Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. GIAC
  3. Forensics
  4. GCFA - GIACCertified Forensics Analyst

GIAC GCFA GIACCertified Forensics Analyst Exam Practice Test

Demo: 47 questions
Total 318 questions
Get GCFA Full Access Download GCFA PDF

GIACCertified Forensics Analyst Questions and Answers

Question 1

Which of the following is used for remote file access by UNIX/Linux systems?

Options:

A.

NetWare Core Protocol (NCP)

B.

Common Internet File System (CIFS)

C.

Server Message Block (SMB)

D.

Network File System (NFS)

Question 2

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate and examine drive image of a compromised system, which is suspected to be used in cyber crime. Adam uses Forensic Sorter to sort the contents of hard drive in different categories. Which of the following type of image formats is NOT supported by Forensic Sorter?

Options:

A.

PFR image file

B.

iso image file

C.

RAW image file

D.

EnCase image file

Question 3

Which of the following statements about the HKEY_LOCAL_MACHINE registry hive is true?

Options:

A.

It contains the user profile for the user who is currently logged on to the computer.

B.

It contains information about the local computer system, including hardware and operating system data, such as bus type, system memory, device drivers, and startup control parameters.

C.

It contains configuration data for the current hardware profile.

D.

It contains data that associates file types with programs and configuration data for COM objects, Visual Basic programs, or other automation.

Question 4

Which of the following protocols allows computers on different operating systems to share files and disk storage?

Options:

A.

Domain Name System (DNS)

B.

Network File System (NFS)

C.

Trivial File Transfer Protocol (TFTP)

D.

Simple Network Management Protocol (SNMP)

Question 5

Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?

Options:

A.

18 U.S.C. 1030

B.

18 U.S.C. 1362

C.

18 U.S.C. 2701

D.

18 U.S.C. 2510

E.

18 U.S.C. 1029

Question 6

Joseph works as a Web Designer for WebTech Inc. He creates a Web site and wants to protect it from lawsuits. Which of the following steps will he take to accomplish the task?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Restrict the access to the site.

B.

Restrict shipping in certain areas.

C.

Restrict the transfer of information.

D.

Restrict customers according to their locations.

Question 7

Which of the following NIST RA process steps has the goal to identify the potential threat-sources and compile a threat statement listing the potential threat-sources that are applicable to the IT system being evaluated?

Options:

A.

Threat Identification

B.

Vulnerability Identification

C.

Impact Analysis

D.

Control Analysis

Question 8

Which of the following commands is used to create or delete partitions on Windows XP?

Options:

A.

Part

B.

DISKPART

C.

fdisk

D.

Active

Question 9

Which of the following tools is used to locate lost files and partitions to restore data from a formatted, damaged, or lost partition in Windows and Apple Macintosh computers?

Options:

A.

Easy-Undelete

B.

File Scavenger

C.

Recover4all Professional

D.

VirtualLab

Question 10

Which of the following is used to authenticate asymmetric keys?

Options:

A.

Password

B.

Digital signature

C.

MAC Address

D.

Demilitarized zone (DMZ)

Question 11

Your network has a Windows 2000 Server computer with FAT file system, shared by several users.

This system stores sensitive data. You decide to encrypt this data to protect it from unauthorized access. You want to accomplish the following goals:

Data should be secure and encrypted.

Administrative efforts should be minimum.

You should have the ability to recover encrypted files in case the file owner leaves the company.

Other permissions on encrypted files should be unaffected.

File-level security is required on the disk where data is stored.

Encrypting or decrypting of files should not be the responsibility of the file owner.

You take the following steps to accomplish these goals :

Convert the FAT file system to Windows 2000 NTFS file system.

Use Encrypting File System (EFS) to encrypt data.

Which of the following goals will you be able to accomplish?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

File-level security is available on the disk where data is stored.

B.

You have the ability to recover encrypted files in case the file owner leaves the company.

C.

Encrypting or decrypting of files is no longer the responsibility of the file owner.

D.

Data are secured and encrypted.

E.

