GCFR GIAC Cloud Forensics Responder (GCFR) Question and Answers

An organization has optimized their S3 buckets to quickan their data collection across a global infrastructure. Which reflects the bucket URL root?

What is the maximum file size for Azure Page Blob storage?

An analyst successfully authenticated to Microsoft 365 using the following command. What would cause the analyst to be unable to search UAL events for a specific time period?

Ps> connect fxrhangeOnline userPrincipalName sysanalystatexanpteco.com

What is the recommended storage type when creating an initial snapshot of a VM in Azure for forensic analysis?

Where are iOS Class keys stored?

What logical AWS structure type is used to chain together accounts in a trust relationship which allows for single sign-on and cross-account management?

What can bedetermine about the AVVS Access Key below?

AKIAVNKBKCM4I3VNZIS3

Using the SOF-ELK instance at 10.0.1.7:5601, inspect the netflow logs related to the ip 5.62.19.62.

Which of the ports seen in the netflow logs associated with the ip 5.62.19.62 has the lowest count?

Hint: Use a wide time frame such as 20 years to ensure all the relevant data is in the scope.

In Azure, which of the following describes a "Contributor"?

A threat actor conducts brute force attacks against SSH services to gain Initial access. This attack technique falls under which category of the Google Workspace MITRE ATT&CK matrix?

An engineer is looking for the log of API calls recorded by CloudTrail for the past 6 months. Where should they look for the oldest data?

At what point of the OAuth delegation process does the Resource Owner approve the scope of access to be allowed?

At what organizational level are EC2 services managed by customers?

An investigator his successfully installed the ExchangeOnlineManagement module on their investigation system and is attempting to search a client's Microsoft 365 Unified Audit Log using PowerShell. PowerShell returns a "command not found" error each time they try to execute the Search-UnifiedAuditLog cmdlet. How should the investigator troubleshoot this issue?

A company is creating an incident response team that will be part of their existing GCP Organization. Where in the organizational structure should their services be placed?

Which AW5 1AM policy element indicates the API that is in scope?

An analyst is reviewing a case involving an actor who leveraged PowerShell Cloud Shell to achieve their goals. Where can the analyst And logs depleting this activity?

Which is a limitation when adding GPUs to Google cloud VMs?

Access Kibana via http://10.0.1.7:5601 and use the azure-* index pattern. Between March 31st, 2021 and April 3rd, 2021, how many virtual machines were created that use a Linux operating system?