Download GFACT CERTIFICATION EXAM NEWEST EXAM 2025 | ALL QUESTIONS AND CORRECT ANSWERS | VERIFIED and more Exams Programming Languages in PDF only on Docsity!
GFACT CERTIFICATION EXAM NEWEST EXAM 2025 |
ALL QUESTIONS AND CORRECT ANSWERS |
VERIFIED ANSWERS | LATEST VERSION | ALREADY
GRADED A+
If you run the command "Python" on a Linux system where it is installed, what will happen? A)Python will list all currently installed libraries and modules B) The computer will run Python in the background upon reboot C) The operating system will prompt you for a Python code file to open D) An interactive console will open for writing simple Python code --------- CORRECT ANSWER-----------------An interactive console will open for writing simple Python code A Web application is configured to validate a unique token value for each submitted user request. What threat is being mitigated? A) Local file inclusion B) Cross site request forgery C) Drive-by downloads D) Command injection ---------CORRECT ANSWER-----------------Cross site request forgery In the Python programming language, cast_list, shown below, is which of the following? A) Dictionary B) Tuple C) Array D) List ---------CORRECT ANSWER-----------------Dictionary
Which of the following is the name given to the behaviors that objects have in object oriented programming? A) Methods B) Functions C) Modules D) Procedures ---------CORRECT ANSWER-----------------Methods Which of the following services would be a target for privilege escalation? 1: Microsoft Office Click-to-Run Service "C:\Program Files\Common Files\ Microsoft Shared\ClickToRun\OfficeClickToRun.exe" 2: CodeMeter Runtime Server C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe 3: TP AutoConnect Service "C:\Program Files\VMWare\VMware Tools\TPAutoConnsvc.exe" Manual A) Microsoft Office Click To Run Service B) CodeMeter Runtime Server C) TP AutoConnect Service D) Yo Mama ---------CORRECT ANSWER-----------------CodeMeter Runtime Server In both the TCP handshake and teardown, the ACK number increases by one. How much data is being sent? A) Zero bytes B) Two bytes C) One byte D) Three bytes ---------CORRECT ANSWER-----------------Zero bytes
What attack is the administrator addressing with the techniques described above? A) SQL injection B) Cross-Site request forgery C) Cross-Site scripting D) Directory traversal E) Clickjacking ---------CORRECT ANSWER-----------------Clickjacking How do prepared statements help prevent SQL injection attacks? A) Query parameters are sent in the body of a POST request B) Queries are appended with an authorization token C) Query language is kept separate from user supplied data D) Queries submitted by users are HTML entity encoded ---------CORRECT ANSWER-----------------C) Query language is kept separate from user supplied data If the user agent is used, where would it be found in the HTTP protocol? A) In the response body B)In the response header C) Delimited by an h1 tag D) In a GET Request ---------CORRECT ANSWER-----------------In a GET Request A web application is configured to validate a unique token value for each submitted user request. What threat is being mitigated? A)Local file inclusion B) Cross Site request forgery C)Drive-By downloads D) Command injection ---------CORRECT ANSWER-----------------Cross Site request forgery
Which exploit takes advantage of a web-page field that does not validate input? A) Session hijacking B) command injection C)Password cracking D) Steganography ---------CORRECT ANSWER-----------------Command injection Which computer component manages ongoing access to a computer's shared RAM and drive storage resources? A)Memory Registers B)BIOS C)Kernel D)Bootloader ---------CORRECT ANSWER-----------------Kernal What Windows configuration utility can be used by a local administrative user to create an account which requires the password to be reset upon first login? A) Dynamic Host Configuration Protocol B) Family & Other People Control Panel C) Local Users Management Console D) User Account Control (UAC) ---------CORRECT ANSWER----------------- Local Users Management Console When is a software interrupt issued by a computer? A) When a user switches from one visible program to another in the GUI B) When power is suddenly cut off the CPU
Consider the TCP communication between two computers shown below. What will computer A do following Computer B's response? Computer A sends 20 bytes of data Computer B responds with Computer A's acknowledgment number + 15 A)Send a FIN packet to close the connection B) Send the missing five bytes C)Resend the entire packet D)Ask computer B what bytes are missing ---------CORRECT ANSWER----- ------------Resend the entire packet A user adds a new directory to a Linux system's $PATH environment variable, #export $PATH=$PATH:new_dir. What action will cause the updated $PATH variable change back to the original value? A)Closing and re-opening the terminal B)Running the command "rm $PATH" C) Echoing the $PATH to /dev/null ---------CORRECT ANSWER--------------- --Closing and reopening the terminal What does it mean when a computer program is "multi-threaded"? A) It calls multiple external libraries B) It has multiple serial number for different users C) It can run multiple chunks of code concurrently D) It has multiple functions defined in the program ---------CORRECT ANSWER-----------------It can run multiple chunks of code concurrently Which of the following is a common result of a reflected cross-site scripting attack? A)Tricking a user into making an authenticated transaction B)Sending a website user's session cookie to an attacker
