GFACT Certification Exam 2023 Questions and Answers
Correct
What does it mean when a computer program is "multi-threaded"?
A) It calls multiple external libraries
B) It has multiple serial number for different users
C) It can run multiple chunks of code concurrently
D) It has multiple functions defined in the program
It can run multiple chunks of code concurrently
Which of the following is a common result of a reflected cross-site scripting
attack?
A)Tricking a user into making an authenticated transaction
B)Sending a website user's session cookie to an attacker
C) Embedding the attacker's malware in web application source code
D) Stealing password hashes from a website's back end database
Sending a website user's session cookie to an attacker
What tool can be used to fingerprint the operating system of a host?
A)netstat
B)dig
C)nslookup
D)nmap
Nmap
What type of vulnerability is illustrated where there is code in the web page?
A)File Inclusion
B) Clickjacking
C)Cross-Site Scripting
D) SQL injection
File Inclusion
An alert indicates that a compromised host was used by an attacker to run the
command below. What was the attacker attempting to do?
$ nmap -sS 192.168.10.0/24
A)Map a network drive to a remote host
B)Identify services running on network hosts
C)Execute a script on a remote host
D)Send Spoofed packets to network hosts
Identify services running on network hosts
What type of artifact can a blue team member use to identify the name that is
associated to the file?
,A)Metadata
B)Windows security logs
C)Prefetch
D)File Ownership
Metadata
What is HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run considered to be?
A)Domain Name
B)Log File Path
C) Registry Key
D) Yo Mama's Number
A Registry Key
If a user agent is used, where would it be found in the HTTP Protocol?
A)In the response header
B)In the response body
C)Delimited by an h1 tag
D) In a GET Request
In a GET Request
What benefit does moving from local logging to using a log server provide
organizations?
A) Enables the use of network intrusion detection systems (NIDS)
B) Harder for attackers to overwrite logs
C) Attackers will have to pivot through an extra server to infiltrate the network
D)Less complex logging infrastructure
Harder for attackers to overwrite logs
What is the only way to mitigate an integer overflow/underflow?
A) Takin the absolute value of negative results prior to running the equation
B) Checking that the result of any change to a signed integer falls within an
allowed range
C) Randomizing salt values prior to hashing user content
D) Sanitizing user input to block special characters from being entered
Checking that the result of any change to a signed integer falls within an allowed range
Which Variable name will cause Python to produce an error?
A)2nd_phone_number
B)LASTNAM_
C)streetAddress
D)_firstname
2nd_phone_number
What is the following command attempting to accomplish in Kali Linux?
dnsmap myfakedomain.local -w /usr/share/wordlists/dnsmap.txt
, A)Search for subdomains based upon the wordlist provided
B) Check for users based on the wordlist provided
C)Run checks on the applications based on the wordlist provided
D)Call yo mama
Search for subdomains based upon the wordlist provided
How do you remove data from a Solid State Drive?
A) Destroy it
B) Place Magnets upon it
C) Snap it
D) Yo mama sit on it
Destroy it
Where are the wordlists located in Kali?
A)/var/opt/wordlists
B)/etc/default/wordlists
C)/etc/security/wordlists
D)/var/adm/wordlists
E)/usr/share/wordlists
/usr/share/wordlists
What is the outcome of the command below?
ps aux | grep -i sshd | grep root
A) Enabling logging for all root logins for the ssh service
B)Terminating the secure shell service
C)List of secure shell processes running under the root user
D)Starting up the ssh service as the root user
List of secure shell processes running under the root user
When would a security analyst create a "TCP Socket" in a Python Program?
A) When scanning the host computer for malicious software
B) When creating a script to run against a network service
C) When collecting information about the host computer's hardware
D) When the host is running network services in the background during Python
program execution
When creating a script to run against a network service
What is used to access the address of a variable in the C Programming
Language?
