Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home GIAC GASF

GIAC GASF Exam Practice Questions (P. 2)

  • Full Access (71 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #6
An analyst investigating a Nokia S60 Symbian device wants to know if an Adobe Flash file on the handset is compromised. Which file in the image will best target the Adobe Flash files?

  1. A
    FLASHLITE.sis
  2. B
    flashliteplugin.r03
  3. C
    saflash.r01
  4. D
    OnlinePrint.sis

Correct Answer:
A
A sis.file is the package that Symbian uses to install applications on their OS compatible handsets. Knowing that you are investigating an application that is installed on the handset, first narrowing the files down to installer packages, or *.sis files, is a good starting point. Flash is an Adobe product making the most logical of the two remaining* .sis files for review, the FLASHLITE installer package. There are several other files related to "Flash" but as resource files, they provide supporting documentation and will not contain the .app file or code that was possibly malicious.

Question #7
As part of your analysis of a legacy BlackBerry device, you examine the installed applications list and it appears that no third-party applications were installed on the device. Which other file may provide you with additional information on applications that were accessed with the handset?
  1. A
    BlackBerry NV Items
  2. B
    Content Store
  3. C
    Event logs
  4. D
    BBThumbs.dat

Correct Answer:
C
Analyzing both the Event Logs (which are accessible in Oxygen Forensic Suite) and/or the Installed Applications (which is a feature available in
Cellebrite Physical Analyzer) may lead you to additional data. If applications of interest were located in the Event Logs, a Keyword Search across the media may reveal more data related to the application.

Question #8
Which artifact must be carved out manually when examining a file system acquisition of an Android device?
  1. A
    Deleted images
  2. B
    Contacts
  3. C
    SMS messages
  4. D
    Phone numbers

Correct Answer:
C

Question #9
When conducting forensic analysis of an associated media card, one would most often expect to find this particular file system format?
  1. A
    HFS
  2. B
    NTFS
  3. C
    Yaffs2
  4. D
    FAT

Correct Answer:
D

Question #10
Cellebrite Physical Analyzer uses Bit Defender to scan for malware by flagging files who have known bad hash values. This is an example of which type of mobile malware detection?
  1. A
    Specific-based malware detection
  2. B
    Signature-based detection
  3. C
    Behavioral-based detection
  4. D
    Cloud based malware detection

Correct Answer:
B
Reference:
https://security.stackexchange.com/questions/95186/what-is-the-precise-difference-between-a-signature-based-vs-behavior-based-antiv

Previous Questions Next Questions

All Pages