Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the GIAC Forensics GCFA Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam GCFA Premium Access

View all detail and faqs for the GCFA exam

Go to Exam

734 Students Passed

85% Average Score

93% Same Questions
Viewing page 7 out of 10 pages
Viewing questions 61-70 out of questions
Questions # 61:

Which of the following types of firewall ensures that the packets are part of the established session?

Options:

A.

Application-level firewall

B.

Circuit-level firewall

C.

Stateful inspection firewall

D.

Switch-level firewall

Questions # 62:

In which of the following security tests does the security testing team simulate as an employee or other person with an authorized connection to the organization's network?

Options:

A.

Remote network

B.

Remote dial-up network

C.

Stolen equipment

D.

Local network

Questions # 63:

Which of the following tools are used to determine the hop counts of an IP packet?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Netstat

B.

TRACERT

C.

IPCONFIG

D.

Ping

Questions # 64:

Which of the following statements about the NTDETECT.COM file is true?

Each correct answer represents a complete solution. Choose three.

Options:

A.

It is used to gather information about currently installed hardware on the computer.

B.

It is a startup file of the Windows NT/2000 operating system.

C.

It is located in the root of the startup disk.

D.

It is used to dual-boot a computer.

Questions # 65:

Which of the following statements is NOT true about the file slack spaces in Windows operating system?

Options:

A.

File slack may contain data from the memory of the system.

B.

Large cluster size will decrease the volume of the file slack.

C.

File slack is the space, which exists between the end of the file and the end of the last cluster.

D.

It is possible to find user names, passwords, and other important information in slack.

Questions # 66:

You are a professional Computer Hacking forensic investigator. You have been called to collect the evidences of Buffer Overflows or Cookie snooping attack. Which of the following logs will you review to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

System logs

B.

Event logs

C.

Web server logs

D.

Program logs

Questions # 67:

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. Which of the following commands will John use to display information about all mounted file systems?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

du

B.

ls

C.

df

D.

df -m

Questions # 68:

Your network has a Windows 2000 Server computer with FAT file system, shared by several users.

This system stores sensitive data. You decide to encrypt this data to protect it from unauthorized access. You want to accomplish the following goals:

Data should be secure and encrypted.

Administrative efforts should be minimum.

You should have the ability to recover encrypted files in case the file owner leaves the company.

Other permissions on encrypted files should be unaffected.

File-level security is required on the disk where data is stored.

Encrypting or decrypting of files should not be the responsibility of the file owner.

You take the following steps to accomplish these goals :

Convert the FAT file system to Windows 2000 NTFS file system.

Use Encrypting File System (EFS) to encrypt data.

Which of the following goals will you be able to accomplish?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

File-level security is available on the disk where data is stored.

B.

You have the ability to recover encrypted files in case the file owner leaves the company.

C.

Encrypting or decrypting of files is no longer the responsibility of the file owner.

D.

Data are secured and encrypted.

E.

Administrative efforts are minimum.

F.

Other permissions on encrypted files are unaffected.

Questions # 69:

Adam works as a Computer Hacking Forensic Investigator in a law firm. He has been assigned with his first project. Adam collected all required evidences and clues. He is now required to write an investigative report to present before court for further prosecution of the case. He needs guidelines to write an investigative report for expressing an opinion. Which of the following are the guidelines to write an investigative report in an efficient way?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

All ideas present in the investigative report should flow logically from facts to conclusions.

B.

There should not be any assumptions made about any facts while writing the investigative report.

C.

Opinion of a lay witness should be included in the investigative report.

D.

The investigative report should be understandable by any reader.

Questions # 70:

Which of the following tools is used to extract human understandable interpretation from the computer binary files?

Options:

A.

FTK Imager

B.

Word Extractor

C.

FAU

D.

Galleta

Viewing page 7 out of 10 pages
Viewing questions 61-70 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA