giac gcfr practice test

An investigator confirms that phishing emails sent to users in an organization ate not being sent to
their Gmall Spam folder. What is a possible cause for this?

• A. The default setting for enhanced pre-delivery message scanning was changed
• B. The security sandbox default configuration setting was changed
• C. A third party application needs to be installed to detect phishing emails
• D. Compliance based rules need to be configured to detect phishing emails

How is storage account, cs21003200042c87633, created in an Azure resource group?

• A. PowerShell Cloud Shell audit logging was enabled
• B. A Bash Cloud Shell was used
• C. PowerShelI Cloud Shell was used
• D. Azure CLI was used from a Windows machine

An engineer has set up log forwarding for a new data source and wants to use that data to run
reports and create dashboards in Kiban
a. What needs to be created in order to properly handle these logs?

• A. Row
• B. Parser
• C. ingest script
• D. Beat

At what point of the OAuth delegation process does the Resource Owner approve the scope of access
to be allowed?

• A. After user credentials are accepted by the Authorization Server
• B. Once the OAuth token is accepted by the Application
• C. When the Resource Server receives the OAuth token
• D. Before user credentials are sent to the Authentication Server

Which cloud service provider produces sampled flow logs?

• A. GCP
• B. Azure
• C. AWS

What method does Google use to alert Gmail account holders that they may be under attack by
government sponsored attackers?

• A. Message upon successful logon
• B. SMS text message
• C. Email sent to the user
• D. Alert sent to recovery account

Which AW5 1AM policy element indicates the API that is in scope?

• A. Effect
• B. Version
• C. Action
• D. Resource

Sensitive company data is found leaked on the internet, and the security team didn't
get any alert and is unsure of how the breach occurred.
Which logs would be a preferable starting point for an investigation?

• A. Identity and Access Management
• B. Application
• C. Resource Management
• D. Endpoint

An investigator is evaluating a client's Microsoft 365 deployment using the web portals and has
identified that the Purview compliance portal states that the Unified Audit Logs are not enabled.
Based on the additional Information gathered below, what is most likely the cause of this
configuration message?
Subscription creation date: December 4, 2021 Number of administrators: 2 Number of non-
administrative user accounts: 74 Last tenant administration change: December 4,2021

• A. Explicitly been disabled by an administrator
• B. License was downgraded lower than an E5 license
• C. Tenant is configured to forward logs externally
• D. Default configuration, service was never enabled

At what organizational level are EC2 services managed by customers?

• A. Data center
• B. Regional
• C. Global
• D. Continental