最新的GIAC Information Security認證 GCFE考試題庫

問題1

Which of the following browser artifacts can help identify the websites visited by a user?

A. Places.sqlite

B. Security certificates

C. Firewall settings

D. Network configuration files

正確答案: A

問題2

How can the analysis of browser sync data aid in forensic investigations?

A. It can reveal user preferences across devices.

B. It includes information about system errors.

C. It shows changes in system security settings.

D. It provides data about external media connected.

正確答案: A

問題3

How do forensic analysts use the information from 'system snapshots' in their investigations?

A. They monitor the performance of hardware components.

B. They log the installation of mobile apps.

C. They provide a backup of user emails.

D. They provide a historical view of the system, which can be useful for identifying changes made over time, including malware installation or unauthorized modifications.

正確答案: D

問題4

Why is live data acquisition important in some forensic investigations?

A. It captures volatile data like RAM contents, which can be lost on shutdown

B. It speeds up the forensic imaging process

C. It helps recover data after a system crash

D. It logs hardware changes

正確答案: A

問題5

Which artifacts are essential for identifying URLs that were typed manually by a user during a browsing session? (Choose Two)

A. Cache files

B. System log files

C. Form history

D. Autocomplete files

正確答案: C,D

問題6

Which event log would be most useful for understanding application failures or crashes? (Choose Two)

A. Application log

B. Setup log

C. System log

D. Forwarded Events log

正確答案: A,C

問題7

What role do 'system snapshots' play in forensic analysis of file activities?

A. They track changes in user interface themes.

B. They detail the network security protocols in use.

C. They provide a historical view of the system at various points, helping to identify changes over time.

D. They log user login attempts and durations.

正確答案: C

問題8

You are tasked with collecting evidence from a running system suspected of being involved in a cyberattack. Which steps should you prioritize to preserve volatile data while ensuring data integrity? (Choose three)

A. Use a write blocker when imaging hard drives

B. Defragment the hard drive for better performance

C. Capture RAM contents using a live acquisition tool

D. Document the chain of custody for all collected evidence

E. Shutdown the system to avoid further changes

正確答案: A,C,D

問題9

A forensic investigator is analyzing a Windows system suspected of containing malware. The user claims they did not install any suspicious programs. Which artifacts would you analyze to confirm or refute this claim? (Choose three)

A. Master File Table (MFT)

B. Application error logs

C. Recycle Bin contents

D. Prefetch files

E. System log

正確答案: A,B,D

問題10

During a forensic investigation, you need to reconstruct a user's browsing history from Firefox.
The user is suspected of accessing unauthorized sites, but they have cleared their history. Which artifacts would you examine to retrieve evidence of their browsing activities? (Choose three)

A. Places.sqlite

B. Cache files

C. Prefs.js

D. Cookies.sqlite

E. Form history

正確答案: A,B,E

問題11

What is the significance of analyzing prefetch files during forensic investigations on Windows systems?

A. To monitor USB device connections

B. To identify recently executed programs

C. To detect changes in user permissions

D. To track network activity

正確答案: B

問題12

What type of information does the analysis of Flash cookies (LSOs) typically yield in browser forensics?

A. Data about downloaded files

B. Hardware configuration

C. User settings and preferences on various websites

D. Security certificates used

正確答案: C

問題13

What type of information does the analysis of API call logs from cloud storage providers typically yield?

A. Logs of user-generated system errors

B. Data on file access requests and changes made via applications

C. Information on hardware configurations used

D. Details about user interface customizations

正確答案: B

問題14

What does analyzing the 'registry hives' reveal in the context of system analysis?

A. It tracks the installation of network adapters.

B. It details the frequency of password changes.

C. It logs user interactions with cloud storage services.

D. It provides insights into user configurations and installed software, which can be crucial in understanding system usage patterns.

正確答案: D

最新的GIAC Forensics Examiner Practice Test - GCFE免費考試真題

最新更新

站內鏈接

聯系我們