GFACT Exam Study Guide with Complete Solutions

GFACT Exam Study Guide with Complete Solutions / qn - Answer-Don't launch with a graphical user interface. /i - Answer-Don't try to run as administrator, run as a normal user instead (this won't matter because of AlwaysInstallElevated). /quiet - Answer-Don't show the user any messages. 1024?! - Answer-1 kilobyte = 1024 bytes. IEC introduced KiB instead: 1 byte is 8 bits. 1 kibibyte (KiB) is 1024 bytes. 1 mebibyte (MiB) is 1024 kibibytes. 1 gibibyte (GiB) is 1024 mebibytes. 1 tebibyte (TiB) is 1024 gibibytes. Active Directory - Answer-A system that allows the server to communicate with Windows desktops, allowing the administrator to easily configure all the connected desktops from one location, amongst other uses which we will cover in future modules. Active Directory allows administrators to configure settings on Windows desktops that are connected to a Windows server. Adding a new user - Answer-Adding a new user is as simple as running: net user /add username password This command will create a new user and set the password to what you specified. You can do so much more when creating users this way, such as configuring account expiry and setting times where the account can log on. EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024. Page 2/84 Add-ins - Answer-Microsoft Word allows for third parties to write 'add-ins', which extend the functionality of Microsoft Word. Advanced Memory Forensics with Volatility - Answer-Volatility is one of the most widely used memory forensics tools. Useful Volatility commands: imageinfo - or volatility -f imageinfo Aliases - Answer-PowerShell comes with several aliases set up for common cmdlets. cat, cd, dir, ls, rm Alternate Number Bases - Answer-We are very used to counting in base 10, but other number bases like base 16 (hex) or base 2 (binary) are incredibly useful in computing. Alternative Search Engines - Answer-No two search engines are the same. Alternative Search Engines - Google, Bing, Yahoo, DuckDuckGo, AlwaysInstall Elevated - Answer-Some administrators will configure this so that users can install software on their computers without administrator approval. Analytics - Answer-Collecting stats and analysing interactions on a web server. Anti Forensics - Answer-Cyber criminals improve and modify their operational security (OpSec) in order to avoid being caught. NotPetya is part of the Petya family of encrypting ransomware that targets Microsoft Windows based systems. APFS - Answer-The Apple File System supports permissions and encryption, and duplicate files can be stored without using additional space, with changes to one copy of a file being EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024. Page 3/84 saved as a delta (the difference between the old file and the new file) to lower space requirements. Application Layer - Answer-An example of an application layer protocol is something like HTTP or FTP. HTTP GET request is an application layer protocol because the web browser will form the request necessary for displaying a page or submitting a form. apropos - Answer-The 'apropos' tool is used to search man pages for keywords, usually to find the 'appropriate' tool to use in a particular situation. The 'apropos' command is used to find the 'appropriate' tool for a particular job. apt-get - Answer-The apt command is incredibly useful to rapidly find, install, or remove software. The way 'apt' works is by having a list of 'sources'; these are servers which contain information about available packages, download links and version information. 'apt update' only updates the list of available packages. Arguments - Answer-The 'argc' variable is an integer which contains the number of arguments passed to the program when it was executed. The 'argv' array contains the data passed in. Arithmetic Logic Unit (ALU) - Answer-The Arithmetic Logic Unit is the part of the CPU responsible for performing arithmetic and logical operations. ARP - Answer-The Address Resolution Protocol translates IP addresses to MAC addresses for transmission purposes. ARP is only for the local network. EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024. Page 4/84 ARP Cache - Answer-ARP (address resolution protocol) is a protocol used on local networks to map IP addresses to MAC addresses. When a computer receives an ARP response, it saves it into the ARP cache. ARP Spoofing / Poisoning - Answer-The flaw in the ARP protocol comes because, if an ARP response is sent to a computer, it will store that value in its ARP cache even if it didn't make an ARP request asking for a response. Arrays - Answer-In C, you have to specify the type of the array when you create it, and it can only ever hold that type of data. You can't mix and match within the same array. AS - Answer-The AS keyword is used to assign an alias to a table or field.They are used to make long SQL statements more readable, more descriptive or set the table headings for a query to make the results more descriptive. ASCII - Answer-American Standard Code for Information Interchange. A table that maps binary to characters. Originally 7 bits wide for up 127 characters. Now is 8 bits wide and up to 255 characters. ASLR - Answer-Address Space Layout Randomisation is a protection that involves randomising the memory addresses that a program gets loaded into on each run. Assertions - Answer-The assert function will cause the program to crash with the error message we