GCFR GIAC Cloud Forensics Responder (GCFR) Questions and Answers

Which of the following is the smallest unit of computing hardware in Kubernetes?

Sensitive company data is found leaked on the internet, and the security team didn't

get any alert and is unsure of how the breach occurred.

Which logs would be a preferable starting point for an investigation?

Which AW5 1AM policy element indicates the API that is in scope?

An Azure blob is accessed using the link below. What is the name of the blob container?

A company using PaaS to host and develop their software application is experiencing a DOS attack. What challenge will a DFIR analyst experience when investigating this attack?

What 1$ a drawback of analyzing a snapshot outside of AWS?

At what point of the OAuth delegation process does the Resource Owner approve the scope of access to be allowed?

AWS VPC Flow logs are enabled. What do these logs capture?

The attack technique "Access Kubelet API" falls under which Mitre ATT&CK tactic?

What can bedetermine about the AVVS Access Key below?

AKIAVNKBKCM4I3VNZIS3

A client was responsible for their environment's OS, then they delegated this responsibility to their cloud provider. Which of the following migrations could describe this scenario?

What is the example AWS data below an example of?

The Azure URI for the Develop VM is shown below. What will change in the notation when referencing the VM's OS disk?

Access Kibana via http://10.0.1.7:5601 and use the *ws-* index pattern. Use the time range 2021-03-0100:00 UTC to 2021 04 U 00:00 UTC. How many ec2 DescribMnstantp*; events were performed by the root user?

What would prevent GCP 1AM from linking to Google Workspace tomanageusers and groups?

Which Azure binary large object type is usually used to store virtual hard drive files?

An analyst is reviewing a case involving an actor who leveraged PowerShell Cloud Shell to achieve their goals. Where can the analyst And logs depleting this activity?

At which level of an Azure cloud deployment are resource management logs generated?

What information do AWS VPC flow logs collect?

In which scenario would an investigator collect NetFlow logs rather than PCAP logs?

An engineer is troubleshooting a complaint that a web server in AWS cannot receive incoming traffic, but the server can connect to the internet otherwise. What is needed to solve this problem?