C) Embedding the attacker's malware in web application source code D) Stealing password hashes from a website's back end database --------- CORRECT ANSWER-----------------Sending a website user's session cookie to an attacker What tool can be used to fingerprint the operating system of a host? A)netstat B)dig C)nslookup D)nmap ---------CORRECT ANSWER-----------------Nmap What type of vulnerability is illustrated where there is code in the web page? A)File Inclusion B) Clickjacking C)Cross-Site Scripting D) SQL injection ---------CORRECT ANSWER-----------------File Inclusion An alert indicates that a compromised host was used by an attacker to run the command below. What was the attacker attempting to do? $ nmap - sS 192.168.10.0/ A)Map a network drive to a remote host B)Identify services running on network hosts C)Execute a script on a remote host D)Send Spoofed packets to network hosts ---------CORRECT ANSWER----- ------------Identify services running on network hosts
D)Less complex logging infrastructure ---------CORRECT ANSWER----------- ------Harder for attackers to overwrite logs What is the only way to mitigate an integer overflow/underflow? A) Takin the absolute value of negative results prior to running the equation B) Checking that the result of any change to a signed integer falls within an allowed range C) Randomizing salt values prior to hashing user content D) Sanitizing user input to block special characters from being entered ------ ---CORRECT ANSWER-----------------Checking that the result of any change to a signed integer falls within an allowed range Which Variable name will cause Python to produce an error? A)2nd_phone_number B)LASTNAM_ C)streetAddress D)_firstname ---------CORRECT ANSWER-----------------2nd_phone_number What is the following command attempting to accomplish in Kali Linux? dnsmap myfakedomain.local - w /usr/share/wordlists/dnsmap.txt A)Search for subdomains based upon the wordlist provided B) Check for users based on the wordlist provided C)Run checks on the applications based on the wordlist provided D)Call yo mama ---------CORRECT ANSWER-----------------Search for subdomains based upon the wordlist provided How do you remove data from a Solid State Drive?
A) Destroy it B) Place Magnets upon it C) Snap it D) Yo mama sit on it ---------CORRECT ANSWER-----------------Destroy it Where are the wordlists located in Kali? A)/var/opt/wordlists B)/etc/default/wordlists C)/etc/security/wordlists D)/var/adm/wordlists E)/usr/share/wordlists ---------CORRECT ANSWER----------------- /usr/share/wordlists What is the outcome of the command below? ps aux | grep - i sshd | grep root A) Enabling logging for all root logins for the ssh service B)Terminating the secure shell service C)List of secure shell processes running under the root user D)Starting up the ssh service as the root user ---------CORRECT ANSWER- ----------------List of secure shell processes running under the root user When would a security analyst create a "TCP Socket" in a Python Program? A) When scanning the host computer for malicious software B) When creating a script to run against a network service C) When collecting information about the host computer's hardware D) When the host is running network services in the background during Python program execution ---------CORRECT ANSWER-----------------When creating a script to run against a network service
When a new File is created what permissions are inherited? A) Parent Folder B) You set them when you open the folder C) Root Permissions D) Default File Permissions ---------CORRECT ANSWER----------------- Parent Folder What command will generate a makefile that is tuned to the system that it is installed to? A)source makefile.am B)source configure.in C) ./install-sh D) ./configure ---------CORRECT ANSWER-----------------./configure What might a captcha do to a scanner? A) Redirect the scanner to the same page in a loop B) Proceed to the website as per normal C) Shut the scanner down D) Lock you out of the website ---------CORRECT ANSWER----------------- Redirect the scanner to the same page in a loop The user starts Microsoft Word and clicks File | Open. What does word do as a result? A) Generates a software interrupt B) Loads the Kernal C) Opens the appropriate output HID
D) Yo Mama ---------CORRECT ANSWER-----------------Generates a software interrupt What attack is being attempted by the command shown below? root@kali: ~/target# dirb https:www.sans.org /usr/share/wordlists/dirb/small.txt A) Dictionary attack against known user accounts on a website B) Dictionary attack against unknown user accounts on a website C) Search for valid accounts using a wordlist against a website D) Search for directories not link to public areas of a website --------- CORRECT ANSWER-----------------Search for directories not linked to public areas of a website Where is the data from the GDB output shown in the image stored on the host? A) Master Boot Record B) BIOS C) CPU D) Random Access Memory ---------CORRECT ANSWER-----------------CPU What command is used to generate lists of images that are stored locally and provides arguments for handling them? A) docker images B) docker pull C) docker run D) vi Dockerfile E) docker ps ---------CORRECT ANSWER-----------------docker images
