GCFR GIAC Cloud Forensics Responder (GCFR) Questions and Answers

What Pub/Sub component is used to forward GCP logs to their final location?

At what point of the OAuth delegation process does the Resource Owner approve the scope of access to be allowed?

A company using PaaS to host and develop their software application is experiencing a DOS attack. What challenge will a DFIR analyst experience when investigating this attack?

Which performance feature of an Amazon EC2 instance is configured to add additional resources based on set trigger points?

An attacker successfully downloaded sensitive data from a misconfigured GCP bucket. Appropriate logging was not enabled. Where can an analyst find the rough time and quantity of the data downloaded?

What is the recommended storage type when creating an initial snapshot of a VM in Azure for forensic analysis?

Which AW5 1AM policy element indicates the API that is in scope?

Which is the effective access when aws user is assigned to an S3 bucket?

Which is a limitation of AWS Lambdas?

Microsoft.Key Vault is an example of which component of Azure's structure?

A threat actor conducts brute force attacks against SSH services to gain Initial access. This attack technique falls under which category of the Google Workspace MITRE ATT&CK matrix?

Use Kibana to analyze the Azure AD sign-in logs in the azure-* index. On March 31st, 2021, what is the timestamp of the earliest failed login attempt for the accountdcr0ss5pymtechlabs.com?

ViewVM

An analyst successfully authenticated to Microsoft 365 using the following command. What would cause the analyst to be unable to search UAL events for a specific time period?

Ps> connect fxrhangeOnline userPrincipalName sysanalystatexanpteco.com

In which scenario would an investigator collect NetFlow logs rather than PCAP logs?

What Amazon EC2 instance prefix should be monitored to detect potential crypto mining?

An engineer is looking for the log of API calls recorded by CloudTrail for the past 6 months. Where should they look for the oldest data?

A company is creating an incident response team that will be part of their existing GCP Organization. Where in the organizational structure should their services be placed?

An engineer is troubleshooting a complaint that a web server in AWS cannot receive incoming traffic, but the server can connect to the internet otherwise. What is needed to solve this problem?

A client was responsible for their environment's OS, then they delegated this responsibility to their cloud provider. Which of the following migrations could describe this scenario?