GIAC Cloud Forensics Responder (GCFR) Questions and Answers
An analyst investigating a malicious application determines that it runs using AVVS Lambda. What challenge will the analyst likely encounter during the Investigation?
An investigator confirms that phishing emails sent to users in an organization ate not being sent to their Gmall Spam folder. What is a possible cause for this?
Below is an extract from a Server Access Log showing arecord for a request made to an AWS S3 bucket. What does the first field starting with "385f9e" represent?
An engineer is looking for the log of API calls recorded by CloudTrail for the past 6 months. Where should they look for the oldest data?
At what point of the OAuth delegation process does the Resource Owner approve the scope of access to be allowed?
Which cloud service provider produces sampled flow logs?
At which level of an Azure cloud deployment are resource management logs generated?
A cloud administrator needs to determine which user account allowed SSH Inbound from the internet on an Azure Network security group. Which type of log does the administrator need to examine?
Which AWS Storage option is ideal for storing incident response related artifacts and logs?
Which of the following is available with the free tier of service for CloudTrail?
What Pub/Sub component is used to forward GCP logs to their final location?
Using the SOF-ELK instance at 10.0.1.7:5601, inspect the netflow logs related to the ip 5.62.19.62.
Which of the ports seen in the netflow logs associated with the ip 5.62.19.62 has the lowest count?
Hint: Use a wide time frame such as 20 years to ensure all the relevant data is in the scope.
At what organizational level are EC2 services managed by customers?
What AWS service will allow an organization to set custom compliance metrics and force compliance on an organizational, sub-organizational, or individual account level?
After registering the application in Azure AD, what is the next step to take in order to use Microsoft Graph API?
An engineer is troubleshooting a complaint that a web server in AWS cannot receive incoming traffic, but the server can connect to the internet otherwise. What is needed to solve this problem?
An investigator his successfully installed the ExchangeOnlineManagement module on their investigation system and is attempting to search a client's Microsoft 365 Unified Audit Log using PowerShell. PowerShell returns a "command not found" error each time they try to execute the Search-UnifiedAuditLog cmdlet. How should the investigator troubleshoot this issue?
Which statement describes a zld.metal EC2 instance?
Which is a limitation when adding GPUs to Google cloud VMs?
Which Azure blob storage option is typically used to store virtual hard drive (VHD) Ales?
An analyst is reviewing a case involving an actor who leveraged PowerShell Cloud Shell to achieve their goals. Where can the analyst And logs depleting this activity?
What method does Google use to alert Gmail account holders that they may be under attack by government sponsored attackers?
What approach can be used to enable Mac instances on AWS?
