Oxford Cambridge and RSA
End Term Exam
GFACT Certification Exam 2025 | COMPLETE EXAM
QUESTIONS & VERIFIED ANSWERS | 100% SOLVED |
REAL TESTED QUESTIONS
Time allowed:
A+
* J 2 5 7 0 1 *
INSTRUCTIONS
• Write your answer to each question in the space provided. If you need extra space
use the lined pages at the end of this booklet. The question numbers must be clearly
shown.
• Answer all the questions.
• Where appropriate, your answer should be supported with working. Marks might
be given for using a correct method, even if your answer is wrong.
ADVICE
• Read each question carefully before you start your answer.
© OCR 2025 [UTYYTEXAM] DC NSIGHTPAPERS)
Turn over
,Which of the following services would be a target for privilege escalation?
1: Microsoft Office Click-to-Run Service
"C:\Program Files\Common Files\ Microsoft Shared\ClickToRun\OfficeClickToRun.exe"
2: CodeMeter Runtime Server
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
3: TP AutoConnect Service
"C:\Program Files\VMWare\VMware Tools\TPAutoConnsvc.exe" Manual
A) Microsoft Office Click To Run Service
B) CodeMeter Runtime Server
C) TP AutoConnect Service
D) Yo Mama - ✔✔CodeMeter Runtime Server
In both the TCP handshake and teardown, the ACK number increases by one. How much data is being sent?
A) Zero bytes
B) Two bytes
C) One byte
D) Three bytes - ✔✔Zero bytes
(B1, Pg340-341) What can an Apache server administrator do to prevent version information from leaking?
A) Run Apache as a non-root user
B) Enable HTTPS
C) Set permission on /var/www/html to 700
D) Disable the banner - ✔✔Disable the banner
(B2, Pg351) When debugging a program with pwngdb what is the significance of the s in x/s 0x80484ef command shown
in the command below:
,pwndbg> x/s 0x80484ef
0x80484ef <main+4>:
A) Tells the command to step into the address 0x80484ef
B) Identifies the output format for data at address 0x80484ef
C) Tells the command to stop after the address 0x80484ef
D) Identifies the next breakpoint is address 0x80484ef
*HINT* For debugging with pwngdb, x = hexadecimal, s = string - ✔✔Identifies the output format for data at address
ox80484ef
(B2, Pg11) What is it called when a user makes a change to the master code in a Git repository?
A) Pull
B) Clone
C) Branch
D) Commit - ✔✔Commit
(B3, Pg168) A GIAC administrator has configured their company's web server to send an X -Frame-Options header in
every request to an HTTP page. The admin has configured the option to use the values DENY,SAMEORGIN, or ALLOW-
FROM.
What attack is the administrator addressing with the techniques described above?
A) SQL injection
B) Cross-Site request forgery
C) Cross-Site scripting
D) Directory traversal
E) Clickjacking - ✔✔Clickjacking
(B3, Pg158) How do prepared statements help prevent SQL injection attacks?
A) Query parameters are sent in the body of a POST request
B) Queries are appended with an authorization token
, C) Query language is kept separate from user supplied data
D) Queries submitted by users are HTML entity encoded - ✔✔Query language is kept separate from user supplied data
(B1, Pg 236) If the user agent is used, where would it be found in the HTTP protocol?
A) In the response body
B)In the response header
C) Delimited by an h1 tag
D) In a GET Request - ✔✔In a GET Request
(B3, Pg170) A web application is configured to validate a unique token value for each submitted user request. What
threat is being mitigated?
A)Local file inclusion
B) Cross Site request forgery
C)Drive-By downloads
D) Command injection - ✔✔Cross Site request forgery
(B3, Pg142) Which exploit takes advantage of a web-page field that does not validate input?
A) Session hijacking
B) Command injection
C)Password cracking
D) Steganography - ✔✔Command injection
Which computer component manages ongoing access to a computer's shared RAM and drive storage resources?
