GIAC Certified Forensics Analyst - GCFA Exam Practice Test

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

Which of the following statements best describes the consequences of the disaster recovery plan test?

Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?

Sandra wants to create a full system state backup of her computer, which is running on Microsoft Windows XP operating system. Which of the following is saved in full state system backup?
Each correct answer represents a complete solution. Choose all that apply.

Which of the following directories cannot be placed out of the root filesystem?
Each correct answer represents a complete solution. Choose all that apply.

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He is working on the Linux operating system. He wants to sniff the we-are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?

Which of the following hardware devices prevents broadcasts from crossing over subnets?

Which of the following types of firewall ensures that the packets are part of the established session?