GIAC GCFA Practice Test Questions, Exam Dumps

Practice Exams:

View All

GCFA GIAC Practice Test Questions and Exam Dumps

Question No 1:

Which of the following tools are used for footprinting? Each correct answer represents a complete solution. Choose all that apply.

A. Sam spade
B. Traceroute
C. Whois
D. Brutus

Answer: A, B, C

Explanation:

Footprinting is the process of gathering information about a target system or network in order to understand its structure, the technologies used, and potentially its vulnerabilities. The goal of footprinting is often to gather information that can be used to facilitate further penetration testing or other security assessments. Let’s review the tools in question:

Option A – Sam Spade:
Sam Spade is a widely used network tool that provides multiple utilities for information gathering, including features that can help with footprinting. It allows users to query domain names, search for information about IP addresses, and perform other types of reconnaissance that are essential to footprinting. This makes A a correct answer.

Option B – Traceroute:
Traceroute is a networking tool used to trace the path that a packet takes from the source to the destination over the internet. It can help identify the routing path, including intermediate hops (such as routers or other network devices). This tool is useful for footprinting because it helps gather network information, including the IP addresses and geographical locations of network devices along the route. Hence, B is a valid choice for footprinting.

Option C – Whois:
Whois is a well-known tool used to query databases that store information about registered domain names and IP address allocations. This tool provides valuable data during footprinting, such as the domain owner’s contact information, name servers, and the registrant’s geographical location. It is a fundamental tool for footprinting to gather details about the target’s domain and related entities. Therefore, C is also a correct answer.

Option D – Brutus:
Brutus is a password-cracking tool, not specifically a footprinting tool. It is used to perform brute-force attacks on password-protected systems. Although Brutus can be useful for penetration testing and security auditing, it is not used for gathering network or system information in the context of footprinting. Therefore, D is not a correct answer.

In summary, the tools used for footprinting are A (Sam Spade), B (Traceroute), and C (Whois). These tools help gather essential information about the target network or system that can be used in subsequent security assessments. D (Brutus) is not a tool for footprinting and is therefore excluded from the correct answers.

Question No 2:

Which of the following viruses can infect the MBR (Master Boot Record) of a hard disk? Each correct answer represents a complete solution. Choose two.

A Stealth
B Boot sector
C Multipartite
D File

Correct Answer: B and C

Explanation:

The Master Boot Record (MBR) is a crucial component of a hard disk, located at the very beginning of the disk. It contains the boot loader, which is responsible for loading the operating system when the system starts. Due to its essential role in system booting, the MBR is a prime target for certain types of viruses, which can infect and compromise the system at the very start of the boot process. Let’s review each virus type to understand which ones can infect the MBR:

A Stealth: A stealth virus is designed to hide its presence from the user and from antivirus software. It typically works by intercepting and modifying the way data is viewed by the system, making it appear that no virus is present. However, stealth viruses do not specifically target the MBR. They may operate in the background, infecting files or other areas of the system, but they do not typically alter the MBR directly. Therefore, stealth viruses are not known to infect the MBR.
B Boot sector: A boot sector virus specifically targets the boot sector of a hard disk or removable media. The boot sector is part of the MBR and contains the code that is executed during the boot process. A boot sector virus infects the MBR and can modify the boot loader to launch the virus whenever the system boots. This is a direct infection of the MBR, making B a correct answer.
C Multipartite: A multipartite virus is a hybrid type of virus that can infect multiple areas of the system. It is capable of infecting the MBR as well as other parts of the system, such as files or programs. The multipartite virus’s ability to infect multiple system components means it can compromise both the MBR and other areas, including executable files. As a result, C is also a correct answer, as multipartite viruses can target the MBR.
D File: A file virus infects executable files and is typically spread by attaching itself to programs. These viruses do not usually target the MBR, as they focus on infecting files that are executed during normal operation. Since the file virus does not interfere with the MBR or boot process, D is not a correct answer.

In conclusion, the two types of viruses that can infect the MBR of a hard disk are B Boot sector and C Multipartite. These viruses specifically target the boot records, and by doing so, they can compromise the system right from the start of the boot process. B and C are the correct answers because they are capable of infecting the MBR and impacting the boot process, unlike the other types of viruses.

Question No 3:

Which of the following file systems provides file-level security?

A. CDFS
B. FAT
C. FAT32
D. NTFS

Correct answer: D

Explanation:

File-level security refers to the ability of a file system to control access to files and directories based on permissions, ensuring that only authorized users or groups can access or modify specific files. Among the listed file systems, NTFS (New Technology File System) is the only one that provides file-level security, allowing for detailed permissions management for users and groups.

Let’s examine the options in more detail:

A. CDFS (Compact Disc File System): CDFS is used primarily for optical media like CDs and DVDs. While it allows reading and writing data on these media, it does not support file-level security. The main focus of CDFS is on providing access to files on compact discs, and it doesn’t have the built-in security mechanisms like NTFS does. Therefore, it does not offer file-level security.
B. FAT (File Allocation Table): FAT is an older file system used primarily in DOS and earlier versions of Windows. It is simple and widely compatible but lacks the ability to provide file-level security. FAT does not support permissions for users or groups, meaning all users have the same level of access to files. Thus, FAT does not provide file-level security.
C. FAT32: FAT32 is an enhanced version of FAT, supporting larger disk sizes and files than the original FAT file system. However, like FAT, it still does not include any native file-level security. While it provides a simple and compatible structure for storing files, it does not have access control mechanisms to manage who can read or write to specific files or directories. Therefore, it does not offer file-level security.
D. NTFS (New Technology File System): NTFS is the modern file system used in Windows operating systems, and it does provide file-level security. NTFS allows users to set permissions on files and folders, enabling administrators to specify who can read, write, execute, or modify a file. NTFS supports Access Control Lists (ACLs), which enable granular control over file and folder permissions. This is the primary file system that provides security features in Windows, making it the correct answer.

Therefore, the correct answer is D, as NTFS is the only file system listed that provides file-level security through permissions and access control mechanisms.

Question No 4:

Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

A Snooping
B Copyright
C Utility model
D Patent

Correct answer: D

Explanation:

This question focuses on intellectual property rights, specifically the legal protections granted to inventors for their innovations. The correct answer here involves understanding the type of protection granted for inventions.

A patent is a legal right granted by a government to an inventor, allowing them to exclude others from making, using, or selling their invention for a specified period, typically 20 years from the filing date, in exchange for the public disclosure of the invention. Patents are designed to encourage innovation by providing inventors with the opportunity to profit from their ideas while simultaneously sharing knowledge with the public to spur further advancements.

Let’s analyze the options:

A Snooping refers to unauthorized or secretive surveillance or observation, often for malicious purposes. It is not related to any form of intellectual property protection and is irrelevant to the context of this question.

B Copyright is a form of intellectual property protection granted to the creators of original works of authorship, such as literary, musical, and artistic works. Copyright does not apply to inventions or ideas but rather to creative expressions, which makes it incorrect in this context.

C A utility model is similar to a patent but generally provides a shorter term of protection (often 6 to 10 years) and is available for inventions that may not meet the stricter patentability requirements, such as novelty or inventiveness. It is still a form of intellectual property protection for inventions, but it is not the same as a patent, which is typically considered the most comprehensive and widely recognized protection for inventions.

D A patent is the correct answer because it is the exclusive right granted by a state to an inventor (or their assignee) for a set period of time, generally in exchange for public disclosure of the invention. The patent system encourages innovation by rewarding inventors with the exclusive right to exploit their invention for a fixed time.

Thus, the correct answer is D, as it directly addresses the exclusive rights granted for inventions.

Question No 5:

Fill in the blank with the appropriate name.which specifies the order of volatility of data in a Windows-based system.

A. RFC 3227

Correct Answer: A

Explanation:

RFC 3227 is a specification that provides guidelines on the order of volatility of data, which is particularly important when conducting forensic analysis or incident response in a Windows-based system. The order of volatility refers to the priority in which data should be collected from a system to preserve evidence for later analysis. More volatile data, such as data in memory, should be collected first, as it can be easily overwritten or lost.

In the context of Windows-based systems, RFC 3227 outlines a structured approach for prioritizing the collection of data, ensuring that the most transient data (e.g., system memory or network connections) is captured before less volatile data (e.g., disk storage). This is crucial because volatile data can disappear quickly during system shutdowns or restarts, making it a priority for investigators to capture first.

Thus, RFC 3227 is the correct reference when discussing the order of volatility of data in Windows systems.

Question No 6:

John works for an Internet Service Provider (ISP) in the United States. He discovered child pornography material on a Web site hosted by the ISP. John immediately informed law enforcement authorities about this issue.

Under which of the following Acts is John bound to take such an action?

A. Civil Rights Act of 1991
B. PROTECT Act
C. Civil Rights Act of 1964
D. Sexual Predators Act

Answer: B

Explanation:

The correct answer is the PROTECT Act. This is a federal law designed to prevent child exploitation and protect children from sexual exploitation. The PROTECT Act (The Prosecutorial Remedies and Other Tools to End the Exploitation of Children Today Act of 2003) includes provisions that require individuals, including those working for Internet Service Providers (ISPs), to report the discovery of child pornography to law enforcement authorities.

