GCFA Exam Dumps - GIAC Forensics Questions and Answers

Question # 34

Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution. Which of the following data should be recorded in this documentation?

Each correct answer represents a complete solution. Choose all that apply.

Options:

Names of the victims

Date and time of incident

Nature of harassment

Location of each incident

Buy Now

Question # 35

Which of the following are the primary goals of the incident handling team?

Each correct answer represents a complete solution. Choose all that apply.

Options:

Prevent any further damage.

Freeze the scene.

Repair any damage caused by an incident.

Inform higher authorities.

Buy Now

Question # 36

Which of the following attacks saturates network resources and disrupts services to a specific computer?

Options:

Teardrop attack

Polymorphic shell code attack

Denial-of-Service (DoS) attack

Replay attack

Buy Now

Question # 37

Which of the following file systems cannot be used to install an operating system on the hard disk drive?

Each correct answer represents a complete solution. Choose two.

Options:

Windows NT file system (NTFS)

High Performance File System (HPFS)

Log-structured file system (LFS)

Compact Disc File System (CDFS)

Novell Storage Services (NSS)

Buy Now

Question # 38

You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to allow direct access to the filesystems data structure. Which of the following Unix commands can you use to accomplish the task?

Options:

debugfs

dosfsck

Buy Now

Question # 39

The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement?

Each correct answer represents a complete solution. Choose all that apply.

Options:

Information dissemination policy

Additional personnel security controls

Incident response plan

Electronic monitoring statement

Buy Now

Question # 40

Which of the following tools can be used by a user to hide his identity?

Each correct answer represents a complete solution. Choose all that apply.

Options:

Proxy server

Anonymizer

Rootkit

IPchains

War dialer

Buy Now

Question # 41

Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with the project of investigating an iPod, which is suspected to contain some explicit material. Adam wants to connect the compromised iPod to his system, which is running on Windows XP (SP2) operating system. He doubts that connecting the iPod with his computer may change some evidences and settings in the iPod. He wants to set the iPod to read-only mode. This can be done by changing the registry key within the Windows XP (SP2) operating system. Which of the following registry keys will Adam change to accomplish the task?

Options:

HKEY_LOCAL_MACHINE\System\CurrentControlset\Control\StorageDevicePolicies

HKEY_LOCAL_MACHINE\CurrentControlset\Control\StorageDevicePolicies

HKEY_LOCAL_MACHINE\System\CurrentControlset\StorageDevicePolicies

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

Buy Now

Question # 42

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

Options:

Corroborating

Circumstantial

Incontrovertible

Direct

Buy Now

Question # 43

Identify the port in the image given below, which can be connected to the hub to extend the number of ports, and up to 127 devices can be connected to it?