Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

GIAC GCFA - GIACCertified Forensics Analyst

GIAC GCFA Premium Access     Download Demo    
Page: 2 / 10
Total 318 questions

John works as a professional Ethical Hacker. He has been assigned the task of testing the security of www.we-are-secure.com. He has performed the footprinting step and now he has enough information to begin scanning in order to detect active computers. He sends a ping request to a computer using ICMP type 13. What kind of ICMP message is John using to send the ICMP ping request message?

A.

Address mask request

B.

Echo request

C.

Information request (obsolete)

D.

Timestamp request (obsolete)

Which of the following anti-child pornography organizations helps local communities to create

programs and develop strategies to investigate child exploitation?

A.

Anti-Child Porn.org

B.

Project Safe Childhood (PSC)

C.

Innocent Images National Imitative (IINI)

D.

Internet Crimes Against Children (ICAC)

You work as a Computer Hacking Forensic Investigator for SecureNet Inc. You want to investigate Cross-Site Scripting attack on your company's Website. Which of the following methods of investigation can you use to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

A.

Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company's site.

B.

Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers.

C.

Use Wireshark to capture traffic going to the server and then searching for the requests going to the input page, which may give log of the malicious traffic and the IP address of the source.

D.

Look at the Web servers logs and normal traffic logging.

Which of the following statements are true about Compact Disc (CD) and Digital Versatile Disk (DVD)?

Each correct answer represents a complete solution. Choose all that apply.

A.

CDs and DVDs are affected by EMP from nuclear detonations.

B.

Data is encoded in the form of tiny pits on the surface of the CD and DVD.

C.

CDs and DVDs are not affected by X-rays, and other sources of electromagnetic radiation.

D.

It takes a small amount of energy to affect the data that written on CD and DVD.

Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a computer, which is used by the suspect to sexually harass the victim using instant messenger program. Suspect's computer runs on Windows operating system. Allen wants to recover password from instant messenger program, which suspect is using, to collect the evidence of the crime. Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he use to accomplish the task?

A.

Mail Pass View

B.

MessenPass

C.

Asterisk Logger

D.

Access PassView

Which of the following wireless network standards operates on the 5 GHz band and transfers data at a rate of 54 Mbps?

A.

802.11a

B.

802.11u

C.

802.11g

D.

802.11b

Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

A.

DOS boot disk

B.

Linux Live CD

C.

Secure Authentication for EnCase (SAFE)

D.

EnCase with a hardware write blocker

John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

A.

Evasion attack

B.

Session splicing attack

C.

Insertion attack

D.

Polymorphic shell code attack

TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop the packet. Which of the following operating systems can be easily identified with the help of TCP FIN scanning?

A.

Solaris

B.

Red Hat

C.

Knoppix

D.

Windows

Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?

A.

Physical layer, data link layer, network layer, transport layer, presentation layer, session layer, and application layer

B.

application layer, presentation layer, network layer, transport layer, session layer, data link layer, and physical layer

C.

Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer

D.

Physical layer, network layer, transport layer, data link layer, session layer, presentation layer, and application layer