New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

GCFR GIAC Cloud Forensics Responder (GCFR) Questions and Answers

Questions 4

A threat actor conducts brute force attacks against SSH services to gain Initial access. This attack technique falls under which category of the Google Workspace MITRE ATT&CK matrix?

Options:

A.

Defense evasion

B.

Discovery

C.

Credential access

D.

Collection

Buy Now
Questions 5

Access Kibana via http://10.0.1.7:5601 and use the *ws-* index pattern. Use the time range 2021-03-0100:00 UTC to 2021 04 U 00:00 UTC. How many ec2 DescribMnstantp*; events were performed by the root user?

Options:

A.

374

B.

16

C.

6,695

D.

94

E.

0

F.

10

G.

2, 399

Buy Now
Questions 6

What Azure SaaS option executes workflows instead of code?

Options:

A.

App Service

B.

Batch

C.

Logic Apps

D.

Functions

Buy Now
Questions 7

In which scenario would an investigator collect NetFlow logs rather than PCAP logs?

Options:

A.

To save on storage space

B.

For detailed network monitoring

C.

For deep packet inspection

D.

To collect application layer data

Buy Now
Questions 8

Which is a limitation of AWS Lambdas?

Options:

A.

Functions must run in less than 15 minutes

B.

They can be quite costly to operate

C.

Managing systems can be time consuming

D.

They only support up to 256 MB of storage

Buy Now
Questions 9

Which Azure blob storage option is typically used to store virtual hard drive (VHD) Ales?

Options:

A.

page

B.

Append

C.

File

D.

Block

Buy Now
Questions 10

What method does Google use to alert Gmail account holders that they may be under attack by government sponsored attackers?

Options:

A.

Message upon successful logon

B.

SMS text message

C.

Email sent to the user

D.

Alert sent to recovery account

Buy Now
Questions 11

What Amazon EC2 instance prefix should be monitored to detect potential crypto mining?

Options:

A.

C

B.

P

C.

R

D.

I

Buy Now
Questions 12

Communication between the VPN client and Azure VNet1via VPN Tunnel #1 is using which of the following connections?

Options:

A.

Point-to-site VPN

B.

IPSec

Buy Now
Questions 13

Which AW5 1AM policy element indicates the API that is in scope?

Options:

A.

Effect

B.

Version

C.

Action

D.

Resource

Buy Now
Questions 14

Use Kibana to analyze the Azure AD sign-in logs in the azure-* index. On March 31st, 2021, what is the timestamp of the earliest failed login attempt for the accountdcr0ss5pymtechlabs.com?

ViewVM

Options:

A.

19:21:34

B.

18:11:07

C.

19:01:27

D.

01:04:24

E.

18:12:04

F.

19:02:06

G.

01:02:56

Buy Now
Questions 15

A company is creating an incident response team that will be part of their existing GCP Organization. Where in the organizational structure should their services be placed?

Options:

A.

With the Resources

B.

As part of d Project

C.

ln a dedicated Folder

D.

At the root Organization

Buy Now
Questions 16

What AWS service will allow an organization to set custom compliance metrics and force compliance on an organizational, sub-organizational, or individual account level?

Options:

A.

Config

B.

Cognllo

C.

Inspector

D.

Security Hub

Buy Now
Questions 17

An investigator is evaluating a client's Microsoft 365 deployment using the web portals and has identified that the Purview compliance portal states that the Unified Audit Logs are not enabled. Based on the additional Information gathered below, what is most likely the cause of this configuration message?

Subscription creation date: December 4, 2021 Number of administrators: 2 Number of non-administrative user accounts: 74 Last tenant administration change: December 4,2021

Options:

A.

Explicitly been disabled by an administrator

B.

License was downgraded lower than an E5 license

C.

Tenant is configured to forward logs externally

D.

Default configuration, service was never enabled

Buy Now
Questions 18

At what point of the OAuth delegation process does the Resource Owner approve the scope of access to be allowed?

Options:

A.

After user credentials are accepted by the Authorization Server

B.

Once the OAuth token is accepted by the Application

C.

When the Resource Server receives the OAuth token

D.

Before user credentials are sent to the Authentication Server

Buy Now
Questions 19

The Azure URI for the Develop VM is shown below. What will change in the notation when referencing the VM's OS disk?

Options:

A.

Resource Type

B.

Provider

C.

Resource Group

D.

Subscription ID

Buy Now
Questions 20

What unique identifier is used by AWS to identify a specific account and allow integration with external organizations?

Options:

A.

Public Key

B.

Token

C.

ARN

D.

SID

Buy Now
Questions 21

What is the maximum file size for Azure Page Blob storage?

Options:

A.

10.25 TB

B.

10.25 TB

C.

8TB

D.

7TB

Buy Now
Questions 22

What logical AWS structure type is used to chain together accounts in a trust relationship which allows for single sign-on and cross-account management?

Options:

A.

Subscription

B.

Organisation

C.

OU

D.

Tenant

Buy Now
Questions 23

Which AWS Storage option is ideal for storing incident response related artifacts and logs?

Options:

A.

Elastic File Store

B.

ElastiCache

C.

Elastic Block Storage

D.

Simple Storage Service

Buy Now
Questions 24

AWS VPC Flow logs are enabled. What do these logs capture?

Options:

A.

TCP Checksums

B.

Packet Metadata

C.

TLS Handshakes

D.

Payload Bytes

Buy Now
Exam Code: GCFR
Exam Name: GIAC Cloud Forensics Responder (GCFR)
Last Update: Dec 27, 2024
Questions: 82
GCFR pdf

GCFR PDF

$25.5  $84.99
GCFR Engine

GCFR Testing Engine

$30  $99.99
GCFR PDF + Engine

GCFR PDF + Testing Engine

$40.5  $134.99