Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
GIAC
Forensics
GCFA
GIACCertified Forensics Analyst Questions and Answers

Pass the GIAC Forensics GCFA Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam GCFA Premium Access

View all detail and faqs for the GCFA exam

Go to Exam

734 Students Passed

85% Average Score

93% Same Questions

Viewing page 6 out of 10 pages

Viewing questions 51-60 out of questions

Questions # 51:

Which of the following types of evidence is considered as the best evidence?

Options:

The original document

A copy of the original document

A computer-generated record

Information gathered through the witness's senses

Answer

Questions # 52:

Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

Options:

Data diddling

Spoofing

Eavesdropping

Wiretapping

Answer

Questions # 53:

Fill in the blank with the appropriate file system.

Alternate Data Streams (ADS) is a feature of the_____ file system, which allows more than one data stream to be associated with a filename.

Options:

NTFS

Answer

Questions # 54:

Adam, a malicious hacker, hides a hacking tool from a system administrator of his company by using Alternate Data Streams (ADS) feature. Which of the following statements is true in context with the above scenario?

Options:

Alternate Data Streams is a feature of Linux operating system.

Adam is using FAT file system.

Adam is using NTFS file system.

Adam's system runs on Microsoft Windows 98 operating system.

Answer

Questions # 55:

Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

Options:

Utility model

Trade secret

Answer

Questions # 56:

You are responsible for all computer security at your company. This includes initial investigation into alleged unauthorized activity. Which of the following are possible results of improperly gathering forensic evidence in an alleged computer crime by an employee?

Each correct answer represents a complete solution. Choose three.

Options:

Your company is sued for defaming the character of an accused party.

You falsely accuse an innocent employee.

Your company is unable to pursue the case against a perpetrator.

You are charged with criminal acts.

Answer

A, B, C

Questions # 57:

Which of the following cryptographic methods are used in EnCase to ensure the integrity of the data, which is acquired for the investigation?

Each correct answer represents a complete solution. Choose two.

Options:

MD5

CRC

HAVAL

Twofish

Answer

A, B

Questions # 58:

You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to print the super block and block the group information for the filesystem present on a system.

Which of the following Unix commands can you use to accomplish the task?

Options:

e2fsck

dump

e2label

dumpe2fs

Answer

Questions # 59:

Adrian, the Network Administrator for Peach Tree Inc., wants to install a new computer on the company's network. He asks his assistant to make a boot disk with minimum files. The boot disk will be used to boot the computer, which does not have an operating system installed, yet. Which of the following files will he include on the disk?

Options:

IO.SYS, MSDOS.SYS, COMMAND.COM, and AUTOEXEC.BAT.

IO.SYS, MSDOS.SYS, and COMMAND.COM.

IO.SYS, MSDOS.SYS, COMMAND.COM, and CONFIG.SYS.

IO.SYS, MSDOS.SYS, COMMAND.COM, and FDISK.

Answer

Questions # 60:

Which of the following tools works by using standard set of MS-DOS commands and can create an MD5 hash of an entire drive, partition, or selected files?