[Latest] GIAC GCFA Certification: Syllabus, Questions and Exam Details

GIAC GCFA CERTIFICATION: SYLLABUS, QUESTIONS AND EXAM DETAILS GIAC GCFA Exam WWW.EDUS UM.COM The GIAC GCFA Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the GCFA certification exam. WWW.EDUSUM.COM PDF GCFA: GIAC Certified Forensic Analyst 1 Introduction to GCFA GIAC Certified Forensic Analyst Exam The GIAC GCFA Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the GCFA certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. This study guide for the GIAC Forensic Analyst will help guide you through the study process for your certification. GCFA GIAC Forensic Analyst Exam Summary ● Exam Name: GIAC Forensic Analyst ● Exam Code: GCFA ● Exam Price: $949 (USD) ● Duration: 180 mins ● Number of Questions: 82 ● Passing Score: 72% ● Books / Training: FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics WWW.EDUSUM.COM PDF GCFA: GIAC Certified Forensic Analyst 2 ● Schedule Exam: Pearson VUE ● Sample Questions: GIAC GCFA Sample Questions ● Recommended Practice: GIAC GCFA Certification Practice Exam Exam Syllabus: GCFA GIAC Certified Forensic Analyst Topic Details Enterprise Environment Incident Response - The candidate will demonstrate an understanding of the steps of the incident response process, attack progression, and adversary fundamentals and how to rapidly assess and analyze systems in an enterprise environment scaling tools to meet the demands of large investigations. File System Timeline Artifact Analysis - The candidate will demonstrate an understanding of the Windows filesystem time structure and how these artifacts are modified by system and user activity. Identification of Malicious System a nd User Activity - The candidate will demonstrate an understanding of the techniques required to identify and document indicators of compromise on a system, detect malware and attacker tools, attribute activity to events and accounts, and identify and comp ensate for anti - forensic actions using memory and disk resident artifacts. Identification of Normal System and User Activity - The candidate will demonstrate an understanding of the techniques required to identify, document, and differentiate normal and a bnormal system and user activity using memory and disk resident artifacts. Introduction to File System Timeline Forensics - The candidate will demonstrate an understanding of the methodology required to collect and process timeline data from a Windows sys tem. Introduction to Volatile Data Forensics - The candidate will demonstrate an understanding of how and when to collect volatile data from a system and how to document and preserve the integrity of volatile evidence. NTFS Artifact Analysis - The candidate will demonstrate an understanding of core structures of the Windows filesystems, and the ability to identify, recover, and analyze evidence from any file system layer, including the data storage layer, metadata layer, and filename layer. V olatile Data Artifact Analysis of Malicious Events - The candidate will demonstrate an understanding of abnormal activity within the structure of Windows memory and be able to identify artifacts such as malicious processes, suspicious drivers and malware t echniques such as code injection and rootkits. Volatile Data Artifact Analysis of Windows Events - The candidate will demonstrate an understanding of abnormal activity within the structure of Windows memory WWW.EDUSUM.COM PDF GCFA: GIAC Certified Forensic Analyst 3 Topic Details and be able to identify artifacts such as malici ous processes, suspicious drivers and malware techniques such as code injection and rootkits. Windows Artifact Analysis - The candidate will demonstrate an understanding of Windows system artifacts and how to collect and analyze data such as system back u p and restore data and evidence of application execution. GIAC GCFA Certification Sample Questions and Answers To make you familiar with GIAC Forensic Analyst (GCFA) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for GCFA Certification to test your understanding of the GIAC GCFA process with the real GIAC certification exam environment. GCFA GIAC Forensic Analyst Sample Questions:- 01. What are the purposes of audit records on an information system? a) Backup b) Investigation c) Upgradation d) Troubleshooting 02. Which of the following tools are used to determine the hop counts of an IP packet? a) Netstat b) TRACERT c) IPCONFIG d) Ping 03. Which of the following file systems supports the hot fixing feature? a) FAT16 b) exFAT c) FAT32 d) NTFS 04. Which of the following directories cannot be placed out of the root filesystem? WWW.EDUSUM.COM PDF GCFA: GIAC Certified Forensic Analyst 4 a) /sbin b) /etc c) /var d) /lib 05. You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will you use? a) Netcraft b) Ettercap c) Ethereal d) Nmap 06. In a Windows computer, which of the following utilities is used to convert a FAT16 partition to FAT32? a) CVT16.EXE b) CVT1.EXE c) CONVERT16.EXE d) CONVERT.EXE 07. In which of the following files does the Linux operating system store passwords? a) Password b) Passwd c) Shadow d) SAM 08. Which of the following types of virus makes changes to a file system of a disk? a) Master boot record virus b) Stealth virus c) Cluster virus d) Macro virus 09. Which of the following are the benefits of information classification for an organization? a) It ensures that modifications are not made to data by unauthorized personnel or processes. b) It helps identify which information is the most sensitive or vital to an organization. c) It helps reduce the Total Cost of Ownership (TCO). d) It helps identify which protections apply to which information. WWW.EDUSUM.COM PDF GCFA: GIAC Certified Forensic Analyst 5 10. Which of the following statements about SD cards are true? a) It is used with mobile phones and digital cameras. b) It is a type of non-volatile memory card. c) It is a 184-pin memory module. d) It is used as RAM on client computers and servers. Answers:- Answer 01:- b, d Answer 02:- b, d Answer 03:- d Answer 04:- a, b, d Answer 05:- a Answer 06:- b Answer 07:- c Answer 08:- c Answer 09:- b, d Answer 10:- a, b