GFACT Certification Exam Complete Questions with Correct Answers Updated 2025/2026||Already Graded!!! 100% Guaranteed Pass

GFACT Certification Exam Complete Questions with Correct Answers Updated 2025/2026||Already Graded!!! 100% Guaranteed Pass What is a hashing algorithm? A utility designed to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a file or entire disk A form of one way encryption C)Both A and B D)Answer is not supplied - ANSWER Both A and B (B3, Pg22) What is considered a good hashing encryption algorithm? MD5 SHA1 SHA2 D)None of the above - ANSWER SHA2 (B3, Pg142) What is a command injection? - ANSWER A flaw in a web application that takes advantage in how a web application process user input (B3, Pg148) What is the best way to mitigate a Command Injection? - ANSWER To program the web application without a third party entity and to sanitize the user input (B3, Pg150) What is a file inclusion attack? - ANSWER A result of adding resources on a page based on user input (B3, Pg151) What is the best way to mitigate a file inclusion attack? - ANSWER The best way to avoid being vulnerable to this attack is to avoid dynamically adding files based on user input (B3, Pg154) What is a Cross Site Scripting Attack? - ANSWER A client side attack that targets users that are browsing the site. Typically occurs in areas of the site where users input information (B3, Pg156) How do you mitigate a Cross Site Scripting Attack? - ANSWER To sanitize the user input and to use a 3rd party library and not implement your own filter (B3, Pg157) What is an SQL injection attack? - ANSWER A type of injection attack wherein the attacker exploits the web application to send unauthorized commands to a backend database server (B3, Pg158) How do you mitigate SQL? - ANSWER It is to not use an insecure method of passing queries to the database (B3, Pg162) What is a Session Guessing attack? - ANSWER Where an attacker guesses a Session Token and logs into a site under your information (B3, Pg163) What is the best way to mitigate a Session Guessing attack? - ANSWER To use truly random session tokens that expire (B3, Pg164) What is a clickjacking attack? - ANSWER Where a user can be tricked into clicking on something without realizing that they did (B3, Pg168) How do you mitigate a clickjacking attack? - ANSWER Make sure that the web server itself sends the X-Frame Options header in the HTTP response What are the three values within a X-Frame Options header in an HTTPS response? - ANSWER Deny, Same Origin, and Allow-FROM (B3, Pg169) What is a Cross Site Request Forgery (CSRF)? - ANSWER Where a user uses unauthorized commands submitted from a user that the web application trusts (B3, Pg170) How do you mitigate a Cross Site Request Forgery? Make sure every HTTP request submitting a form or any other kind of input comes from the same origin Use a Cross Site Request Forgery Token which is required by every form or input on a site Both A and B None of the above - ANSWER Both A and B (B3, Pg170-171) Where should the CSRF tokens be located in to keep a user's session from being vulnerable? - ANSWER The POST Request (B3, Pg172) What is a directory traversal attack? - ANSWER A directory traversal attack is an injection of directory code to try and navigate to a specific directory / file on a computer (B3, Pg172) What is the Directory Traversal vulnerability used for? - ANSWER To read sensitive data within the web application (B3, Pg173) What is the best way to mitigate directory traversal attack? - ANSWER It is to not use user input when making file system calls (B3, Pg175) What is a File Upload Vulnerability? - ANSWER A flaw where the user can upload an arbitrary file to the server and then visit it to execute code (B3, Pg179) What is used to test web applications? NMAP A scanner A Vulnerability Scanner Nothing - ANSWER A Vulnerability Scanner When would you go public with a vulnerability found within a business website? After a patch was released Before the patch is released, after you have discussed it with the business Before you tell the business and you go public immediately Never and use it for your own exploits - ANSWER After the patch was released (B3, Pg186) What is Integer Overflow? - ANSWER Program assumes that a value is always positive, overflow makes signed integer wrap and become negative (B3, Pg190) What is the return pointer? Where the CPU returns to after completing a function Where the CPU goes to next after completing a function Where the CPU goes to after all functions are completed Where the pointer is - ANSWER Where the CPU goes to next after completing a function (B3, Pg202) What is a stack canary? - ANSWER It is a value that sits before the return pointer of the stack. (B3, Pg202) What is Address Space Layout Randomization(ASLR)? - ANSWER A protection that involves randomizing the Memory address that a program gets loaded into each run (B3, Pg205) What is a Format String Vulnerability? - ANSWER It occurs when you run printf in C without a format string (B3, Pg208) How do you mitigate a Format String Vulnerability? - ANSWER Never use printf without a format string (B3, Pg184) What kind of vulnerability is within a FTP Service? Buffer Overflow Integer Overflow Command Injection Nothing it is completely fine - ANSWER Buffer Overflow (B3, Pg227) What is Metasploit? - ANSWER A penetration testing tool used to automatically execute exploits against targeted systems (B3, Pg215) What application is used when running Metasploit? Linux Kali Linux Command Prompt Its got its own application window - ANSWER Kali Linux Why are patch