Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home GIAC GASF

GIAC GASF Exam Practice Questions (P. 5)

  • Full Access (71 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
Which of the following can most forensics tools crack on an iOS device?
  1. A
    Touch (fingerprint) ID
  2. B
    Simple passcode
  3. C
    Passphrase

Correct Answer:
B

Question #22
Which cloud based system can be utilized by Android owners to backup user data?
  1. A
    Amazon Web Services (AWS)
  2. B
    Samsung Kies
  3. C
    Android Device Manager
  4. D
    Google

Correct Answer:
D
Reference:
https://developer.android.com/guide/topics/data/backup.html

Question #23
Analyze the two tables (Albums and Photos) provided from the Facebook database on an Android device located at the path: /data/data/com.facebook.katana/ databases/fb.db.
Which photo was added to Facebook by the user of the device?

  1. A
    106716779501997_1073741827
  2. B
    100003042564055_1073741835
  3. C
    100005241790123_1073741832
  4. D
    100006274086300_1073741835

Correct Answer:
D
Examination of the first table shows user activity related to Cover photos. Mobile uploads and Profile pictures leading to the conclusion that user
100006274086300, is the owner of the device. In the second table, examine the pictures IDs resident in the database. Only one photo shares the Facebook ID that matches the ID of the assumed device owner.

Question #24
Which file will indicate if Siri was active on an iOS device?
  1. A
    private/var/Library/Preferences/com.apple.suggestions.plist
  2. B
    private/var/Library/SpringBoard/PushStore/com.apple.reminders.pushstore
  3. C
    private/var/Library/Preferences/com.apple.SpeakSelection.plist
  4. D
    private/var/Library/Preferences/com.apple.SiriViewService.plist

Correct Answer:
B
The first step in searching for traces of Siri use should be to validate if the user was using Siri. To do this, simply search for iSiri in the tool or navigate to Library/Prefernces/com.apple.SiriViewService.plist. If active, this status will be reflected in the plist file as "StatusActive." Siri stores information in the common files related to each task (calendar.sqlitedb, call_history.db, etc.)

Question #25
Which of the following is one potential risk of using the ALWAYS OFF rule for handling cell phones?
  1. A
    Overwriting data
  2. B
    Engaging password or PIN protection mechanism
  3. C
    Destruction of call logs and cell tower information
  4. D
    Improper handling by the user

Correct Answer:
A

Previous Questions Next Questions

All Pages