1. Home
  2. GIAC
  3. Security Certification: GASF
  4. GASF
  5. GIAC Advanced Smartphone Forensics Questions and Answers

Pass the GIAC Security Certification: GASF GASF Questions and answers with CertsForce

 GIAC Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 3 pages
Viewing questions 1-10 out of questions
Questions # 1:

What is the MAIN difference between a Full Root and a Shell/Soft Root?

Options:
A.

Full root is permanent

B.

Full root Leaves traces behind on the device

C.

Soft root Allows system level access without a password

D.

Soft root Utilizes Shell root

Questions # 2:

Cellebrite’s Physical Analyzer will conduct a Quick Scan for images, which goes through and carves files that may have been deleted from the device. When carving for image files, which of the following methods is most effectively used to recover data?

Options:
A.

Update the signature database

B.

Carve based on file header

C.

Carve based on file metadata

D.

Carve based on memory ranges

Questions # 3:

Which iOS backup file will contain the last time the device was backed up?

Options:
A.

notes.sqlite

B.

manifest.mbdb

C.

status.plist

D.

info.plist

Questions # 4:

Which of the following chipsets is commonly found in knock-off handsets?

Options:
A.

Invidia Tegra

B.

MediaTek (MTK)

C.

A8

D.

Qualcomm Snapdragon

Questions # 5:

What information can you determine by reviewing the (bp2p) file from a BlackBerry OS10 handset?

Question # 5

Options:
A.

Cloud accounts

B.

Bluetooth pairings

C.

Paired computers

D.

Connected Wireless Access points

Questions # 6:

What is the essential piece of information is most often required in order to decrypt the contents of BlackBerry OS 10 handsets?

Options:
A.

BlackBerry Blend username/pin

B.

BlackBerry Balance username/password

C.

BlackBerry Link ID/password

D.

BBM pin

Questions # 7:

What is a risk to the security of an iPhone backup if the user selects to set a password and encrypt their

backup?

Options:
A.

The keychain is not captured with the backup and the password can be recovered from the Info.plist file

B.

The clear text password will be cached in the user’s keychain and can be recovered searching the user’s keychain

C.

The data is encrypted using a strong key but the password is saved to a file which is encoded using

Base64, which is easily reversible

D.

The backup file is encrypted and a copy of the keychain is saved in a local file which may be attacked using brute force tools

Questions # 8:

Based on the image below, which file system is being examined?

Question # 8

Options:
A.

Chinese knock-off

B.

Windows

C.

Android

D.

Blackberry

Questions # 9:

Review the information contained within the Viber application running on an Android device. Which of the

following can be determined?

Question # 9

Options:
A.

A message containing the string8901260572525158741was sent using the Viber application.

B.

The Viber account used to send/receive messages can be tied to the user in possession of the SIM cardwith an IMSI of 8901260572525158741

C.

The user account for Viber is 8901260572525158741

D.

The Viber account used to send/receive messages can be tied to the user in possession of the SIM cardwith an ICCID of 8901260572525158741

Questions # 10:

Which of the following files contains details regarding the encryption state of an iTunes backup file?

Options:
A.

Keychain-backup.plist

B.

Manifest.mbdb

C.

Manifest.plist

D.

Status.plist

Viewing page 1 out of 3 pages
Viewing questions 1-10 out of questions