GFACT Certification Exam 2026
Questions and Answers
(B2, Pg122) What does it mean when a computer program is "multi-threaded"?
A) It calls multiple external libraries
B) It has multiple serial number for different users
C) It can run multiple chunks of code concurrently
D) It has multiple functions defined in the program - Correct answer-It can run
multiple chunks of code concurrently
(B3, Pg162) Which of the following is a common result of a reflected cross-site
scripting attack?
A)Tricking a user into making an authenticated transaction
B)Sending a website user's session cookie to an attacker
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,C) Embedding the attacker's malware in web application source code
D) Stealing password hashes from a website's back end database
*HINT* It may be under the session guessing section, but if you read further into
it, you will see where it mentions XSS attack. - Correct answer-Sending a website
user's session cookie to an attacker
(B3, Pg90) What tool can be used to fingerprint the operating system of a host?
A)netstat
B)dig
C)nslookup
D)nmap - Correct answer-Nmap
(B3, Pg151) What type of vulnerability is illustrated where there is code in the web
page?
A)File Inclusion
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,B) Clickjacking
C)Cross-Site Scripting
D) SQL injection
*HINT* While it doesn't exactly say "code in the web page", it mentions how you
can sometimes view a page that looks like PHP code and how that code can gain
you access to the access logs of the server. - Correct answer-File Inclusion
(B3, Pg88-89) An alert indicates that a compromised host was used by an attacker
to run the command below. What was the attacker attempting to do?
$ nmap -sS 192.168.10.0/24
A)Map a network drive to a remote host
B)Identify services running on network hosts
C)Execute a script on a remote host
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, D)Send Spoofed packets to network hosts - Correct answer-Identify services
running on network hosts
What type of artifact can a blue team member use to identify the name that is
associated to the file?
A)Metadata
B)Windows security logs
C)Prefetch
D)File Ownership - Correct answer-Metadata
(B3, Pg307-308) What is
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
considered to be?
A)Domain Name
B)Log File Path
C) Registry Key
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
Questions and Answers
(B2, Pg122) What does it mean when a computer program is "multi-threaded"?
A) It calls multiple external libraries
B) It has multiple serial number for different users
C) It can run multiple chunks of code concurrently
D) It has multiple functions defined in the program - Correct answer-It can run
multiple chunks of code concurrently
(B3, Pg162) Which of the following is a common result of a reflected cross-site
scripting attack?
A)Tricking a user into making an authenticated transaction
B)Sending a website user's session cookie to an attacker
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,C) Embedding the attacker's malware in web application source code
D) Stealing password hashes from a website's back end database
*HINT* It may be under the session guessing section, but if you read further into
it, you will see where it mentions XSS attack. - Correct answer-Sending a website
user's session cookie to an attacker
(B3, Pg90) What tool can be used to fingerprint the operating system of a host?
A)netstat
B)dig
C)nslookup
D)nmap - Correct answer-Nmap
(B3, Pg151) What type of vulnerability is illustrated where there is code in the web
page?
A)File Inclusion
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,B) Clickjacking
C)Cross-Site Scripting
D) SQL injection
*HINT* While it doesn't exactly say "code in the web page", it mentions how you
can sometimes view a page that looks like PHP code and how that code can gain
you access to the access logs of the server. - Correct answer-File Inclusion
(B3, Pg88-89) An alert indicates that a compromised host was used by an attacker
to run the command below. What was the attacker attempting to do?
$ nmap -sS 192.168.10.0/24
A)Map a network drive to a remote host
B)Identify services running on network hosts
C)Execute a script on a remote host
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, D)Send Spoofed packets to network hosts - Correct answer-Identify services
running on network hosts
What type of artifact can a blue team member use to identify the name that is
associated to the file?
A)Metadata
B)Windows security logs
C)Prefetch
D)File Ownership - Correct answer-Metadata
(B3, Pg307-308) What is
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
considered to be?
A)Domain Name
B)Log File Path
C) Registry Key
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