provided if a condition is not met. EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024. Page 5/84 Asymmetric cryptography - Answer-Asymmetric cryptography, you have two keys, a public and a private. You can lock the message with whichever one you would like, but you must unlock it with the opposite key. Asymmetric Encryption - Answer-Asymmetric encryption: every party generates two encryption keys: one is private and one is public. The public encryption key is the one you send to whoever needs to communicate with you securely. The private encryption key should remain private only to you. Audio Steganography - Answer-Audio steganography is a technique used to embed secret messages into digital audio. There are various methods of audio steganography, such as LSB and Echo Hiding. Authoritative Name Servers - Answer-A name server that is authoritative for a domain is one that controls the mapping between the domain name and the IP address. It has the final say on where the domain points. Authoritative nameserver - Answer-The authoritative nameserver will retrieve the specific IP address of the origin server for the provided web domain name, which the resolver will pass back to the client. Automatically Decoding Encoding - Answer-The purpose of encoding is to enable us to fit data that we need to store or transmit within a set of constraints that are suitable to the storage or transmission medium. Encoding is often used with encryption to make the results transmissible. EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024. Page 6/84 Base 64 - Answer-Base64 is a group of binary to text encoding systems that represent binary data in ASCII format. Each Base64 digit represents 6 bits of data; three 8 bit bytes can therefore be represented by four 6 bit Base64 digits. Binary - Answer-Counting in binary is very similar to counting in denary. First, let's calculate the headings: 2^0 = 1 (Anything to the power of 0 is 1.) 2^1 = 2 (Anything to the power of 1 is itself!) 2^2 = 4. 2^3 = 8 (2 x 2 x 2 = 8). 2^4 = 16 (2 x 2 x 2 x 2 = 16). 1 KiB is 1024 bytes because 2^10 = 1024 Binary to Denary - Answer- BIOS - Answer-Basic Input Output System, is a program stored on the motherboard of your computer. When the computer is first turned on, it is the first program that is loaded, and prepares, or initialises, the hardware ready to load the bootloader. Modern computers use UEFI (Unified Extensible Firmware Interface). Bits - Answer-The smallest unit of data stored on a computer system. Only be two possible values stored in a single bit: a '1' or '0'. Known as a 'boolean', or 'bool', can only have two values. 4 bits (half a byte) is a nibble,1 byte is 8 bits, 1 kilobyte (kB) is 1000 bytes, 1 megabyte (MB) is 1000 kilobytes, 1 gigabyte (GB) is 1000 megabytes, 1 terabyte (TB) is 1000 gigabytes. Block Storage - Answer-Block storage is one of the more common forms of storage you will see on the cloud. It is also utilised in a Storage Area Network (SAN). Blue Team - Answer-Defensive; responsible for setting up secure network infrastructure, monitoring this infrastructure and responding to attacks. EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024. Page 7/84 Boolean Logic - Answer-A boolean value is a value that can be either true or false. This kind of value is perfect for computers, which talk in bits: either a 1 or a 0. In other words, bits are Boolean values, like a switch they can be either on or off. Bootkits - Answer-If malware can run at a high enough privilege level, it can write directly to the disk without having to use the file system as an intermediary. Bootloader - Answer-A program that is loaded by the BIOS when a computer is first turned on, and is responsible for loading the operating system. Installed at the same time as the operating system, on the hard drive. Branches - Answer-Branches in Git allow you to work on specific features independently, without touching the code in master. Break - Answer-Using a keyword allows us to immediately break out of a loop without executing any more code inside it, or requiring us to check the condition. Breaking Encryption - Answer-The first method is to find a flaw in the encryption algorithm. The other way to break encryption is to guess the encryption key that was used. Buffer Overflows 1 - Answer-A buffer overflow comes when the user can input something into the program. Buffer Overflows 2 - Answer-Code and data are just data, it depends on whether something reads them or executes them. This interpretation can be abused. EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024. Page 8/84 Buffer Overflows 3 - Answer-Mitigations have been built in to the OS given the frequency of buffer overflow mistakes. They are not a silver bullet but reduce exploitability. Buses - Answer-Physical connections between the components that connect to the motherboard. Allows the components to communicate with each other. Bypassing UAC - Answer-The easiest way to bypass UAC is simply to ask the user for permission. C - Answer-C isn't strictly a low-level programming language, but it's close. C - Answer-C is a fairly low-level programming language, it was created in 1972, and it was based on a programming language called B. Caching - Answer-If a name server makes a query and discovers the IP address a domain points to, it can cache the result for a time. Future requests for that domain will use the saved value, to save from the name server having to make the reque