The key provision of this Act makes it a criminal offense for a person who knows of child pornography being distributed or hosted through a communication service, such as an ISP, and does not report it. This means that John is legally bound by the PROTECT Act to immediately report the discovery of child pornography to law enforcement authorities. By taking this action, he is fulfilling the legal requirement under the law to prevent further exploitation and assist in the prosecution of those responsible.

Here’s why the other options are not correct:

A. Civil Rights Act of 1991: The Civil Rights Act of 1991 primarily focuses on discrimination and employment practices, particularly in relation to race, color, religion, sex, or national origin. It has no direct connection to the reporting of child pornography or the requirements for ISPs to notify law enforcement about illegal content.
C. Civil Rights Act of 1964: The Civil Rights Act of 1964 is a landmark U.S. law that primarily focuses on prohibiting discrimination based on race, color, religion, sex, or national origin. It addresses civil rights protections in areas like employment, education, and public accommodations but does not address the issue of reporting child pornography or related actions by ISPs.
D. Sexual Predators Act: The Sexual Predators Act is often associated with laws meant to track and manage the registration of sex offenders. While it is concerned with sexual crimes, it does not specifically mandate that individuals or ISPs report child pornography to law enforcement authorities like the PROTECT Act does.

In summary, the PROTECT Act is the law that mandates reporting the discovery of child pornography to authorities, which is the action that John took. The law serves to protect children by ensuring that those who come across such materials act promptly and responsibly by reporting it to the proper authorities.

Question No 7:

Which of the following file systems contains hardware settings of a Linux computer?

A /var
B /etc
C /proc
D /home

Correct answer: C

Explanation:

In a Linux system, various directories and files serve different purposes, especially when it comes to system configuration and hardware settings. Let’s analyze each option to determine which one contains hardware settings:

A. /var
The /var directory is used to store variable data, such as logs, spool files, and temporary files. While it is essential for system operation, it does not contain hardware settings. This directory is generally used for files that are expected to grow in size over time (e.g., log files).

B. /etc
The /etc directory is primarily used for system-wide configuration files. It stores important configuration files for software applications and system settings, but not hardware-related settings. Files such as /etc/fstab (for mounting file systems) and /etc/network/interfaces (for network configuration) are found here, but it doesn't directly manage hardware settings.

C. /proc
The /proc directory is a special virtual file system that provides access to kernel and process information. It contains a wealth of real-time data about the system's hardware and kernel. Specifically, /proc contains files like /proc/cpuinfo (CPU information), /proc/meminfo (memory information), and /proc/partitions (disk partitions). It is a crucial location for monitoring and interacting with the hardware settings and current system state. Therefore, /proc is the correct answer.

D. /home
The /home directory is where user-specific data and configuration files are stored. Each user has a subdirectory within /home to store personal files. It does not contain hardware or system configuration files, so it is not relevant to this question.

Therefore, the correct answer is C, /proc, as it contains hardware-related information about the Linux system.

Question No 8:

What file system should you choose to configure a dual-boot setup between Windows Me and Windows XP Professional on a single 40GB hard disk?

A NTFS
B FAT32
C CDFS
D FAT

Correct answer: B

Explanation:

When configuring a dual-boot system with Windows Me and Windows XP Professional, it's essential to choose a file system that is compatible with both operating systems. Here’s a breakdown of the file systems in the context of dual-booting:

A. NTFS: NTFS (New Technology File System) is the default file system used by modern versions of Windows, including Windows XP Professional. NTFS is a more advanced and secure file system that supports larger file sizes, better security features, and higher performance. However, Windows Me does not support NTFS. While you could install Windows XP on a partition formatted with NTFS, Windows Me would not be able to read or write to that partition, which would create a problem in a dual-boot setup.
B. FAT32: FAT32 (File Allocation Table 32) is a file system that is supported by both Windows Me and Windows XP. Windows Me can read and write to FAT32 file systems, and Windows XP can also use FAT32 partitions, although it is more commonly used with NTFS. Choosing FAT32 allows both operating systems to access the same partition, which is critical for a functional dual-boot setup. FAT32 also supports partitions of up to 2TB, which is more than sufficient for a 40GB hard drive.
C. CDFS: CDFS (Compact Disc File System) is used for CD-ROMs and DVDs, not for hard disk drives. It cannot be used for the installation of an operating system or for dual-booting. This is not a suitable choice for configuring a dual-boot system.
D. FAT: The original FAT file systems (FAT12, FAT16) are older and have limitations on partition size and file size. While FAT16 was commonly used with older versions of Windows, it has significant limitations (e.g., FAT16 supports only up to 2GB partitions). In modern systems, FAT32 is preferred over FAT16 as it provides better support for larger drives and files.

Therefore, the best choice for enabling a dual-boot system between Windows Me and Windows XP Professional on a single 40GB hard disk is B (FAT32). It is the file system that both operating systems can read and write, ensuring compatibility and proper functionality in a dual-boot environment.

