GFACT Certification Exam QUESTIONS AND WELL
ELABORATED ANSWERS LATEST UPDATE THIS
YEAR
Save
Terms in this set (160)
(B2, Pg122) What does it mean when It can run multiple chunks of code concurrently
a computer program is "multi-
threaded"?
A) It calls multiple external libraries
B) It has multiple serial number for
different users
C) It can run multiple chunks of code
concurrently
D) It has multiple functions defined in
the program
,(B3, Pg162) Which of the following is Sending a website user's session cookie to an
a common result of a reflected attacker
cross-site scripting attack?
A)Tricking a user into making an
authenticated transaction
B)Sending a website user's session
cookie to an attacker
C) Embedding the attacker's malware
in web application source code
D) Stealing password hashes from a
website's back end database
HINT It may be under the session
guessing section, but if you read
further into it, you will see where it
mentions XSS attack.
(B3, Pg90) What tool can be used to Nmap
fingerprint the operating system of a
host?
A)netstat
B)dig
C)nslookup
D)nmap
,(B3, Pg151) What type of vulnerability File Inclusion
is illustrated where there is code in
the web page?
A)File Inclusion
B) Clickjacking
C)Cross-Site Scripting
D) SQL injection
HINT While it doesn't exactly say
"code in the web page", it mentions
how you can sometimes view a page
that looks like PHP code and how
that code can gain you access to the
access logs of the server.
(B3, Pg88-89) An alert indicates that Identify services running on network hosts
a compromised host was used by an
attacker to run the command below.
What was the attacker attempting to
do?
$ nmap -sS 192.168.10.0/24
A)Map a network drive to a remote
host
B)Identify services running on
network hosts
C)Execute a script on a remote host
D)Send Spoofed packets to network
hosts
, What type of artifact can a blue team Metadata
member use to identify the name
that is associated to the file?
A)Metadata
B)Windows security logs
C)Prefetch
D)File Ownership
(B3, Pg307-308) What is A Registry Key
HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
Run considered to be?
A)Domain Name
B)Log File Path
C) Registry Key
D) Yo Mama's Number
(B1, Pg236) If a user agent is used, In a GET Request
where would it be found in the HTTP
Protocol?
A)In the response header
B)In the response body
C)Delimited by an h1 tag
D) In a GET Request
ELABORATED ANSWERS LATEST UPDATE THIS
YEAR
Save
Terms in this set (160)
(B2, Pg122) What does it mean when It can run multiple chunks of code concurrently
a computer program is "multi-
threaded"?
A) It calls multiple external libraries
B) It has multiple serial number for
different users
C) It can run multiple chunks of code
concurrently
D) It has multiple functions defined in
the program
,(B3, Pg162) Which of the following is Sending a website user's session cookie to an
a common result of a reflected attacker
cross-site scripting attack?
A)Tricking a user into making an
authenticated transaction
B)Sending a website user's session
cookie to an attacker
C) Embedding the attacker's malware
in web application source code
D) Stealing password hashes from a
website's back end database
HINT It may be under the session
guessing section, but if you read
further into it, you will see where it
mentions XSS attack.
(B3, Pg90) What tool can be used to Nmap
fingerprint the operating system of a
host?
A)netstat
B)dig
C)nslookup
D)nmap
,(B3, Pg151) What type of vulnerability File Inclusion
is illustrated where there is code in
the web page?
A)File Inclusion
B) Clickjacking
C)Cross-Site Scripting
D) SQL injection
HINT While it doesn't exactly say
"code in the web page", it mentions
how you can sometimes view a page
that looks like PHP code and how
that code can gain you access to the
access logs of the server.
(B3, Pg88-89) An alert indicates that Identify services running on network hosts
a compromised host was used by an
attacker to run the command below.
What was the attacker attempting to
do?
$ nmap -sS 192.168.10.0/24
A)Map a network drive to a remote
host
B)Identify services running on
network hosts
C)Execute a script on a remote host
D)Send Spoofed packets to network
hosts
, What type of artifact can a blue team Metadata
member use to identify the name
that is associated to the file?
A)Metadata
B)Windows security logs
C)Prefetch
D)File Ownership
(B3, Pg307-308) What is A Registry Key
HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
Run considered to be?
A)Domain Name
B)Log File Path
C) Registry Key
D) Yo Mama's Number
(B1, Pg236) If a user agent is used, In a GET Request
where would it be found in the HTTP
Protocol?
A)In the response header
B)In the response body
C)Delimited by an h1 tag
D) In a GET Request
