GCFA GIACCertified Forensics Analyst Free Practice Exam Questions (2025 Updated)
Prepare effectively for your GIAC GCFA GIACCertified Forensics Analyst certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.
Which of the following statements about SD cards are true?
Each correct answer represents a complete solution. Choose two.
Which of the following functionality within the Autopsy browser is specifically designed to aid in case management?
Which of the following types of evidence is considered as the best evidence?
You work as a Network Administrator for Blue Well Inc. Your company's network has a Windows 2000 server with the FAT file system. This server stores sensitive data. You want to encrypt this data to protect it from unauthorized access. You also have to accomplish the following goals:
Data should be encrypted and secure.
Administrative effort should be minimum.
You should have the ability to recover encrypted files in case the file owner leaves the company.
Other permissions on encrypted files should be unaffected.
File-level security is required on the disk where data is stored.
Encryption or decryption of files should not be the responsibility of the file owner.
You take the following steps to accomplish these goals:
Convert the FAT file system to NTFS file system.
Use third-party data encryption software.
What will happen after taking these steps?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are working as a root user on the Linux operating system. While performing some security investigation, you want to see the hostname and IP address from where users logged in.
Which of the following commands will you use to accomplish the task?
Which of the following types of cyber stalking damage the reputation of their victim and turn other people against them by setting up their own Websites, blogs or user pages for this purpose?
Which of the following types of firewall ensures that the packets are part of the established session?
Which of the following data is NOT listed as a volatile data in RFC 3227 list for Windows based system?
In Linux, which of the following files describes the processes that are started up during boot up?
John works as a Network Administrator for DigiNet Inc. He wants to investigate failed logon attempts to a network. He uses Log Parser to detail out the failed logons over a specific time frame. He uses the following commands and query to list all failed logons on a specific date:
logparser.exe file:FailedLogons.sql -i:EVT -o:datagrid
SELECT
timegenerated AS LogonTime,
extract_token(strings, 0, '|') AS UserName
FROM Security
WHERE EventID IN (529;
530;
531;
532;
533;
534;
535;
537;
539)
AND to_string(timegenerated,'yyyy-MM-dd HH:mm:ss') like '2004-09%'
After investigation, John concludes that two logon attempts were made by using an expired account.
Which of the following EventID refers to this failed logon?
Which of the following articles defines illegal access to the computer or network in Chapter 2 of Section 1, i.e., Substantive criminal law of the Convention on Cybercrime passed by the Council of Europe?
You are the Security Consultant working with a client who uses a lot of outdated systems. Many of their clients PC's still have Windows 98. You are concerned about the security of passwords on a Windows 98 machine. What algorithm is used in Windows 98 to hash passwords?
Which of the following encryption methods use the RC4 technology?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following directories contains administrative commands on a UNIX computer?
Victor is a novice Ethical Hacker. He is learning the hacking process, i.e., the steps taken by malicious hackers to perform hacking. Which of the following steps is NOT included in the hacking process?
Which of the following are advantages of NTFS file system over FAT32 and FAT?
Each correct answer represents a part of the solution. Choose two.
John works as a Technical Support Executive in ABC Inc. The company's network consists of ten computers with Windows XP professional installed on all of them. John is working with a computer on which he has enabled hibernation. He shuts down his computer using hibernation mode. Which of the following will happen to the data after powering off the system using hibernation?
Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?
Which of the following files starts the initialization process in booting sequence of the Linux operating system?
You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will you use?