cycles important? - ANSWER To keep all organizations up to date for all technology that it uses to protect them against new and old vulnerabilities (B3, Pg234)Why is end of support for applications or technology important? - ANSWER Because you should never use applications or tech that is no longer supported from developers (B3, Pg235) What is Social Engineering? Where engineering is done publicly B)Where you trick someone into doing something for you that goes against company policy C) Where it is engineering that you can watch D) A Livestream of engineering - ANSWER Where you trick someone into doing something for you that goes against company policy (B3, Pg236) What is Pretexting? The metadata that is created before the text is sent Where you pretend to be someone else over email or phone None of the above Where you are the person you are trying to pretend to be over the phone or email - ANSWER Where you pretend to be someone else over email or phone (B3, Pg237) What is Phishing? An email that encourages people to click on malicious links or download malicious files Where you send out emails to attackers in hopes one clicks on it to report to local police A great outdoor sport None of the above - ANSWER An email that encourages people to click on malicious links or download malicious files (B3, Pg237) What is Spear Phishing? A phishing attack but you have a specific target in mind for the attack Where you go phishing but with a spear instead of a normal bait and hook Where you target a specific attacker with an email or file in hopes they tag it None of the above - ANSWER A phishing attack but you have a specific target in mind for the attack (B3, Pg237) Where do phishing attacks normally strike the most? - ANSWER A legal dept, HR, and the accounting dept (B3, Pg238) What is a Word Macro? - ANSWER A word doc that can host malware (B3, Pg241) What is a Drive By Download attack? Where the attacker compromises a site that their target visits often and installs malware Where the attacker takes over a session in progress from a user Where the attacker drives by the user's house and downloads their files off their local internet None of the above - ANSWER Where the attacker compromises a site that their target visits often and installs malware (B3, Pg246) What is a Credential Harvesting Attack? An attack that relies on an attacker cloning a site and hosting it to have a user logging into and stealing their credentials Where an attacker uses social engineering to view a person's password and username Where the attacker collects and sells usernames on the Dark Web None of the Above - ANSWER An attack that relies on an attacker cloning a site and hosting it to have a user logging into and stealing their credentials (B3, Pg249) What is "CEO Fraud"? How does it work? - ANSWER Posing as a figure higher up in order to get an employee to perform wire transfers via electronic communication What is Privilege Escalation? Where you gain the highest level of access within a system Where you gain a higher privilege in life Where you escalate privilege of a user to meet their needs for work None of the above - ANSWER Where you gain the highest level of access within a system What are some of the ways to perform privilege escalation? Exploiting Services Exploiting the Kernel SUID Files All of the above - ANSWER All of the above (B3, Pg261) What is a Wildcard injection? Where you take advantage of a code but supplementing Wildcards within code Where you use wild cards to help run the command in question Where you use a parameter to run code in a command prompt None of the above - ANSWER Where you take advantage of a code but supplementing Wildcards within the code What is the difference between "sudo" and "su"? There is no difference Sudo is allowed by the admin to run a command while su is to become the admin Su is allowed by the admin to run a command while sudo is to become the admin Sudo is more used in Linux while su is a Kali Linux command - ANSWER Sudo is allowed by the admin to run a command while su is to become the admin (B3, Pg272) What is the highest level of privileges on a Windows machine? Admin User SYSTEM Root - ANSWER SYSTEM (B3, Pg274) What is considered the easiest way to bypass UAC? (User Access Control) To ask the administrator for the permissions To Privilege escalate your user account To become the SYSTEM User None of the above - ANSWER To ask the administrator for the permissions (B1, Pg270) Which packet type is used when a graceful TCP Teardown fails? FIN RST EXIT ACK/FIN - ANSWER RST (B3, Pg135) Which of the following is a likely source of logs for HTTP network traffic data? Layer 2 switch Firewall DNS Server Active Directory Server - ANSWER Firewall (B2, Pg275) Which of the following is a Windows Database of settings for both the operating system and applications? Group Policy User Access Control PowerShell Registry - ANSWER Registry (B3, Pg86-87) A Red Team would use the following command for which purposes? # nmap -vv -sS -p- 10.10.1.1 Identifying open ports that could be used to compromise a host Determining updates needed for the host's asset inventory record Identifying unauthorized open ports to disable on the host Determining version information for services running on the host - ANSWER Identifying open ports that could be used to compromise a host (B1, Pg107) What is the software or firmware platform that hosts a virtual machine called? Guest System Hypervisor Container Operating System - ANSWER Hypervisor (B1, Pg140) Which of the following Linux permissions would allow the owner of a file to