GIAC iOS and macOS Examiner Sample Questions:
1. Which log file provides details on Safari browser usage on macOS?
A) /Users/[username]/Library/Safari/History.db
B) /var/log/safari.log
C) /private/var/log/httpd
D) /Library/Logs/SafariHistory.log
2. What type of data can be found in volatile memory on macOS devices?
A) Web browser bookmarks
B) User contacts
C) System logs
D) Application passwords and encryption keys
3. Which of the following best describes the purpose of analyzing document versions in iCloud?
A) To detect unauthorized access
B) To improve download speeds
C) To optimize storage
D) To track changes and revisions
4. During an investigation of an iPhone, you need to gather evidence of a suspect's recent locations. The Maps application shows several recent trips, but you are unsure of their exact destinations.
Which steps will you take to analyze the Maps application data to confirm the locations? (Select three correct answers)
A) Review call logs for related phone numbers
B) Analyze web browsing history for location-based searches
C) Extract GPS coordinates from the Maps application history
D) Use timestamp data to correlate trips with other device activities
E) Compare GPS data with the suspect's physical movements via Wi-Fi connection logs
5. What type of event artifacts are generated by Spotlight on macOS? (Select two)
A) Recent search queries
B) Deleted file recovery logs
C) Bluetooth device connection logs
D) Metadata of recently accessed files
Solutions:
| Question # 1 Answer: A | Question # 2 Answer: D | Question # 3 Answer: D | Question # 4 Answer: C,D,E | Question # 5 Answer: A,D |
We're so confident of our products that we provide no hassle product exchange.


By Ternence