Administrative efforts are minimum.

F.

Other permissions on encrypted files are unaffected.

Question 12

You are responsible for tech support at your company. You have been instructed to make certain that all desktops support file and folder encryption. Which file system should you use when installing Windows XP?

Options:

A.

FAT

B.

EXT4

C.

FAT32

D.

NTFS

Question 13

Which of the following tools is used to extract human understandable interpretation from the computer binary files?

Options:

A.

FTK Imager

B.

Word Extractor

C.

FAU

D.

Galleta

Question 14

John works as a professional Ethical Hacker. He has been assigned the task of testing the security of www.we-are-secure.com. He has performed the footprinting step and now he has enough information to begin scanning in order to detect active computers. He sends a ping request to a computer using ICMP type 13. What kind of ICMP message is John using to send the ICMP ping request message?

Options:

A.

Address mask request

B.

Echo request

C.

Information request (obsolete)

D.

Timestamp request (obsolete)

Question 15

You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to query an image root device and RAM disk size. Which of the following Unix commands can you use to accomplish the task?

Options:

A.

rdev

B.

mount

C.

setfdprm

D.

rdump

Question 16

Which of the following provides high availability of data?

Options:

A.

RAID

B.

Anti-virus software

C.

EFS

D.

Backup

Question 17

Which of the following are the two different file formats in which Microsoft Outlook saves e-mail messages based on system configuration?

Each correct answer represents a complete solution. Choose two.

Options:

A.

.pst

B.

.xst

C.

.txt

D.

.ost

Question 18

Which of the following registry hives stores information about the file extensions that are mapped to their corresponding applications?

Options:

A.

HKEY_CURRENT_USER

B.

HKEY_USERS

C.

HKEY_CLASSES_ROOT

D.

HKEY_LOCAL_MACHINE

Question 19

Which of the following directories contains administrative commands on a UNIX computer?

Options:

A.

/usr/local

B.

/sbin

C.

/bin

D.

/export

Question 20

Which of the following files contains the salted passwords in the Linux operating system?

Options:

A.

/bin/passwd

B.

/etc/passwd

C.

/bin/shadow

D.

/etc/shadow

Question 21

Which of the following switches is used with Pslist command on the command line to show the statistics for all active threads on the system, grouping these threads with their owning process?

Options:

A.

Pslist -m

B.

Pslist -d

C.

Pslist -x

D.

Pslist -t

Question 22

John works as a Technical Support Executive in ABC Inc. The company's network consists of ten computers with Windows XP professional installed on all of them. John is working with a computer on which he has enabled hibernation. He shuts down his computer using hibernation mode. Which of the following will happen to the data after powering off the system using hibernation?

Options:

A.

Data will be saved automatically before the system is switched off.

B.

Data will be stored on the ROM.

C.

Data will be saved before the system is switched off if you have configured hibernation to save data.

D.

Unsaved data will be lost when hibernation switches off the system.

Question 23

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He enters the following command on the Linux terminal:

chmod 741 secure.c

Considering the above scenario, which of the following statements are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

By the octal representation of the file access permission, John is restricting the group members to only read the secure.c file.

B.

The textual representation of the file access permission of 741 will be -rwxr--rw-.

C.

John is restricting a guest to only write or execute the secure.c file.

D.

John is providing all rights to the owner of the file.

Question 24

You work as a Network Administrator for Blue Well Inc. Your company's network has a Windows 2000 server with the FAT file system. This server stores sensitive data. You want to encrypt this data to protect it from unauthorized access. You also have to accomplish the following goals:

Data should be encrypted and secure.

Administrative effort should be minimum.

You should have the ability to recover encrypted files in case the file owner leaves the company.

Other permissions on encrypted files should be unaffected.

File-level security is required on the disk where data is stored.

Encryption or decryption of files should not be the responsibility of the file owner.

You take the following steps to accomplish these goals:

Convert the FAT file system to NTFS file system.

Use third-party data encryption software.

What will happen after taking these steps?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

File-level security will be available on the disk where data is stored.

B.

