GAQM CFA-001 CFA Exam Practice Test Instant Access

Question 1

Centralized logging is defined as gathering the computer system logs for a group of systems in a centralized location. It is used to efficiently monitor computer system logs with the frequency required to detect security violations and unusual activity.

ATrue

BFalse

Answer : A

Question 2

P0P3 (Post Office Protocol 3) is a standard protocol for receiving email that deletes mail on the server as soon as the user downloads it. When a message arrives, the POP3 server appends it to the bottom of the recipient's account file, which can be retrieved by the email client at any preferred time. Email client connects to the POP3 server at _______________by default to fetch emails.

APort 109

BPort 110

CPort 115

DPort 123

Answer : B

Question 3

What document does the screenshot represent?

AChain of custody form

BSearch warrant form

CEvidence collection form

DExpert witness form

Answer : A

Question 4

Jason, a renowned forensic investigator, is investigating a network attack that resulted in the compromise of several systems in a reputed multinational's network. He started Wireshark to capture the network traffic. Upon investigation, he found that the DNS packets travelling across the network belonged to a non-company configured IP. Which of the following attack Jason can infer from his findings?

ADNS Poisoning

BCookie Poisoning Attack

CDNS Redirection

DSession poisoning

Answer : A

Question 5

The IIS log file format is a fixed (cannot be customized) ASCII text-based format. The IIS format includes basic items, such as client IP address, user name, date and time, service and instance, server name and IP address, request type, target of operation, etc. Identify the service status code from the following IIS log.

192.168.100.150, -, 03/6/11, 8:45:30, W3SVC2, SERVER, 172.15.10.30, 4210, 125, 3524, 100, 0, GET, /dollerlogo.gif,

AW3SVC2

B4210

C3524

D100

Answer : D

Question 6

Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the SIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN and access SIM data?

AHe should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access to the SIM

BHe cannot access the SIM data in this scenario as the network operators or device manufacturers have no idea about a device PIN

CHe should again attempt PIN guesses after a time of 24 hours

DHe should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM

Answer : D

Question 7

During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible

ATrue

BFalse

Answer : A

GAQM Certified Forensic Analyst CFA-001 CFA Exam Practice Test