A)Memory Registers
B)BIOS
C)Kernel
D)Bootloader - ✔✔Kernel
End Term Exam
GFACT Certification Exam 2025 | COMPLETE EXAM
QUESTIONS & VERIFIED ANSWERS | 100% SOLVED |
REAL TESTED QUESTIONS
Time allowed:
A+
* J 2 5 7 0 1 *
INSTRUCTIONS
• Write your answer to each question in the space provided. If you need extra space
use the lined pages at the end of this booklet. The question numbers must be clearly
shown.
• Answer all the questions.
• Where appropriate, your answer should be supported with working. Marks might
be given for using a correct method, even if your answer is wrong.
ADVICE
• Read each question carefully before you start your answer.
© OCR 2025 [UTYYTEXAM] DC NSIGHTPAPERS)
Turn over
,Which of the following services would be a target for privilege escalation?
1: Microsoft Office Click-to-Run Service
"C:\Program Files\Common Files\ Microsoft Shared\ClickToRun\OfficeClickToRun.exe"
2: CodeMeter Runtime Server
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
3: TP AutoConnect Service
"C:\Program Files\VMWare\VMware Tools\TPAutoConnsvc.exe" Manual
A) Microsoft Office Click To Run Service
B) CodeMeter Runtime Server
C) TP AutoConnect Service
D) Yo Mama - ✔✔CodeMeter Runtime Server
In both the TCP handshake and teardown, the ACK number increases by one. How much data is being sent?
A) Zero bytes
B) Two bytes
C) One byte
D) Three bytes - ✔✔Zero bytes
(B1, Pg340-341) What can an Apache server administrator do to prevent version information from leaking?
A) Run Apache as a non-root user
B) Enable HTTPS
C) Set permission on /var/www/html to 700
D) Disable the banner - ✔✔Disable the banner
(B2, Pg351) When debugging a program with pwngdb what is the significance of the s in x/s 0x80484ef command shown
in the command below:
,pwndbg> x/s 0x80484ef
0x80484ef <main+4>:
A) Tells the command to step into the address 0x80484ef
B) Identifies the output format for data at address 0x80484ef
C) Tells the command to stop after the address 0x80484ef
D) Identifies the next breakpoint is address 0x80484ef
*HINT* For debugging with pwngdb, x = hexadecimal, s = string - ✔✔Identifies the output format for data at address
ox80484ef
(B2, Pg11) What is it called when a user makes a change to the master code in a Git repository?
A) Pull
B) Clone
C) Branch
D) Commit - ✔✔Commit
(B3, Pg168) A GIAC administrator has configured their company's web server to send an X -Frame-Options header in
every request to an HTTP page. The admin has configured the option to use the values DENY,SAMEORGIN, or ALLOW-
FROM.
What attack is the administrator addressing with the techniques described above?
A) SQL injection
B) Cross-Site request forgery
C) Cross-Site scripting
D) Directory traversal
E) Clickjacking - ✔✔Clickjacking
(B3, Pg158) How do prepared statements help prevent SQL injection attacks?
A) Query parameters are sent in the body of a POST request
B) Queries are appended with an authorization token
, C) Query language is kept separate from user supplied data
D) Queries submitted by users are HTML entity encoded - ✔✔Query language is kept separate from user supplied data
(B1, Pg 236) If the user agent is used, where would it be found in the HTTP protocol?
A) In the response body
B)In the response header
C) Delimited by an h1 tag
D) In a GET Request - ✔✔In a GET Request
(B3, Pg170) A web application is configured to validate a unique token value for each submitted user request. What
threat is being mitigated?
A)Local file inclusion
B) Cross Site request forgery
C)Drive-By downloads
D) Command injection - ✔✔Cross Site request forgery
(B3, Pg142) Which exploit takes advantage of a web-page field that does not validate input?
A) Session hijacking
B) Command injection
C)Password cracking
D) Steganography - ✔✔Command injection
Which computer component manages ongoing access to a computer's shared RAM and drive storage resources?
A)Memory Registers
B)BIOS
C)Kernel
D)Bootloader - ✔✔Kernel