Which of the follow C:\Windows\System32 subdirectories may provide stored credentials from unattended installs? A) Restore B) Boot C) Sysprep D) Dism ---------CORRECT ANSWER-----------------Sysprep Which of the following is one of the four User Account Control (UAC) settings on a Windows system? A) Access this compute from the network B) Full control C) Run as Administrator D) Always Notify ---------CORRECT ANSWER-----------------Always notify What HTTP protocol request asks a web server to retrieve metadata without the data? A) PUT B) HEAD C) GET D) POST ---------CORRECT ANSWER-----------------HEAD What command will change your directory to the current home folder? A) cd ~ B) cd .. C) cd // D) cd Yo Mama ---------CORRECT ANSWER-----------------cd ~
What does the home folder contain? A) The user directories for every user other than the root B) All directories under the Windows machine C) The specific user's directory D) Yo Mama ---------CORRECT ANSWER-----------------The user directories for every user other than the root Examine the list from a Python program below. Which statement will display Oregon? PNW_states = [ 'Washington' , 'Oregon' , 'Idaho' , 'Montana' , 'Wyoming' ] A) print(PNW_states[2]) B) print(PNW_states(2)) C) print(PNW_states[1]) D) print(PNW_states[0][2]) ---------CORRECT ANSWER----------------- print(PNW_states[1]) When a program runs on a computer, it temporaily loads code into memory that contains information about the program. The code is deleted when the program is closed. What is the instance of this code called? A) Process B) Kernel C) BIOS D) Application Hint: Every time you run a program on your computer, a "BLANK" is created in memory. When you close the program, the "BLANK" is killed. ---- -----CORRECT ANSWER-----------------Process What is a requirement for cross-site request forgery to work?
CVE- 2019 - 9874: Deserialization of Untrusted Data in the Sitecore.Security.AnitCSRF (aka anti CSRF) module in Sitecore CMS 7. to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN. A) RCE B) Heap corruption C) Information disclosure D) Buffer over-read E) File Inclusion F)SQLi Hint: "Blank" bugs allow an attacker to achieve "arbitrary code execution." This, in effect, allows them to assume control of a target system. They can come in many flavors but are often seen as the most high-risk category of attack. ---------CORRECT ANSWER-----------------RCE Which buffer overflow mitigation places a value before the return pointer in the stack? A) Canary B) Parameterized query C) Random session token D) Format String Hint: The stack "blank" is a value that sits before the return pointer in the stack. When the program's execution hits the return instruction, before the return pointer is loaded into EIP, the value of the stack "blank" is checked. If it has been overwritten, then the program terminates because the CPU then knows that something dodgy was going on, since the value of the stack "blank" which shouldn't have changed has changed. The stack "blank" can usually be bypassed by finding out the value the "blank" is expected to be and overwriting it with the same value. Sometimes this is made harder by a stack "blank" that contains null byte values since many functions which read user input in C will stop reading more data as soon as they see a null byte. It doesn't ---------CORRECT ANSWER----------------- Canary
Which Linux command will allow a user to run a command with escalated privileges using their own password? A)sudo B)bash C)su D)which Hint: The "blank" program will allow a user to temporarily take on the privileges of the root account to run a command and then it will drop user privilege level back down to your normal account levels after the command runs. The way "blank" works is there is a configuration file called "sudoers" file, which basically a list of which accounts are allowed to do what with superuser privileges (and only root can edit it). When a user wants to run a command with privileges, they append "blank" before the command. They will then be prompted for their normal account password (not the root password), and then the command will run with super user privileges. ------- --CORRECT ANSWER-----------------sudo Which of the following is a form of one-way encryption? A) Hashing B)Symmetric C)Substitution D)Asymmetric Hint: "Blank" is a third form of encryption, but its uses are a bit more niche. The third form of encryption is called hashing: a form of one-way encryption. That means, once data is encrypted, the process can not be reversed to go from the encrypted data back to the plaintext. There are some properties of hashing that make it incredibly useful. The same plain text put through the same hashing algorithm will always produce the same encrypted data. However, if even one bit of the plaintext is changed, the resulting hash will be completely different. Similarly, with a
