Pre-Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

GIAC GCFR Dumps

Page: 1 / 8
Total 82 questions

GIAC Cloud Forensics Responder (GCFR) Questions and Answers

Question 1

An analyst investigating a malicious application determines that it runs using AVVS Lambda. What challenge will the analyst likely encounter during the Investigation?

Options:

A.

Application Is no longer active

B.

Hardware raps are misconfigured

C.

Large amounts of log data

D.

Server is poorly managed

Question 2

An investigator confirms that phishing emails sent to users in an organization ate not being sent to their Gmall Spam folder. What is a possible cause for this?

Options:

A.

The default setting for enhanced pre-delivery message scanning was changed

B.

The security sandbox default configuration setting was changed

C.

A third party application needs to be installed to detect phishing emails

D.

Compliance based rules need to be configured to detect phishing emails

Question 3

Below is an extract from a Server Access Log showing arecord for a request made to an AWS S3 bucket. What does the first field starting with "385f9e" represent?

as

Options:

A.

Bucket Owner

B.

Request ID

C.

Host ID

D.

Cipher Suite

Question 4

An engineer is looking for the log of API calls recorded by CloudTrail for the past 6 months. Where should they look for the oldest data?

Options:

A.

Lambda ephemeral storage

B.

S3 bucket

C.

requestParameters

Question 5

At what point of the OAuth delegation process does the Resource Owner approve the scope of access to be allowed?

Options:

A.

After user credentials are accepted by the Authorization Server

B.

Once the OAuth token is accepted by the Application

C.

When the Resource Server receives the OAuth token

D.

Before user credentials are sent to the Authentication Server

Question 6

Which cloud service provider produces sampled flow logs?

Options:

A.

GCP

B.

Azure

C.

AWS

Question 7

At which level of an Azure cloud deployment are resource management logs generated?

Options:

A.

Management Group

B.

Resource Group

C.

Tenant

D.

Subscription

Question 8

A cloud administrator needs to determine which user account allowed SSH Inbound from the internet on an Azure Network security group. Which type of log does the administrator need to examine?

Options:

A.

Tenant

B.

Subscription

C.

Operating System

D.

Resource

Question 9

Which AWS Storage option is ideal for storing incident response related artifacts and logs?

Options:

A.

Elastic File Store

B.

ElastiCache

C.

Elastic Block Storage

D.

Simple Storage Service

Question 10

Which of the following is available with the free tier of service for CloudTrail?

Options:

A.

Single trail of management events delivered to Amazon

B.

Access to data-related API Cloud Trail events

C.

Access to CloudTrail Insights to detect anomalies

D.

Default trail maintained by AWS for more than 90 days

Question 11

What Pub/Sub component is used to forward GCP logs to their final location?

Options:

A.

Topic

B.

Log Sink

C.

Publication

D.

Subscription

Question 12

Using the SOF-ELK instance at 10.0.1.7:5601, inspect the netflow logs related to the ip 5.62.19.62.

Which of the ports seen in the netflow logs associated with the ip 5.62.19.62 has the lowest count?

Hint: Use a wide time frame such as 20 years to ensure all the relevant data is in the scope.

Options:

A.

2341

B.

389

C.

443

D.

49555

E.

80

F.

2222

G.

2374

Question 13

At what organizational level are EC2 services managed by customers?

Options:

A.

Data center

B.

Regional

C.

Global

D.

Continental

Question 14

as

Options:

A.

Permits remote creation of a Snapshot in a different region from the VM

B.

Allows use of classic acquisition tools directly on the Snapshot disk

C.

Allows direct access to the Snapshot VM disk

D.

Grants use of a one-time URL to download a Snapshot VHD

Question 15

What AWS service will allow an organization to set custom compliance metrics and force compliance on an organizational, sub-organizational, or individual account level?

Options:

A.

Config

B.

Cognllo

C.

Inspector

D.

Security Hub

Question 16

After registering the application in Azure AD, what is the next step to take in order to use Microsoft Graph API?

Options:

A.

Request access tokens from Azure An

B.

Call the Graph API

C.

Configure app permission

D.

Get Microsoft 365global admin approval

Question 17

An engineer is troubleshooting a complaint that a web server in AWS cannot receive incoming traffic, but the server can connect to the internet otherwise. What is needed to solve this problem?

Options:

A.

VPC Subnet

B.

NAT Gateway

C.

Network Security Group

D.

Internet Gateway

Question 18

An investigator his successfully installed the ExchangeOnlineManagement module on their investigation system and is attempting to search a client's Microsoft 365 Unified Audit Log using PowerShell. PowerShell returns a "command not found" error each time they try to execute the Search-UnifiedAuditLog cmdlet. How should the investigator troubleshoot this issue?

Options:

A.

Ensure their system has .NFT version 4.b or later Installed

B.

Ensure that MFA has been disabled for The account used

C.

Check that they are using PowerShell Core

D.

Check the permissions of the account used in Microsoft 365

Question 19

Which statement describes a zld.metal EC2 instance?

Options:

A.

It Is an accelerated computing system with a GPU or I PGA

B.

The system can be configured to add resources at a trigger point

C.

It is a high-frequency system with very fast RAM access

D.

The system is optimized for a high CPU-to-memory ratio

Question 20

Which is a limitation when adding GPUs to Google cloud VMs?

Options:

A.

They can only be added at VM creation

B.

Preemptible VMs do not support GPU addition

C.

Google limits the GPUs assigned to a single VM

D.

They are only available in specific zones

Question 21

Which Azure blob storage option is typically used to store virtual hard drive (VHD) Ales?

Options:

A.

page

B.

Append

C.

File

D.

Block

Question 22

An analyst is reviewing a case involving an actor who leveraged PowerShell Cloud Shell to achieve their goals. Where can the analyst And logs depleting this activity?

Options:

A.

Network flow logs for the environment

B.

.wget hsts file

C.

Audit logs for the environment

D.

.bash_history file

Question 23

What method does Google use to alert Gmail account holders that they may be under attack by government sponsored attackers?

Options:

A.

Message upon successful logon

B.

SMS text message

C.

Email sent to the user

D.

Alert sent to recovery account

Question 24

What approach can be used to enable Mac instances on AWS?

Options:

A.

Emulating the M1 processor using ARM clusters

B.

Installing OS X exclusively on I (Burstable) instance

C.

Using physical Mac computers in the data center

D.

Virtualizing OS X on Unix servers

Page: 1 / 8
Total 82 questions