read, write, and execute a file while allowing everyone else to read and execute? A)755 B)700 C)644 D)411 - ANSWER 755 (B3, Pg305) In Linux which command will show the mode that the operating system is currently running under? runlevel chkconfig uname systemctl - ANSWER runlevel (B3, Pg21) What feature of HTTPS encryption solves the trust problem in the asymmetric key exchange? The Website's SSL certificate Each visitor providing the same public key Each visitor providing the same private key Unique session IDs - ANSWER The Website's SSL certificate Which of the following can cause a permissions issue on an Apache web server? Setting ownership of /var/www to the www-data user and www-data group Setting file permissions to 644 on the website Setting directory permissions to 755 on the web site Adding www-data user to the server's administrator group - ANSWER Adding www-data user to the server's administrator group (B3, Pg264-265) What file attribute is the penetration tester looking to find using the command below? find / -per -2000 -user root -type f -print 2>/dev/null A)SGID set B)SUID set C) Sticky bit set D) World writable - ANSWER SGID set (B1, Pg300) What protocol is this computer set to use to obtain an IP Address? ICMP B)RDP C)DNS D)IPSec E)DHCP - ANSWER DHCP How does the default setting for User Account Control improve Windows Security? Notifies users of software installation B)Notifies users of changes to system settings C) Approves security significant system changes D) Denies software installation - ANSWER Notifies users of software installation (B3, Pg264) What file attribute is the penetration tester looking to find using the command below? find / -perm -4000 -user root -type f -print 2>/dev/null SUID set SGID set World writable Sticky bit set - ANSWER SUID set (B2, Pg11-12) Code management platforms use pull requests for which purpose? Requesting access to a public repository Pulling main code into a branch Real-Time change tracking in a branch Integrating a branch into the main code - ANSWER Integrating a branch into the main code An administrator types the following command: fileserver2network_toolssoftware$ What are they trying to access? A remote Registry Key A website uniform resource locator A local drive mapping A hidden share on a remote host - ANSWER A hidden share on a remote host (B2, Pg122) What does it mean when a computer program is "multi-threaded"? It calls multiple external libraries It has multiple serial number for different users It can run multiple chunks of code concurrently It has multiple functions defined in the program - ANSWER It can run multiple chunks of code concurrently (B3, Pg162) Which of the following is a common result of a reflected cross-site scripting attack? A)Tricking a user into making an authenticated transaction B)Sending a website user's session cookie to an attacker C) Embedding the attacker's malware in web application source code D) Stealing password hashes from a website's back end database *HINT* It may be under the session guessing section, but if you read further into it, you will see where it mentions XSS attack. - ANSWER Sending a website user's session cookie to an attacker (B3, Pg90) What tool can be used to fingerprint the operating system of a host? A)netstat B)dig C)nslookup D)nmap - ANSWER Nmap (B3, Pg151) What type of vulnerability is illustrated where there is code in the web page? A)File Inclusion B) Clickjacking C)Cross-Site Scripting D) SQL injection *HINT* While it doesn't exactly say "code in the web page", it mentions how you can sometimes view a page that looks like PHP code and how that code can gain you access to the access logs of the server. - ANSWER File Inclusion (B3, Pg88-89) An alert indicates that a compromised host was used by an attacker to run the command below. What was the attacker attempting to do? $ nmap -sS 192.168.10.0/24 A)Map a network drive to a remote host B)Identify services running on network hosts C)Execute a script on a remote host D)Send Spoofed packets to network hosts - ANSWER Identify services running on network hosts What type of artifact can a blue team member use to identify the name that is associated to the file? A)Metadata B)Windows security logs C)Prefetch D)File Ownership - ANSWER Metadata (B3, Pg307-308) What is HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun considered to be? A)Domain Name B)Log File Path C) Registry Key D) Yo Mama's Number - ANSWER A Registry Key (B1, Pg236) If a user agent is used, where would it be found in the HTTP Protocol? A)In the response header B)In the response body C)Delimited by an h1 tag D) In a GET Request - ANSWER In a GET Request What benefit does moving from local logging to using a log server provide organizations? Enables the use of network intrusion detection systems (NIDS) Harder for attackers to overwrite logs Attackers will have to pivot through an extra server to infiltrate the network D)Less complex logging infrastructure - ANSWER Harder for attackers to overwrite logs (B3, Pg187) What is the only way to mitigate an integer overflow/underflow? Takin the absolute value of negative results prior to running the equation Checking that the result of any change to a signed integer falls within an allowed range Randomizing salt values prior to hashing user content Sanitizing user input to block special characters from being entered - ANSWER Checking that the result of any change to a signed integer falls within an allowed range (B2, Pg17) Which Variable name will cause Python to produce an error? A)2nd_phone_number B)LASTNAM_ C)streetAddress D)_firstname