Data will be encrypted and secure.

C.

Encryption or decryption of files will no longer be the responsibility of the file owner.

D.

Other permissions on encrypted files will remain unaffected.

E.

Administrative effort will be minimum.

Question 25

Which of the following file systems are supported by Windows 2000 operating systems?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

NTFS4

B.

CDFS

C.

FAT32

D.

HPFS

E.

NTFS5

Question 26

John works as a Network Security Professional. He is assigned a project to test the security of www.we-are-secure.com. He is working on the Linux operating system and wants to install an Intrusion Detection System on the We-are-secure server so that he can receive alerts about any hacking attempts. Which of the following tools can John use to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

SARA

B.

Snort

C.

Tripwire

D.

Samhain

Question 27

Which of the following precautionary steps are taken by the supervisors or employers to avoid sexual harassment in workplace?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Establish a complaint mechanism.

B.

Communicate to an employee who is indulging in such behavior.

C.

Contact the police and take legal action.

D.

Immediately take action on the complaint.

Question 28

Which of the following files starts the initialization process in booting sequence of the Linux operating system?

Options:

A.

/etc/sbin/init

B.

/etc/inittab

C.

/etc/rc/rc.local

D.

/etc/rc/rc.sysinit

Question 29

Which of the following commands can you use to create an ext3 file system?

Each correct answer represents a complete solution. Choose two.

Options:

A.

mke2fs

B.

mkfs.ext3

C.

mke2fs -j

D.

mkfs.ext2

Question 30

Which of the following types of virus makes changes to a file system of a disk?

Options:

A.

Master boot record virus

B.

Stealth virus

C.

Cluster virus

D.

Macro virus

Question 31

When you start your computer, Windows operating system reports that the hard disk drive has bad sectors. What will be your first step in resolving this issue?

Options:

A.

Run the FORMAT command from DOS prompt.

B.

Replace the data cable of the hard disk drive.

C.

Run DEFRAG on the hard drive.

D.

Run SCANDISK with the Thorough option.

Question 32

Which status is a problem, assigned when its cause has been recognized?

Options:

A.

Incident

B.

Request for Change

C.

Known Error

D.

Work-around

Question 33

Adam works as a professional Computer Hacking Forensic Investigator with the local police of his area. A project has been assigned to him to investigate a PDA seized from a local drug dealer. It is expected that many valuable and important information are stored in this PDA. Adam follows investigative methods, which are required to perform in a pre-defined sequential manner for the successful forensic investigation of the PDA. Which of the following is the correct order to perform forensic investigation of PDA?

Options:

A.

Identification, Collection, Examination, Documentation

B.

Examination, Collection, Identification, Documentation

C.

Documentation, Examination, Identification, Collection

D.

Examination, Identification, Collection, Documentation

Question 34

Which of the following tools can be used to perform tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing?

Options:

A.

John the Ripper

B.

L0phtcrack

C.

Obiwan

D.

Cain

Question 35

Adam works as a professional Computer Hacking Forensic Investigator. He has been called by the FBI to examine data of the hard disk, which is seized from the house of a suspected terrorist. Adam decided to acquire an image of the suspected hard drive. He uses a forensic hardware tool, which is capable of capturing data from IDE, Serial ATA, SCSI devices, and flash cards. This tool can also produce MD5 and CRC32 hash while capturing the data. Which of the following tools is Adam using?

Options:

A.

Wipe MASSter

B.

ImageMASSter 4002i

C.

ImageMASSter Solo-3

D.

FireWire DriveDock

Question 36

Which of the following prevents malicious programs from attacking a system?

Options:

A.

Anti-virus program

B.

Smart cards

C.

Biometric devices

D.

Firewall

Question 37

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He is working on the Linux operating system. He wants to sniff the we-are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?

Options:

A.

Ethercap

B.

Tripwire

C.

Hunt

D.

IPChains

Question 38

You are handling technical support calls for an insurance company. A user calls you complaining that he cannot open a file, and that the file name appears in green while opening in Windows Explorer.

What does this mean?