Question No 9:

Which of the following file systems cannot be used to install an operating system on the hard disk drive? (Choose two.)

A Windows NT file system (NTFS)
B High Performance File System (HPFS)
C Log-structured file system (LFS)
D Compact Disc File System (CDFS)
E Novell Storage Services (NSS)

Answer: C, D

Explanation:

When installing an operating system on a hard disk drive, the file system must be one that can support the structure required for both the OS and its applications, files, and system resources. Let's break down each file system to determine which cannot be used for this purpose:

A. Windows NT file system (NTFS):
NTFS is a commonly used file system on Windows operating systems. It is fully capable of supporting the installation of an operating system on a hard disk drive, making it a viable option for OS installations. Therefore, A is not correct.

B. High Performance File System (HPFS):
HPFS was originally used by the OS/2 operating system. While it is not as common today, it is still capable of supporting the installation of an operating system on a hard disk drive. It is just more dated and has been largely replaced by newer file systems. Nonetheless, it can be used for OS installations, so B is not correct.

C. Log-structured file system (LFS):
The Log-structured file system (LFS) is designed primarily for write-optimized storage systems, where data is written sequentially rather than being overwritten. This makes it less suitable for operating system installations because it does not provide the same level of structure and performance needed for the OS. It is more commonly used in specialized applications like database systems or certain types of storage systems, not general-purpose OS installations. Therefore, C is correct.

D. Compact Disc File System (CDFS):
CDFS is a file system used for reading data from compact discs (CDs) and is not designed to support the installation of an operating system on a hard disk drive. While it allows for the reading of files on a CD, it cannot be used as a primary file system for installing an OS, as it lacks the necessary write capabilities and optimizations for hard drive installations. Therefore, D is correct.

E. Novell Storage Services (NSS):
NSS is a file system used by Novell's NetWare and Open Enterprise Server (OES). It is capable of supporting the installation of an operating system, particularly in environments where NetWare or OES is used. Therefore, E is not correct.

To summarize, the file systems that cannot be used to install an operating system on the hard disk drive are C (Log-structured file system) and D (Compact Disc File System), as they are not designed for general-purpose OS installation.

Question No 10:

Nathan works as a Computer Hacking Forensic Investigator for SecureEnet Inc. He uses Visual TimeAnalyzer software to track all computer usage by logging into individual users' accounts or specific projects and compile detailed accounts of time spent within each program.

Which of the following functions are NOT performed by Visual TimeAnalyzer? Each correct answer represents a complete solution. Choose all that apply.

A. It monitors all user data such as passwords and personal documents.
B. It gives parents control over their children's use of the personal computer.
C. It tracks work time, pauses, projects, costs, software, and internet usage.
D. It records specific keystrokes and run screen captures as a background process.

Correct answers: A and D

Explanation:

Visual TimeAnalyzer is a software tool primarily designed to monitor and log computer usage in a professional setting, such as in a business or forensic context. It is often used by organizations to track employee activity, project usage, and time spent on various software and internet activities. However, it does not focus on activities like monitoring private personal data or capturing sensitive information without consent.

Let’s go through each option:

A. It monitors all user data such as passwords and personal documents.
This is not a function of Visual TimeAnalyzer. The tool is designed to track work-related activities such as time spent on software, internet usage, and project details. It does not monitor or capture personal user data like passwords or personal documents. Monitoring such data would be more aligned with malicious spyware or keylogging software, which Visual TimeAnalyzer is not intended to be. Therefore, A is correct.
B. It gives parents control over their children's use of the personal computer.
This is a function that some computer monitoring software offers, such as parental control software. However, Visual TimeAnalyzer is generally used in a business or forensic context and is not designed for parental control. It is primarily for tracking work activities rather than controlling personal computer usage in a household setting. This option is not correct in the context of Visual TimeAnalyzer.
C. It tracks work time, pauses, projects, costs, software, and internet usage.
This is correct and a primary function of Visual TimeAnalyzer. It is designed to track work-related activities, including the time spent on different projects, software usage, and internet browsing. This feature is central to the tool’s function in a business or investigative environment. Therefore, C is not correct (it does perform this function).
D. It records specific keystrokes and run screen captures as a background process.
Visual TimeAnalyzer does not record keystrokes or take screenshots of a user's activities. This type of activity would typically be associated with keylogging or spyware software. Visual TimeAnalyzer focuses on logging time spent in various applications, monitoring user activities related to projects, and other work-related tracking, but it does not perform covert activities like recording keystrokes or capturing screen content in the background. Therefore, D is correct.

Thus, A and D are the correct answers, as they describe activities not performed by Visual TimeAnalyzer.