GFACT Certification Exam 160 Questions Complete with Correct Answers Update Graded A+++

GFACT Certification Exam 160 Questions

Complete with Correct Answers 2023-

2024 Update Graded A+++

Which command string will display information about the "kirk: user on a

Windows system?

A) net user kirk

B) netsh user kirk

C) net /info kirk

D) netsh /info kirk

net user kirk

What does it mean when a computer program is "multi-threaded"?

A) It calls multiple external libraries

B) It has multiple serial number for different users

C) It can run multiple chunks of code concurrently

D) It has multiple functions defined in the program

It can run multiple chunks of code concurrently

What is Pretexting?

A) The metadata that is created before the text is sent

B) Where you pretend to be someone else over email or phone

C) None of the above

D) Where you are the person you are trying to pretend to be over the phone or

email

Where you pretend to be someone else over email or phone

A security analyst tells an investigator that they know a specific employee sent a

message leaking proprietary information because of the type of encryption used by

that employee to protect it. What feature of encryption provides the analyst with

this certainty that this employee sent the message?

A) Non-repudiation

B) Confidentiality

C) Integrity

D) Availability

Non-repudiation

Which of the following risk areas are targeted by DDoS attacks?

A) Confidentiality

B) Integrity

C) Encryption

D) Availability

Availability

Which component of Docker builds, runs, and delivers containers?

A) Daemon

B) Image

C) Hub

D) Client

Daemon

If malicious software (malware) infects a computer, at which level does it require

the most effort to detect and remove?

A) Kernel

B) System libraries

C) Application code

D) Local user file

Kernel

Which of the following is a common result of a reflected cross-site scripting

attack?

A) Tricking a user into making an authenticated transaction

B) Sending a website user's session cookie to an attacker

C) Embedding the attacker's malware in web application source code

D) Stealing password hashes from a website's back end database

Sending a website user's session cookie to an attacker

What tool can be used to fingerprint the operating system of a host?

A)netstat

B)dig

C)nslookup

D)nmap

Nmap

What type of vulnerability is illustrated where there is code in the web page?

A) File Inclusion

B) Clickjacking

C) Cross-Site Scripting

D) SQL injection

File Inclusion

An alert indicates that a compromised host was used by an attacker to run the

command below. What was the attacker attempting to do?

$ nmap -sS 192.168.10.0/24

A) Map a network drive to a remote host

B) Identify services running on network hosts

C) Execute a script on a remote host

D) Send Spoofed packets to network hosts

Identify services running on network hosts

What type of artifact can a blue team member use to identify the name that is

associated to the file?

A)Metadata

B)Windows security logs

C)Prefetch

D)File Ownership

Metadata

What is

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

considered to be?

A)Domain Name

B)Log File Path

C) Registry Key

A Registry Key

If a user agent is used, where would it be found in the HTTP Protocol?

A)In the response header

B)In the response body

C)Delimited by an h1 tag

D) In a GET Request

In a GET Request

What benefit does moving from local logging to using a log server provide

organizations?

A) Enables the use of network intrusion detection systems (NIDS)

B) Harder for attackers to overwrite logs

C) Attackers will have to pivot through an extra server to infiltrate the network

D)Less complex logging infrastructure

Harder for attackers to overwrite logs

What is the only way to mitigate an integer overflow/underflow?

A) Takin the absolute value of negative results prior to running the equation

B) Checking that the result of any change to a signed integer falls within an

allowed range

C) Randomizing salt values prior to hashing user content

D) Sanitizing user input to block special characters from being entered