the hard disk with polymorphic virus strings.


Answer : C

Adam works as a professional Computer Hacking Forensic Investigator. He has been called by the FBI to examine data of the hard disk, which is seized from the house of a suspected terrorist. Adam decided to acquire an image of the suspected hard drive. He uses a forensic hardware tool, which is capable of capturing data from IDE, Serial ATA,
SCSI devices, and flash cards. This tool can also produce MD5 and CRC32 hash while capturing the data. Which of the following tools is Adam using?

  • A. Wipe MASSter
  • B. ImageMASSter 4002i
  • C. ImageMASSter Solo-3
  • D. FireWire DriveDock


Answer : C

Which of the following attacks saturates network resources and disrupts services to a specific computer?

  • A. Teardrop attack
  • B. Polymorphic shell code attack
  • C. Denial-of-Service (DoS) attack
  • D. Replay attack


Answer : C

Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?

  • A. Spoofing
  • B. File integrity auditing
  • C. Reconnaissance
  • D. Shoulder surfing


Answer : B

Which of the following is the initiative of United States Department of Justice, which provides state and local law enforcement agencies the tools to prevent Internet crimes against children, and catches the distributors of child pornography on the Internet?

  • A. Innocent Images National Initiative (IINI)
  • B. Internet Crimes Against Children (ICAC)
  • C. Project Safe Childhood (PSC)
  • D. Anti-Child Porn.org (ACPO)


Answer : B

TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop the packet. Which of the following operating systems can be easily identified with the help of TCP FIN scanning?

  • A. Solaris
  • B. Red Hat
  • C. Knoppix
  • D. Windows


Answer : D

Which of the following is a file management tool?

  • A. Defrag
  • B. MSCONFIG
  • C. Device Manager
  • D. Windows Explorer


Answer : D

Normally, RAM is used for temporary storage of data. But sometimes RAM data is stored in the hard disk, what is this method called?

  • A. Cache memory
  • B. Static memory
  • C. Virtual memory
  • D. Volatile memory


Answer : C

Which of the following file systems supports the hot fixing feature?

  • A. FAT16
  • B. exFAT
  • C. FAT32
  • D. NTFS


Answer : D

Which of the following type of file systems is not supported by Linux kernel?

  • A. vFAT
  • B. NTFS
  • C. HFS
  • D. FAT32


Answer : D

Which of the following is a correct sequence of different layers of Open System
Interconnection (OSI) model?

  • A. Physical layer, data link layer, network layer, transport layer, presentation layer, session layer, and application layer
  • B. application layer, presentation layer, network layer, transport layer, session layer, data link layer, and physical layer
  • C. Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer
  • D. Physical layer, network layer, transport layer, data link layer, session layer, presentation layer, and application layer


Answer : C

By gaining full control of router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack Routers?
Each correct answer represents a complete solution. Choose all that apply.

  • A. By launching Social Engineering attack
  • B. By launching Max Age attack
  • C. Route table poisoning
  • D. By launching Sequence++ attack


Answer : B,C,D

Page:    1 / 22   
Total 318 questions