A) &giac
B)*giac
C) {giac}
D) 8=giac=D
&giac
Correct
What does it mean when a computer program is "multi-threaded"?
A) It calls multiple external libraries
B) It has multiple serial number for different users
C) It can run multiple chunks of code concurrently
D) It has multiple functions defined in the program
It can run multiple chunks of code concurrently
Which of the following is a common result of a reflected cross-site scripting
attack?
A)Tricking a user into making an authenticated transaction
B)Sending a website user's session cookie to an attacker
C) Embedding the attacker's malware in web application source code
D) Stealing password hashes from a website's back end database
Sending a website user's session cookie to an attacker
What tool can be used to fingerprint the operating system of a host?
A)netstat
B)dig
C)nslookup
D)nmap
Nmap
What type of vulnerability is illustrated where there is code in the web page?
A)File Inclusion
B) Clickjacking
C)Cross-Site Scripting
D) SQL injection
File Inclusion
An alert indicates that a compromised host was used by an attacker to run the
command below. What was the attacker attempting to do?
$ nmap -sS 192.168.10.0/24
A)Map a network drive to a remote host
B)Identify services running on network hosts
C)Execute a script on a remote host
D)Send Spoofed packets to network hosts
Identify services running on network hosts
What type of artifact can a blue team member use to identify the name that is
associated to the file?
,A)Metadata
B)Windows security logs
C)Prefetch
D)File Ownership
Metadata
What is HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run considered to be?
A)Domain Name
B)Log File Path
C) Registry Key
D) Yo Mama's Number
A Registry Key
If a user agent is used, where would it be found in the HTTP Protocol?
A)In the response header
B)In the response body
C)Delimited by an h1 tag
D) In a GET Request
In a GET Request
What benefit does moving from local logging to using a log server provide
organizations?
A) Enables the use of network intrusion detection systems (NIDS)
B) Harder for attackers to overwrite logs
C) Attackers will have to pivot through an extra server to infiltrate the network
D)Less complex logging infrastructure
Harder for attackers to overwrite logs
What is the only way to mitigate an integer overflow/underflow?
A) Takin the absolute value of negative results prior to running the equation
B) Checking that the result of any change to a signed integer falls within an
allowed range
C) Randomizing salt values prior to hashing user content
D) Sanitizing user input to block special characters from being entered
Checking that the result of any change to a signed integer falls within an allowed range
Which Variable name will cause Python to produce an error?
A)2nd_phone_number
B)LASTNAM_
C)streetAddress
D)_firstname
2nd_phone_number
What is the following command attempting to accomplish in Kali Linux?
dnsmap myfakedomain.local -w /usr/share/wordlists/dnsmap.txt
, A)Search for subdomains based upon the wordlist provided
B) Check for users based on the wordlist provided
C)Run checks on the applications based on the wordlist provided
D)Call yo mama
Search for subdomains based upon the wordlist provided
How do you remove data from a Solid State Drive?
A) Destroy it
B) Place Magnets upon it
C) Snap it
D) Yo mama sit on it
Destroy it
Where are the wordlists located in Kali?
A)/var/opt/wordlists
B)/etc/default/wordlists
C)/etc/security/wordlists
D)/var/adm/wordlists
E)/usr/share/wordlists
/usr/share/wordlists
What is the outcome of the command below?
ps aux | grep -i sshd | grep root
A) Enabling logging for all root logins for the ssh service
B)Terminating the secure shell service
C)List of secure shell processes running under the root user
D)Starting up the ssh service as the root user
List of secure shell processes running under the root user
When would a security analyst create a "TCP Socket" in a Python Program?
A) When scanning the host computer for malicious software
B) When creating a script to run against a network service
C) When collecting information about the host computer's hardware
D) When the host is running network services in the background during Python
program execution
When creating a script to run against a network service
What is used to access the address of a variable in the C Programming
Language?
A) &giac
B)*giac
C) {giac}
D) 8=giac=D
&giac
