GIAC Certified Forensic Analyst

Here you have the best GIAC GCFA practice exam questions

  • You have 318 total questions across 64 pages (5 per page)
  • These questions were last updated on March 5, 2026
  • This site is not affiliated with or endorsed by GIAC.
Question 1 of 318
Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of
Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive documents and database files from the computer. After performing these malicious tasks, Adam finally runs the following command on the Linux command box before disconnecting. for (( i = 0;i<11;i++ )); do dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done
Which of the following actions does Adam want to perform by the above command?
Answer

Suggested Answer

The suggested answer is C.

The command Adam ran consists of a loop executing two 'dd' commands repeatedly. The first 'dd' command writes random data from /dev/random to the entire hard disk (/dev/hda), and the second 'dd' command writes zeros from /dev/zero to the same hard disk. This is a method to thoroughly wipe the contents of the hard disk by overwriting the data multiple times, making any previously stored information irrecoverable.

Community Votes

No votes yet

Join the discussion to cast yours

Question 2 of 318
Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted?
Answer

Suggested Answer

The suggested answer is A.

Trademark law protects the use of words, symbols, or logos that identify and distinguish the source of goods or services. In this situation, the employee's use of a nearly identical trademark is likely to create confusion among consumers, leading them to believe that the employee's garments are associated with the company. Therefore, the appropriate ground for prosecution is trademark law.

Community Votes

No votes yet

Join the discussion to cast yours

Question 3 of 318
You work as a Network Administrator for Perfect Solutions Inc. You install Windows 98 on a computer. By default, which of the following folders does Windows 98 setup use to keep the registry tools?
Answer

Suggested Answer

The suggested answer is B.

In Windows 98, the default folder used to keep the registry tools is the $SYSTEMROOT$WINDOWS directory. This is because, by default, the registry files like SYSTEM.DAT and USER.DAT, which store the configuration settings, are located in the Windows directory.

Community Votes1 vote
BSuggested
100%
Question 4 of 318
Which of the following tools can be used to perform tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing?
Answer

Suggested Answer

The suggested answer is D.

Cain is a versatile tool that can be used for Windows password cracking, Windows enumeration, and VoIP session sniffing. It is known for its wide range of functionalities in network security and penetration testing.

Community Votes1 vote
DSuggested
100%
Question 5 of 318
Which of the following type of file systems is not supported by Linux kernel?
Answer

Suggested Answer

The suggested answer is C.

Linux kernel supports vFAT, NTFS, and FAT32 file systems. vFAT and FAT32 are variations of the FAT file system, and Linux has built-in support for them. NTFS is supported by the Linux kernel starting from version 5.15 with the inclusion of Paragon Software’s NTFS3 driver. HFS (Hierarchical File System), on the other hand, is an older file system used primarily by Mac OS and is not supported natively by the Linux kernel.

Community Votes3 votes
CSuggested
100%

About the GIAC GCFA Certification Exam

About the Exam

The GIAC GCFA (GIAC Certified Forensic Analyst) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 318 practice questions across 64 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our GCFA questions are regularly updated to reflect the latest exam objectives.