giac gcfa practice test

TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the
target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the
attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored
and the port will drop the packet. Which of the following operating systems can be easily identified
with the help of TCP FIN scanning?

• A. Solaris
• B. Red Hat
• C. Knoppix
• D. Windows

Which of the following encryption methods uses AES technology?

• A. Dynamic WEP
• B. Static WEP
• C. TKIP
• D. CCMP

Mark works as a security manager for SofTech Inc. He is using a technique for monitoring what the
employees are doing with corporate resources. Which of the following techniques is being used by
Mark to gather evidence of an ongoing computer crime if a member of the staff is e-mailing
company's secrets to an opponent?

• A. Electronic surveillance
• B. Civil investigation
• C. Physical surveillance
• D. Criminal investigation

Which of the following is the first computer virus that was used to infect the boot sector of storage
media formatted with the DOS File Allocation Table (FAT) file system?

• A. Melissa
• B. Tequila
• C. Brain
• D. I love you

Which of the following attacks saturates network resources and disrupts services to a specific
computer?

• A. Teardrop attack
• B. Polymorphic shell code attack
• C. Denial-of-Service (DoS) attack
• D. Replay attack

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to
investigate the computer of an employee, who is suspected for classified data theft. Suspect's
computer runs on Windows operating system. Peter wants to collect data and evidences for further
analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for
proper and efficient analysis. Which of the following is the correct order for searching data on a
Windows based system?

• A. Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
• B. Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
• C. Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
• D. Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

Adam works as a Security Administrator for Umbrella Inc. He is responsible for securing all 15 servers
of the company. To successfully accomplish the task, he enables the hardware and software firewalls
and disables all unnecessary services on all the servers. Sales manager of the company asks Adam to
run emulation software on one of the servers that requires the telnet service to function properly.
Adam is concerned about the security of the server, as telnet can be a very large security risk in an
organization. Adam decides to perform some footprinting, scanning, and penetration testing on the
server to checkon the server to check the security. Adam telnets into the server and writes the
following command:
HEAD / HTTP/1.0
After pressing enter twice, Adam gets the following results:

Which of the following tasks has Adam just accomplished?

• A. Poisoned the local DNS cache of the server.
• B. Submitted a remote command to crash the server.
• C. Grabbed the banner.
• D. Downloaded a file to his local computer.

The MBR of a hard disk is a collection of boot records that contain disk information such as disk
architecture, cluster size, and so on. The main work of the MBR is to locate and run necessary
operating system files that are required to run a hard disk. In the context of the operating system,
MBR is also known as the boot loader. Which of the following viruses can infect the MBR of a hard
disk?
Each correct answer represents a complete solution. Choose two.

• A. Stealth
• B. Boot sector
• C. Multipartite
• D. File

You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to
investigate e-mail information of an employee of the company. The suspected employee is using an
online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer
will you review to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

• A. History folder
• B. Temporary Internet Folder
• C. Download folder
• D. Cookies folder

Which of the following methods is used by forensic investigators to acquire an image over the
network in a secure manner?

• A. DOS boot disk
• B. Linux Live CD
• C. Secure Authentication for EnCase (SAFE)
• D. EnCase with a hardware write blocker