Trustworthy GCFR Dumps (V9.03) – Best GIAC Cloud Forensics Responder (GCFR) Exam Questions for Learning

1. Below is an extract from a Server Access Log showing a record for a request made to an AWS S3 bucket.

What does the first field starting with "385f9e" represent?

2. Which is the effective access when aws user is assigned to an S3 bucket?

3. What logical AWS structure type is used to chain together accounts in a trust relationship which allows for single sign-on and cross-account management?

4. An Azure blob is accessed using the link below.

What is the name of the blob container?

5. In Azure, which of the following describes a "Contributor"?

6. What Pub/Sub component is used to forward GCP logs to their final location?

7. Which of the following is the smallest unit of computing hardware in Kubernetes?

8. What is a best practice recommendation when using API keys for AWS access?

9. What would prevent GCP 1AM from linking to Google Workspace to manage users and groups?

10. What type of AWS log is the following snippet an example of?

11. An investigator confirms that phishing emails sent to users in an organization ate not being sent to their Gmall Spam folder.

What is a possible cause for this?

12. How is storage account, cs21003200042c87633, created in an Azure resource group?

13. An engineer has set up log forwarding for a new data source and wants to use that data to run reports and create dashboards in Kibana.

What needs to be created in order to properly handle these logs?

14. At what point of the OAuth delegation process does the Resource Owner approve the scope of access to be allowed?

15. Which cloud service provider produces sampled flow logs?

16. What method does Google use to alert Gmail account holders that they may be under attack by government sponsored attackers?

17. Which AW5 1AM policy element indicates the API that is in scope?

18. Sensitive company data is found leaked on the internet, and the security team didn't get any alert and is unsure of how the breach occurred.

Which logs would be a preferable starting point for an investigation?

19. An investigator is evaluating a client's Microsoft 365 deployment using the web portals and has identified that the Purview compliance portal states that the Unified Audit Logs are not enabled.

Based on the additional Information gathered below, what is most likely the cause of this configuration message?

Subscription creation date: December 4, 2021 Number of administrators: 2 Number of non-administrative user accounts: 74 Last tenant administration change: December 4,2021

20. At what organizational level are EC2 services managed by customers?

21. An investigator his successfully installed the ExchangeOnlineManagement module on their investigation system and is attempting to search a client's Microsoft 365 Unified Audit Log using PowerShell. PowerShell returns a "command not found" error each time they try to execute the Search-UnifiedAuditLog cmdlet.

How should the investigator troubleshoot this issue?

22. The attack technique "Access Kubelet API" falls under which Mitre ATT&CK tactic?

23. An analyst successfully authenticated to Microsoft 365 using the following command.

What would cause the analyst to be unable to search UAL events for a specific time period?

Ps> connect fxrhangeOnline userPrincipalName sysanalystatexanpteco.com

24. Which statement describes how an organization could use IPv6 in a Google Cloud deployment?

25. A company using PaaS to host and develop their software application is experiencing a DOS attack.

What challenge will a DFIR analyst experience when investigating this attack?

26. Which is a limitation when adding GPUs to Google cloud VMs?

27. What can be inferred about the ARN below?

arn:aws:!am::457787814323:user/giac

28. What 1$ a drawback of analyzing a snapshot outside of AWS?

29. Which of the following is available with the free tier of service for CloudTrail?

30. Which EBS volume type would be appropriate to support a business critical SQL server hosted In AWS?