GFACT CERTIFICATION EXAM LATEST VERSION 2024-2025 ACTUAL
EXAM COMPLETE QUESTIONS AND CORRECT DETAILED ANSWERS
Study online at https://quizlet.com/_fphxha
(B2, Pg122) What does it mean when a
computer program is "multi-threaded"?
A) It calls multiple external libraries
B) It has multiple serial number for differ- It can run multiple chunks of code con-
ent users currently
C) It can run multiple chunks of code
concurrently
D) It has multiple functions defined in the
program
(B3, Pg162) Which of the following is a
common result of a reflected cross-site
scripting attack?
A)Tricking a user into making an authen-
ticated transaction
B)Sending a website user's session
cookie to an attacker
Sending a website user's session cookie
C) Embedding the attacker's malware in
to an attacker
web application source code
D) Stealing password hashes from a
website's back end database
*HINT* It may be under the session
guessing section, but if you read further
into it, you will see where it mentions
XSS attack.
(B3, Pg90) What tool can be used to fin-
gerprint the operating system of a host?
A)netstat Nmap
B)dig
C)nslookup
D)nmap
(B3, Pg151) What type of vulnerability is
illustrated where there is code in the web
page?
, GFACT CERTIFICATION EXAM LATEST VERSION 2024-2025 ACTUAL
EXAM COMPLETE QUESTIONS AND CORRECT DETAILED ANSWERS
Study online at https://quizlet.com/_fphxha
A)File Inclusion
B) Clickjacking
C)Cross-Site Scripting
D) SQL injection
File Inclusion
*HINT* While it doesn't exactly say "code
in the web page", it mentions how you
can sometimes view a page that looks
like PHP code and how that code can
gain you access to the access logs of the
server.
(B3, Pg88-89) An alert indicates that a
compromised host was used by an at-
tacker to run the command below. What
was the attacker attempting to do?
$ nmap -sS 192.168.10.0/24
Identify services running on network
hosts
A)Map a network drive to a remote host
B)Identify services running on network
hosts
C)Execute a script on a remote host
D)Send Spoofed packets to network
hosts
What type of artifact can a blue team
member use to identify the name that is
associated to the file?
Metadata
A)Metadata
B)Windows security logs
C)Prefetch
D)File Ownership
(B3, Pg307-308) What is
HKEY_LOCAL_MACHINE\Software\Mi-
crosoft\Windows\CurrentVersion\Run A Registry Key
considered to be?
, GFACT CERTIFICATION EXAM LATEST VERSION 2024-2025 ACTUAL
EXAM COMPLETE QUESTIONS AND CORRECT DETAILED ANSWERS
Study online at https://quizlet.com/_fphxha
A)Domain Name
B)Log File Path
C) Registry Key
D) Yo Mama's Number
(B1, Pg236) If a user agent is used,
where would it be found in the HTTP
Protocol?
In a GET Request
A)In the response header
B)In the response body
C)Delimited by an h1 tag
D) In a GET Request
What benefit does moving from local log-
ging to using a log server provide orga-
nizations?
A) Enables the use of network intrusion
Harder for attackers to overwrite logs
detection systems (NIDS)
B) Harder for attackers to overwrite logs
C) Attackers will have to pivot through an
extra server to infiltrate the network
D)Less complex logging infrastructure
(B3, Pg187) What is the only way to mit-
igate an integer overflow/underflow?
A) Takin the absolute value of negative
results prior to running the equation
Checking that the result of any change to
B) Checking that the result of any change
a signed integer falls within an allowed
to a signed integer falls within an allowed
range
range
C) Randomizing salt values prior to
hashing user content
D) Sanitizing user input to block special
characters from being entered
(B2, Pg17) Which Variable name will
cause Python to produce an error?
, GFACT CERTIFICATION EXAM LATEST VERSION 2024-2025 ACTUAL
EXAM COMPLETE QUESTIONS AND CORRECT DETAILED ANSWERS
Study online at https://quizlet.com/_fphxha
A)2nd_phone_number
B)LASTNAM_
C)streetAddress
D)_firstname
2nd_phone_number
*HINT* You can start a variable name
with a letter or an underscore, but NOT
WITH A NUMBER!
What is the following command attempt-
ing to accomplish in Kali Linux?
dnsmap myfakedomain.local -w
/usr/share/wordlists/dnsmap.txt
Search for subdomains based upon the
A)Search for subdomains based upon
wordlist provided
the wordlist provided
B) Check for users based on the wordlist
provided
C)Run checks on the applications based
on the wordlist provided
D)Call yo mama
(B3, Pg121) How do you remove data
from a Solid State Drive?
A) Destroy it Destroy it
B) Place Magnets upon it
C) Snap it
D) Yo mama sit on it
(B3, Pg56) Where are the wordlists locat-
ed in Kali?
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller ProLabs. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $24.99. You're not tied to anything after your purchase.
