Cyber Monday Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

GCFA GIACCertified Forensics Analyst Free Practice Exam Questions (2025 Updated)

Prepare effectively for your GIAC GCFA GIACCertified Forensics Analyst certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

GIAC GCFA Premium Access     Download Demo    
Page: 3 / 5
Total 318 questions

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

A.

Email spoofing

B.

Social engineering

C.

Steganography

D.

Web ripping

You work as a Network Administrator for Net World International. You want to configure a Windows 2000 computer to dual boot with Windows 98. The hard disk drive of the computer will be configured as a single partition drive. Which of the following file systems will you use to accomplish this?

A.

NTFS

B.

HPFS

C.

FAT16

D.

FAT32

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate and examine drive image of a compromised system, which is suspected to be used in cyber crime. Adam uses Forensic Sorter to sort the contents of hard drive in different categories. Which of the following type of image formats is NOT supported by Forensic Sorter?

A.

PFR image file

B.

iso image file

C.

RAW image file

D.

EnCase image file

In the United States, Title VII of the 1964 Civil Rights Act was formulated to protect an employee from discrimination on the basis of religion, color, race, national origin, and sex. This law makes discrimination in employment illegal. Which of the following was the original emphasis of the Act?

A.

Protect fundamental rights of an employee

B.

Equal position to all employees

C.

Protect woman in the workplace

D.

Prevent child pornography

Which of the following anti-child pornography organizations helps local communities to create

programs and develop strategies to investigate child exploitation?

A.

Anti-Child Porn.org

B.

Project Safe Childhood (PSC)

C.

Innocent Images National Imitative (IINI)

D.

Internet Crimes Against Children (ICAC)

Which of the following graphical tools is used to navigate through directory structures?

A.

Disk Cleanup

B.

System Information

C.

Disk Management

D.

Windows Explorer

Which of the following firewalls depends on the three-way handshake of the TCP protocol?

A.

Proxy-based firewall

B.

Stateful firewall

C.

Packet filter firewall

D.

Endian firewall

Which of the following is used for remote file access by UNIX/Linux systems?

A.

NetWare Core Protocol (NCP)

B.

Common Internet File System (CIFS)

C.

Server Message Block (SMB)

D.

Network File System (NFS)

Which of the following statements about the compression feature of the NTFS file system are true?

Each correct answer represents a complete solution. Choose two.

A.

Users can work with NTFS-compressed files without decompressing them.

B.

It supports compression only on volumes.

C.

Compressed files on an NTFS volume can be read and written by any Windows-based application after they are decompressed.

D.

It supports compression on volumes, folders, and files.

John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?

Each correct answer represents a complete solution. Choose all that apply.

A.

Rule based attack

B.

Brute Force attack

C.

Dictionary attack

D.

Hybrid attack

Which of the following statements is true for a file in the UNIX operating system?

A.

It is a collection of information, which cannot be data or documents.

B.

It is a directory entry that points to an original file somewhere else.

C.

It is a collection of information, which can be data, an application, or documents.

D.

It is a collection of information, which can be only documents.

Joseph works as a Web Designer for WebTech Inc. He creates a Web site and wants to protect it from lawsuits. Which of the following steps will he take to accomplish the task?

Each correct answer represents a part of the solution. Choose all that apply.

A.

Restrict the access to the site.

B.

Restrict shipping in certain areas.

C.

Restrict the transfer of information.

D.

Restrict customers according to their locations.

Which of the following tools is used to locate lost files and partitions to restore data from a formatted, damaged, or lost partition in Windows and Apple Macintosh computers?

A.

Easy-Undelete

B.

File Scavenger

C.

Recover4all Professional

D.

VirtualLab

In which of the following files does the Linux operating system store passwords?

A.

Password

B.

Passwd

C.

Shadow

D.

SAM

Which of the following tools is a wireless sniffer and analyzer that works on the Windows operating system?

A.

Kismet

B.

Airsnort

C.

Void11

D.

Aeropeek

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

A.

Recovery phase

B.

Eradication phase

C.

Identification phase

D.

Containment phase

E.

Preparation phase

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He wants to test the effect of a virus on the We-are-secure server. He injects the virus on the server and, as a result, the server becomes infected with the virus even though an established antivirus program is installed on the server. Which of the following do you think are the reasons why the antivirus installed on the server did not detect the virus injected by John?

Each correct answer represents a complete solution. Choose all that apply.

A.

The mutation engine of the virus is generating a new encrypted code.

B.

The virus, used by John, is not in the database of the antivirus program installed on the server.

C.

John has created a new virus.

D.

John has changed the signature of the virus.

Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?

A.

18 U.S.C. 1030

B.

18 U.S.C. 1362

C.

18 U.S.C. 2701

D.

18 U.S.C. 2510

E.

18 U.S.C. 1029

Convention on Cybercrime, created by the Council of Europe, is the treaty seeking to address

Computer crime and Internet crimes by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. Which of the following chapters of Convention of Cybercrime contains the provisions for mutual assistances and extradition rules related to cybercrimes?

A.

Chapter II

B.

Chapter IV

C.

Chapter III

D.

Chapter I

Which of the following protocols allows computers on different operating systems to share files and disk storage?

A.

Domain Name System (DNS)

B.

Network File System (NFS)

C.

Trivial File Transfer Protocol (TFTP)

D.

Simple Network Management Protocol (SNMP)

GIAC GCFA Premium Access     Download Demo    
Page: 3 / 5
Total 318 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved