GCFR GIAC Cloud Forensics Responder (GCFR) Questions and Answers

An organization has optimized their S3 buckets to quickan their data collection across a global infrastructure. Which reflects the bucket URL root?

What is a best practice recommendation when using API keys for AWS access?

What type of AWS log is the following snippet an example of?

What is shown in the screenshot?

Which of the following is available with the free tier of service for CloudTrail?

A system administration team has deployed several laaS platform servers and intend to host a custom application in the cloud. Which of the following is the responsibility of the system administration team with this architecture?

An engineer has set up log forwarding for a new data source and wants to use that data to run reports and create dashboards in Kibana. What needs to be created in order to properly handle these logs?

An investigator is evaluating a client's Microsoft 365 deployment using the web portals and has identified that the Purview compliance portal states that the Unified Audit Logs are not enabled. Based on the additional Information gathered below, what is most likely the cause of this configuration message?

Subscription creation date: December 4, 2021 Number of administrators: 2 Number of non-administrative user accounts: 74 Last tenant administration change: December 4,2021

Which AWS policy type specifies the maximum resource permissions for in organization or organizational unit (OU)?

In which scenario would an investigator collect NetFlow logs rather than PCAP logs?

An attacker successfully downloaded sensitive data from a misconfigured GCP bucket. Appropriate logging was not enabled. Where can an analyst find the rough time and quantity of the data downloaded?

Which AWS Storage option is ideal for storing incident response related artifacts and logs?

An engineer is troubleshooting a complaint that a web server in AWS cannot receive incoming traffic, but the server can connect to the internet otherwise. What is needed to solve this problem?

Use Kibana to analyze the Azure AD sign-in logs in the azure-* index. On March 31st, 2021, what is the timestamp of the earliest failed login attempt for the accountdcr0ss5pymtechlabs.com?

ViewVM

Which performance feature of an Amazon EC2 instance is configured to add additional resources based on set trigger points?

What Amazon EC2 instance prefix should be monitored to detect potential crypto mining?

Below is an extract from a Server Access Log showing arecord for a request made to an AWS S3 bucket. What does the first field starting with "385f9e" represent?

What is the recommended storage type when creating an initial snapshot of a VM in Azure for forensic analysis?

Which is a limitation when adding GPUs to Google cloud VMs?

What is the example AWS data below an example of?

The Azure URI for the Develop VM is shown below. What will change in the notation when referencing the VM's OS disk?