New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > GIAC > Cyber Security > GCFR

GCFR GIAC Cloud Forensics Responder (GCFR) Question and Answers

Question # 4

An organization has optimized their S3 buckets to quickan their data collection across a global infrastructure. Which reflects the bucket URL root?

A.

bucketname.s3-accelerate.amazonaws.com

B.

bucketname.s3.us-west-2.mazonaws.com

C.

s3.us-west-2,amazonaws.com/bucketname

D.

bucketname buttcetname.amazonaws.com

Full Access
Question # 5

What is the maximum file size for Azure Page Blob storage?

A.

10.25 TB

B.

10.25 TB

C.

8TB

D.

7TB

Full Access
Question # 6

An analyst successfully authenticated to Microsoft 365 using the following command. What would cause the analyst to be unable to search UAL events for a specific time period?

Ps> connect fxrhangeOnline userPrincipalName sysanalystatexanpteco.com

A.

The tmdlets to search the UAl were not Imported into the session

B.

The UAL cannot be searched when using Microsoft 365 PowerShell

C.

The incorrect version of the FxhangeOnlineManagement module was installed

D.

The ExchangeOnlineManagement module was not installed

Full Access
Question # 7

What is the recommended storage type when creating an initial snapshot of a VM in Azure for forensic analysis?

A.

Standard SSD

B.

Ultra Disk

C.

Premium SSD

D.

Standard HDD

Full Access
Question # 8

Where are iOS Class keys stored?

A.

In iCloud

B.

Within the metadata of each file

C.

Between the flash memory and the system area on the device

D.

In effacable storage

Full Access
Question # 9

What logical AWS structure type is used to chain together accounts in a trust relationship which allows for single sign-on and cross-account management?

A.

Subscription

B.

Organisation

C.

OU

D.

Tenant

Full Access
Question # 10

What can bedetermine about the AVVS Access Key below?

AKIAVNKBKCM4I3VNZIS3

A.

The key belongs to a user account

B.

The key will only work internally

C.

It is a service STS token

D.

It is only in use for a single session

Full Access
Question # 11

Using the SOF-ELK instance at 10.0.1.7:5601, inspect the netflow logs related to the ip 5.62.19.62.

Which of the ports seen in the netflow logs associated with the ip 5.62.19.62 has the lowest count?

Hint: Use a wide time frame such as 20 years to ensure all the relevant data is in the scope.

A.

2341

B.

389

C.

443

D.

49555

E.

80

F.

2222

G.

2374

Full Access
Question # 12

In Azure, which of the following describes a "Contributor"?

A.

A collection of permissions such as read, write, and delete

B.

A designation on a PKI certificate

C.

A specification of who can access a resource group

D.

An object representing an entity

Full Access
Question # 13

A threat actor conducts brute force attacks against SSH services to gain Initial access. This attack technique falls under which category of the Google Workspace MITRE ATT&CK matrix?

A.

Defense evasion

B.

Discovery

C.

Credential access

D.

Collection

Full Access
Question # 14

An engineer is looking for the log of API calls recorded by CloudTrail for the past 6 months. Where should they look for the oldest data?

A.

Lambda ephemeral storage

B.

S3 bucket

C.

requestParameters

Full Access
Question # 15

At what point of the OAuth delegation process does the Resource Owner approve the scope of access to be allowed?

A.

After user credentials are accepted by the Authorization Server

B.

Once the OAuth token is accepted by the Application

C.

When the Resource Server receives the OAuth token

D.

Before user credentials are sent to the Authentication Server

Full Access
Question # 16

At what organizational level are EC2 services managed by customers?

A.

Data center

B.

Regional

C.

Global

D.

Continental

Full Access
Question # 17

An investigator his successfully installed the ExchangeOnlineManagement module on their investigation system and is attempting to search a client's Microsoft 365 Unified Audit Log using PowerShell. PowerShell returns a "command not found" error each time they try to execute the Search-UnifiedAuditLog cmdlet. How should the investigator troubleshoot this issue?

A.

Ensure their system has .NFT version 4.b or later Installed

B.

Ensure that MFA has been disabled for The account used

C.

Check that they are using PowerShell Core

D.

Check the permissions of the account used in Microsoft 365

Full Access
Question # 18

A.

Permits remote creation of a Snapshot in a different region from the VM

B.

Allows use of classic acquisition tools directly on the Snapshot disk

C.

Allows direct access to the Snapshot VM disk

D.

Grants use of a one-time URL to download a Snapshot VHD

Full Access
Question # 19

A company is creating an incident response team that will be part of their existing GCP Organization. Where in the organizational structure should their services be placed?

A.

With the Resources

B.

As part of d Project

C.

ln a dedicated Folder

D.

At the root Organization

Full Access
Question # 20

Which AW5 1AM policy element indicates the API that is in scope?

A.

Effect

B.

Version

C.

Action

D.

Resource

Full Access
Question # 21

An analyst is reviewing a case involving an actor who leveraged PowerShell Cloud Shell to achieve their goals. Where can the analyst And logs depleting this activity?

A.

Network flow logs for the environment

B.

.wget hsts file

C.

Audit logs for the environment

D.

.bash_history file

Full Access
Question # 22

Which is a limitation when adding GPUs to Google cloud VMs?

A.

They can only be added at VM creation

B.

Preemptible VMs do not support GPU addition

C.

Google limits the GPUs assigned to a single VM

D.

They are only available in specific zones

Full Access
Question # 23

Access Kibana via http://10.0.1.7:5601 and use the azure-* index pattern. Between March 31st, 2021 and April 3rd, 2021, how many virtual machines were created that use a Linux operating system?

A.

4

B.

6

C.

5

D.

2

E.

3

F.

8

G.

7

Full Access