GIAC Certified Forensic Analyst

Here you have the best GIAC GCFA practice exam questions

  • You have 318 total questions to study from
  • Each page has 5 questions, making a total of 64 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on October 19, 2025
  • This site is not affiliated with or endorsed by GIAC.
Question 1 of 318
Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of
Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive documents and database files from the computer. After performing these malicious tasks, Adam finally runs the following command on the Linux command box before disconnecting. for (( i = 0;i<11;i++ )); do dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done
Which of the following actions does Adam want to perform by the above command?
    Correct Answer: C

    The command Adam ran consists of a loop executing two 'dd' commands repeatedly. The first 'dd' command writes random data from /dev/random to the entire hard disk (/dev/hda), and the second 'dd' command writes zeros from /dev/zero to the same hard disk. This is a method to thoroughly wipe the contents of the hard disk by overwriting the data multiple times, making any previously stored information irrecoverable.

Question 2 of 318
Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted?
    Correct Answer: A

    Trademark law protects the use of words, symbols, or logos that identify and distinguish the source of goods or services. In this situation, the employee's use of a nearly identical trademark is likely to create confusion among consumers, leading them to believe that the employee's garments are associated with the company. Therefore, the appropriate ground for prosecution is trademark law.

Question 3 of 318
You work as a Network Administrator for Perfect Solutions Inc. You install Windows 98 on a computer. By default, which of the following folders does Windows 98 setup use to keep the registry tools?
    Correct Answer: B

    In Windows 98, the default folder used to keep the registry tools is the $SYSTEMROOT$WINDOWS directory. This is because, by default, the registry files like SYSTEM.DAT and USER.DAT, which store the configuration settings, are located in the Windows directory.

Question 4 of 318
Which of the following tools can be used to perform tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing?
    Correct Answer: D

    Cain is a versatile tool that can be used for Windows password cracking, Windows enumeration, and VoIP session sniffing. It is known for its wide range of functionalities in network security and penetration testing.

Question 5 of 318
Which of the following type of file systems is not supported by Linux kernel?
    Correct Answer: C

    Linux kernel supports vFAT, NTFS, and FAT32 file systems. vFAT and FAT32 are variations of the FAT file system, and Linux has built-in support for them. NTFS is supported by the Linux kernel starting from version 5.15 with the inclusion of Paragon Software’s NTFS3 driver. HFS (Hierarchical File System), on the other hand, is an older file system used primarily by Mac OS and is not supported natively by the Linux kernel.