Options:

A.

The file is encrypted.

B.

The file belongs to another user.

C.

The file is infected with virus.

D.

The file is compressed.

Question 39

You work as a Network Administrator for Net World International. You have configured the hard disk drive of your computer as shown in the image below:

The computer is configured to dual-boot with Windows 2000 Server and Windows 98. While working on Windows 2000 Server, you save a file on the 6GB partition. You are unable to find the file while working on Windows 98. You are not even able to access the partition on which the file is saved. What is the most likely cause?

Options:

A.

The file is corrupt.

B.

The 6GB partition is corrupt.

C.

Windows 98 does not support the NTFS file system.

D.

Files saved in Windows 98 are not supported by Windows 2000.

Question 40

Which of the following statements are NOT true about volume boot record or Master Boot Record?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The end of MBR marker is h55CC.

B.

The actual program can be 512 bytes long.

C.

Volume boot sector is present at cylinder 0, head 0, and sector 1 of the default boot drive.

D.

Four 16 bytes master partition records are present in MBR.

Question 41

Which of the following types of evidence proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses?

Options:

A.

Conclusive evidence

B.

Best evidence

C.

Hearsay evidence

D.

Direct evidence

Question 42

You work as a Network Administrator for Peach Tree Inc. The company currently has a FAT-based Windows NT network. All client computers run Windows 98. The management wants all client computers to be able to boot in Windows XP Professional. You want to accomplish the following goals:

The file system should support file compression and file level security.

All the existing data and files can be used by the new file system.

Users should be able to dual-boot their computers.

You take the following steps to accomplish these goals:

Convert the FAT file system to NTFS using the CONVERT utility.

Install Windows XP and choose to upgrade the existing operating system during setup.

Which of the following goals will you be able to accomplish?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The file system supports file compression and file level security.

B.

All the existing data and files can be used by the new file system.

C.

Users are able to dual-boot their computers.

D.

None of the goals are accomplished.

Question 43

Which of the following directories in Linux operating system contains device files, which refers to physical devices?

Options:

A.

/boot

B.

/etc

C.

/dev

D.

/bin

Question 44

Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?

Options:

A.

Digital certificates

B.

Public key

C.

RSA

D.

Twofish

Question 45

Nathan works as a Computer Hacking Forensic Investigator for SecureEnet Inc. He uses Visual TimeAnalyzer software to track all computer usage by logging into individual users account or specific projects and compile detailed accounts of time spent within each program. Which of the following functions are NOT performed by Visual TimeAnalyzer?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It monitors all user data such as passwords and personal documents.

B.

It gives parents control over their children's use of the personal computer.

C.

It tracks work time, pauses, projects, costs, software, and internet usage.

D.

It records specific keystrokes and run screen captures as a background process.

Question 46

Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with the project of investigating an iPod, which is suspected to contain some explicit material. Adam wants to connect the compromised iPod to his system, which is running on Windows XP (SP2) operating system. He doubts that connecting the iPod with his computer may change some evidences and settings in the iPod. He wants to set the iPod to read-only mode. This can be done by changing the registry key within the Windows XP (SP2) operating system. Which of the following registry keys will Adam change to accomplish the task?

Options:

A.

HKEY_LOCAL_MACHINE\System\CurrentControlset\Control\StorageDevicePolicies

B.

HKEY_LOCAL_MACHINE\CurrentControlset\Control\StorageDevicePolicies

C.

HKEY_LOCAL_MACHINE\System\CurrentControlset\StorageDevicePolicies

D.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

Question 47

Which of the following is the initiative of United States Department of Justice, which provides state and local law enforcement agencies the tools to prevent Internet crimes against children, and catches the distributors of child pornography on the Internet?

Options:

A.

Innocent Images National Initiative (IINI)

B.

Internet Crimes Against Children (ICAC)

C.

Project Safe Childhood (PSC)

D.

Anti-Child Porn.org (ACPO)

Load More GCFA Questions
Demo: 47 questions
Total 318 questions
Get GCFA Full Access Download GCFA PDF