1
GFACT CERTIFICATION EXAM NEWEST VERSION -2025/2026-
100+ QUESTIONS AND VERIFIED ANSWERS 100% CORRECT
GUARANTEED SUCCESS
What type of artifact can a blue team member use to identify the name that is
associated to the file?
A)Metadata
B)Windows security logs
C)Prefetch
D)File Ownership
Metadata
(B3, Pg307-308) What is
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
considered to be?
A)Domain Name
B)Log File Path
C) Registry Key
D) Yo Mama's Number
A Registry Key
(B3, Pg90) What tool can be used to fingerprint the operating system of a host?
, 2
A)netstat
B)dig
C)nslookup
D)nmap
Nmap
(B3, Pg151) What type of vulnerability is illustrated where there is code in the web
page?
A)File Inclusion
B) Clickjacking
C)Cross-Site Scripting
D) SQL injection
HINT While it doesn't exactly say "code in the web page", it mentions how you can
sometimes view a page that looks like PHP code and how that code can gain you
access to the access logs of the server.
File Inclusion
(B3, Pg88-89) An alert indicates that a compromised host was used by an attacker
to run the command below. What was the attacker attempting to do?
$ nmap -sS 192.168.10.0/24
A)Map a network drive to a remote host
, 3
B)Identify services running on network hosts
C)Execute a script on a remote host
D)Send Spoofed packets to network hosts
Identify services running on network hosts
(B1, Pg236) If a user agent is used, where would it be found in the HTTP Protocol?
A)In the response header
B)In the response body
C)Delimited by an h1 tag
D) In a GET Request
In a GET Request
What benefit does moving from local logging to using a log server provide
organizations?
A) Enables the use of network intrusion detection systems (NIDS)
B) Harder for attackers to overwrite logs
C) Attackers will have to pivot through an extra server to infiltrate the network
D)Less complex logging infrastructure
Harder for attackers to overwrite logs
(B3, Pg187) What is the only way to mitigate an integer overflow/underflow?
A) Takin the absolute value of negative results prior to running the equation
B) Checking that the result of any change to a signed integer falls within an
allowed range
, 4
C) Randomizing salt values prior to hashing user content
D) Sanitizing user input to block special characters from being entered
Checking that the result of any change to a signed integer falls within an allowed
range
(B2, Pg17) Which Variable name will cause Python to produce an error?
A)2nd_phone_number
B)LASTNAM_
C)streetAddress
D)_firstname
HINT You can start a variable name with a letter or an underscore, but NOT WITH
A NUMBER!
2nd_phone_number
What is the following command attempting to accomplish in Kali Linux?
dnsmap myfakedomain.local -w /usr/share/wordlists/dnsmap.txt
A)Search for subdomains based upon the wordlist provided
B) Check for users based on the wordlist provided
C)Run checks on the applications based on the wordlist provided
D)Call yo mama
Search for subdomains based upon the wordlist provided
(B3, Pg121) How do you remove data from a Solid State Drive?
GFACT CERTIFICATION EXAM NEWEST VERSION -2025/2026-
100+ QUESTIONS AND VERIFIED ANSWERS 100% CORRECT
GUARANTEED SUCCESS
What type of artifact can a blue team member use to identify the name that is
associated to the file?
A)Metadata
B)Windows security logs
C)Prefetch
D)File Ownership
Metadata
(B3, Pg307-308) What is
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
considered to be?
A)Domain Name
B)Log File Path
C) Registry Key
D) Yo Mama's Number
A Registry Key
(B3, Pg90) What tool can be used to fingerprint the operating system of a host?
, 2
A)netstat
B)dig
C)nslookup
D)nmap
Nmap
(B3, Pg151) What type of vulnerability is illustrated where there is code in the web
page?
A)File Inclusion
B) Clickjacking
C)Cross-Site Scripting
D) SQL injection
HINT While it doesn't exactly say "code in the web page", it mentions how you can
sometimes view a page that looks like PHP code and how that code can gain you
access to the access logs of the server.
File Inclusion
(B3, Pg88-89) An alert indicates that a compromised host was used by an attacker
to run the command below. What was the attacker attempting to do?
$ nmap -sS 192.168.10.0/24
A)Map a network drive to a remote host
, 3
B)Identify services running on network hosts
C)Execute a script on a remote host
D)Send Spoofed packets to network hosts
Identify services running on network hosts
(B1, Pg236) If a user agent is used, where would it be found in the HTTP Protocol?
A)In the response header
B)In the response body
C)Delimited by an h1 tag
D) In a GET Request
In a GET Request
What benefit does moving from local logging to using a log server provide
organizations?
A) Enables the use of network intrusion detection systems (NIDS)
B) Harder for attackers to overwrite logs
C) Attackers will have to pivot through an extra server to infiltrate the network
D)Less complex logging infrastructure
Harder for attackers to overwrite logs
(B3, Pg187) What is the only way to mitigate an integer overflow/underflow?
A) Takin the absolute value of negative results prior to running the equation
B) Checking that the result of any change to a signed integer falls within an
allowed range
, 4
C) Randomizing salt values prior to hashing user content
D) Sanitizing user input to block special characters from being entered
Checking that the result of any change to a signed integer falls within an allowed
range
(B2, Pg17) Which Variable name will cause Python to produce an error?
A)2nd_phone_number
B)LASTNAM_
C)streetAddress
D)_firstname
HINT You can start a variable name with a letter or an underscore, but NOT WITH
A NUMBER!
2nd_phone_number
What is the following command attempting to accomplish in Kali Linux?
dnsmap myfakedomain.local -w /usr/share/wordlists/dnsmap.txt
A)Search for subdomains based upon the wordlist provided
B) Check for users based on the wordlist provided
C)Run checks on the applications based on the wordlist provided
D)Call yo mama
Search for subdomains based upon the wordlist provided
(B3, Pg121) How do you remove data from a Solid State Drive?
