GIAC GCFA - GIACCertified Forensics Analyst

You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are working as a root user on the Linux operating system. While performing some security investigation, you want to see the hostname and IP address from where users logged in.

Which of the following commands will you use to accomplish the task?

Which of the following types of evidence is considered as the best evidence?

On your dual booting computer, you want to set Windows 98 as the default operating system at startup. In which file will you define this?

Which of the following is included in a memory dump file?

You work as a Network Administrator for NetTech Inc. The company has a network that consists of 200 client computers and ten database servers. One morning, you find that an unauthorized user is accessing data on a database server on the network. Which of the following actions will you take to preserve the evidences?

Each correct answer represents a complete solution. Choose three.

Which of the following encryption methods use the RC4 technology?

Each correct answer represents a complete solution. Choose all that apply.

You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will you use?

Which of the following commands can you use to create an ext3 file system?

Each correct answer represents a complete solution. Choose two.

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He enters a single quote in the input field of the login page of the We-are-secure Web site and receives the following error message:

Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14'

This error message shows that the We-are-secure Website is vulnerable to __________.

Which of the following is NOT an example of passive footprinting?