GCFR Leak Questions

GIAC Cloud Forensics Responder (GCFR) Questions and Answers

Question 5

An analyst successfully authenticated to Microsoft 365 using the following command. What would cause the analyst to be unable to search UAL events for a specific time period?

Ps> connect fxrhangeOnline userPrincipalName sysanalystatexanpteco.com

Options:

The tmdlets to search the UAl were not Imported into the session

The UAL cannot be searched when using Microsoft 365 PowerShell

The incorrect version of the FxhangeOnlineManagement module was installed

The ExchangeOnlineManagement module was not installed

Question 6

An investigator his successfully installed the ExchangeOnlineManagement module on their investigation system and is attempting to search a client's Microsoft 365 Unified Audit Log using PowerShell. PowerShell returns a "command not found" error each time they try to execute the Search-UnifiedAuditLog cmdlet. How should the investigator troubleshoot this issue?

Options:

Ensure their system has .NFT version 4.b or later Installed

Ensure that MFA has been disabled for The account used

Check that they are using PowerShell Core

Check the permissions of the account used in Microsoft 365

Question 7

Which AWS authentication method provides temporary, limited privilege credentials for 1AM users or federated users?

Options:

lAMRole

API Key

SAML Token

Question 8

The attack technique "Access Kubelet API" falls under which Mitre ATT&CK tactic?

Options:

Execution

Credential Access

Discovery

Initial Access

Halloween Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

GIAC Cloud Forensics Responder (GCFR) Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer: