GCFR by GIAC Actual Free Exam Questions And Answers

Question 1

What is a best practice recommendation when using API keys for AWS access?

A. Configure STS one-time tokens

B. Delete the account's default access keys

C. Define specific role permissions

D. Enable MFA protection

Discussion 0

Correct Answer: B Vote an answer

Question 2

Sensitive company data is found leaked on the internet, and the security team didn't get any alert and is unsure of how the breach occurred.
Which logs would be a preferable starting point for an investigation?

A. Resource Management

B. Application

C. Endpoint

D. Identity and Access Management

Discussion 0

Correct Answer: D Vote an answer

Question 3

Which of the following actions described below would populate the suggestions table on an Android phone?

A. The table contains previously saved or bookmarked destinations

B. Google Maps recommends locations, which are cached in the table

C. Google Maps tracks previously entered destinations by the user

Discussion 0

Correct Answer: C Vote an answer

Question 4

What logical AWS structure type is used to chain together accounts in a trust relationship which allows for single sign-on and cross-account management?

A. Organisation

B. OU

C. Tenant

D. Subscription

Discussion 0

Correct Answer: A Vote an answer

Question 5

A data exfiltration investigation of a GCP storage bucket is limited to the information logged by default in the Cost Table of Google's Cloud Billing. What information will investigators be able to gather?

A. Filenames of downloaded files

B. Usernames associated with file downloads

C. IP addresses associated with file downloads

D. Timeframes of file downloads

Discussion 0

Correct Answer: D Vote an answer

Question 6

A threat actor conducts brute force attacks against SSH services to gain Initial access. This attack technique falls under which category of the Google Workspace MITRE ATT&CK matrix?

A. Collection

B. Credential access

C. Discovery

D. Defense evasion

Discussion 0

Correct Answer: B Vote an answer

Question 7

A company using PaaS to host and develop their software application is experiencing a DOS attack. What challenge will a DFIR analyst experience when investigating this attack?

A. Network logs are unavailable for review

B. Network monitoring disabled by the company

C. Restricted access to their application logs

D. Resource scaling will affect access to logs

Discussion 0

Correct Answer: A Vote an answer

Question 8

Which statement describes how an organization could use IPv6 in a Google Cloud deployment?

A. IPv6 is enabled by default for traffic within VPCs

B. IPv6 b enabled by default for global traffic between VPCs

C. IPv6 needs to be terminated at an edge load balancer

D. IPv6 has to be configured for each compute node Individually

Discussion 0

Correct Answer: C Vote an answer

Question 9

An analyst successfully authenticated to Microsoft 365 using the following command. What would cause the analyst to be unable to search UAL events for a specific time period?
Ps> connect fxrhangeOnline userPrincipalName sysanalystatexanpteco.com

A. The ExchangeOnlineManagement module was not installed

B. The UAL cannot be searched when using Microsoft 365 PowerShell

C. The incorrect version of the FxhangeOnlineManagement module was installed

D. The tmdlets to search the UAl were not Imported into the session

Discussion 0

Correct Answer: D Vote an answer

GIAC Cloud Forensics Responder (GCFR) - GCFR Exam Practice Test

Contact Us

Useful Links

Latest Updated