GFACT Review Exam 2024| GFACT Exam Update 2024 -2025 Questions and Correct Answers Rated A+ How is integer overflow/underflow mitigated? -ANSWER -Checking that the result of any change to a signed integer falls within an allowed range. In which file are password hashes stored on a modern Linux system? -ANSWER -/ect/shadow Which of the following is a network load balancer function? -
ANSWER -Load balancers are a service that distribute traffic evenly across multiple containers or instances. A CDN distributes content based on location. A reverse proxy forwards requests to backend hosts. A container service such as ECS manages and scales containers to meet demand. Network Load Balancer -ANSWER -Used to route TCP or UDP traffic. Application Load Balancer -ANSWER -Used to route HTTP or HTTPS What can an Apache server administrator do to prevent version information from leaking? A) Run Apache as a non -root user B) En able HTTPS C) Set permission on /var/www/html to 700 D) Disable the banner -ANSWER -Disable the Banner Depending on the webserver, Apache or Nginx will output their version number and some basic configuration information. For example, in Apache this is cal led the 'signature'. This information can be valuable to attackers as it can leak what the specified version is running on the server. This specified version may be vulnerable to a specific exploit. What can be inferred from the following Linux terminal c ommand? bobuser@ubuntu: ~$ sudo cat /ect/passwd -ANSWER -A normal account is attempting to view contents of a file with root privileges What is the process of preserving and evaluating electronic data in order to reconstruct prior events? -ANSWER -Digital Forensics Which computer component manages ongoing access to a computer's shared RAM and drive storage resources? -ANSWER -Kernel The K ernel is responsible for loading programs, handling input and output between peripherals, and managing access to the computers shared hardware resources Which of the following describes the files store under /etc folder in Linux? -ANSWER -Configuration Dat a Which of the following programming languages is commonly used for website development? -ANSWER -JavaScript Other languages used for website: PHP Python JAVA Perl ASP Ruby Go What is found at the bottom of a stack frame when a function is called? -ANSWE R-Return Pointer During which stage of incident response might a mass password reset for every account on the network be performed? -ANSWER -Recovery Which assembly register keeps track of the next instruction code to execute? -ANSWER -EIP What type of at tack is being attempted with the below URL? http://www.theforce.org/view.php?page=%2e%2e%2f%2e%2e%2fpro
c/mounts -ANSWER -Directory Traversal The URL is attempting to naviagate to ../../../proc/mounts which is a Directory Traversal attack. This takes advantage of a flaw which allows an attacker to move outside the normal path. Which feature or a CPU enables it to offer the user access to multip le applications at the same time, even while executing a single instruction at a time. -ANSWER -Context Switching Allows a single processor to appear to perform several processes at once. The clock speed and ALU type are irrelevant and the number of cores allows multiple instruction to be executed at a time Function of Linux command: uname -a -ANSWER -Used to determine the kernel version of the local operating system. Function of C command: gcc -ANSWER -Used to compile C code Function of Linux command: chkc onfig -ANSWER -Used to view and manipulate services Function of Linux command: runlevel -ANSWER -change the current run level in Linux How does DKIM reduce email spoofing? -ANSWER -Receiver validates signature using sender's public key On a Windows server, where can a system admin access potential troubleshooting logs? -ANSWER -Event viewer When a new file is created on a Windows system, how are permissions determined? -ANSWER -Permissions are inherited from the parent folder A Blue Team has disabled unauth orized DNS zone transfers on the organizations DNS servers. What method should a Red Team use to identify valid subdomain? -ANSWER -Run an enumeration tool with a wordlist against the server. If you cant do a DNS zone transfer, which you usually cant, the next best thing is to try to enumerate DNS records using a wordlist. Ex. DNSMap What file attributes is the penetration tester looking to find using the command below?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller paulynmugo. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $23.59. You're not tied to anything after your purchase.