GFACT CERTIFICATION EXAMWITH CORRECT
ACTUAL QUESTIONS AND CORRECTLY WELL
DEFINED ANSWERS LATEST ALREADY GRADED
A+ (2025/2026)
(B2, Pg122) What does it mean when a computer
program is "multi-threaded"?
A) It calls multiple external libraries
B) It has multiple serial number for different users
C) It can run multiple chunks of code concurrently
D) It has multiple functions defined in the program -
correct answer -->>It can run multiple chunks of
code concurrently
(B3, Pg162) Which of the following is a common
result of a reflected cross-site scripting attack?
A)Tricking a user into making an authenticated
transaction
B)Sending a website user's session cookie to an
attacker
C) Embedding the attacker's malware in web
application source code
D) Stealing password hashes from a website's back
end database
,*HINT* It may be under the session guessing
section, but if you read further into it, you will see
where it mentions XSS attack. -correct answer --
>>Sending a website user's session cookie to an
attacker
(B3, Pg90) What tool can be used to fingerprint the
operating system of a host?
A)netstat
B)dig
C)nslookup
D)nmap -correct answer -->>Nmap
(B3, Pg151) What type of vulnerability is illustrated
where there is code in the web page?
A)File Inclusion
B) Clickjacking
C)Cross-Site Scripting
D) SQL injection
*HINT* While it doesn't exactly say "code in the web
page", it mentions how you can sometimes view a
page that looks like PHP code and how that code
can gain you access to the access logs of the
server. -correct answer -->>File Inclusion
,(B3, Pg88-89) An alert indicates that a compromised
host was used by an attacker to run the command
below. What was the attacker attempting to do?
$ nmap -sS 192.168.10.0/24
A)Map a network drive to a remote host
B)Identify services running on network hosts
C)Execute a script on a remote host
D)Send Spoofed packets to network hosts -correct
answer -->>Identify services running on network
hosts
What type of artifact can a blue team member use to
identify the name that is associated to the file?
A)Metadata
B)Windows security logs
C)Prefetch
D)File Ownership -correct answer -->>Metadata
(B3, Pg307-308) What is
HKEY_LOCAL_MACHINE\Software\Microsoft\Windo
ws\CurrentVersion\Run considered to be?
A)Domain Name
, B)Log File Path
C) Registry Key
D) Yo Mama's Number -correct answer -->>A
Registry Key
(B1, Pg236) If a user agent is used, where would it
be found in the HTTP Protocol?
A)In the response header
B)In the response body
C)Delimited by an h1 tag
D) In a GET Request -correct answer -->>In a
GET Request
What benefit does moving from local logging to
using a log server provide organizations?
A) Enables the use of network intrusion detection
systems (NIDS)
B) Harder for attackers to overwrite logs
C) Attackers will have to pivot through an extra
server to infiltrate the network
D)Less complex logging infrastructure -correct
answer -->>Harder for attackers to overwrite logs
(B3, Pg187) What is the only way to mitigate an
integer overflow/underflow?
ACTUAL QUESTIONS AND CORRECTLY WELL
DEFINED ANSWERS LATEST ALREADY GRADED
A+ (2025/2026)
(B2, Pg122) What does it mean when a computer
program is "multi-threaded"?
A) It calls multiple external libraries
B) It has multiple serial number for different users
C) It can run multiple chunks of code concurrently
D) It has multiple functions defined in the program -
correct answer -->>It can run multiple chunks of
code concurrently
(B3, Pg162) Which of the following is a common
result of a reflected cross-site scripting attack?
A)Tricking a user into making an authenticated
transaction
B)Sending a website user's session cookie to an
attacker
C) Embedding the attacker's malware in web
application source code
D) Stealing password hashes from a website's back
end database
,*HINT* It may be under the session guessing
section, but if you read further into it, you will see
where it mentions XSS attack. -correct answer --
>>Sending a website user's session cookie to an
attacker
(B3, Pg90) What tool can be used to fingerprint the
operating system of a host?
A)netstat
B)dig
C)nslookup
D)nmap -correct answer -->>Nmap
(B3, Pg151) What type of vulnerability is illustrated
where there is code in the web page?
A)File Inclusion
B) Clickjacking
C)Cross-Site Scripting
D) SQL injection
*HINT* While it doesn't exactly say "code in the web
page", it mentions how you can sometimes view a
page that looks like PHP code and how that code
can gain you access to the access logs of the
server. -correct answer -->>File Inclusion
,(B3, Pg88-89) An alert indicates that a compromised
host was used by an attacker to run the command
below. What was the attacker attempting to do?
$ nmap -sS 192.168.10.0/24
A)Map a network drive to a remote host
B)Identify services running on network hosts
C)Execute a script on a remote host
D)Send Spoofed packets to network hosts -correct
answer -->>Identify services running on network
hosts
What type of artifact can a blue team member use to
identify the name that is associated to the file?
A)Metadata
B)Windows security logs
C)Prefetch
D)File Ownership -correct answer -->>Metadata
(B3, Pg307-308) What is
HKEY_LOCAL_MACHINE\Software\Microsoft\Windo
ws\CurrentVersion\Run considered to be?
A)Domain Name
, B)Log File Path
C) Registry Key
D) Yo Mama's Number -correct answer -->>A
Registry Key
(B1, Pg236) If a user agent is used, where would it
be found in the HTTP Protocol?
A)In the response header
B)In the response body
C)Delimited by an h1 tag
D) In a GET Request -correct answer -->>In a
GET Request
What benefit does moving from local logging to
using a log server provide organizations?
A) Enables the use of network intrusion detection
systems (NIDS)
B) Harder for attackers to overwrite logs
C) Attackers will have to pivot through an extra
server to infiltrate the network
D)Less complex logging infrastructure -correct
answer -->>Harder for attackers to overwrite logs
(B3, Pg187) What is the only way to mitigate an
integer overflow/underflow?
