GIAC CLOUD THREAT DETECTION (GCTD) PRACTICE EXAM LATEST QUESTIONS AND
CORRECT ANSWERS
=================================================
Total Questions: 100
Question Types: Multiple Choice (A-D)
Format: Question + Answer Key + Explanation
--------------------------------------------------
QUESTION 1
Which AWS service provides continuous security monitoring and threat detection using
machine learning?
A) AWS Security Hub
B) Amazon GuardDuty
C) AWS Config
D) Amazon Inspector
ANSWER: B) Amazon GuardDuty
EXPLANATION: GuardDuty is a threat detection service that continuously monitors for
malicious activity and unauthorized behavior using machine learning and threat
intelligence.
--------------------------------------------------
QUESTION 2
What is the primary purpose of Azure Sentinel?
A) Network perimeter security
B) Cloud-native SIEM and SOAR
C) Virtual machine encryption
,D) Database backup management
ANSWER: B) Cloud-native SIEM and SOAR
EXPLANATION: Azure Sentinel is a scalable, cloud-native SIEM (Security Information and
Event Management) and SOAR (Security Orchestration, Automation, and Response)
solution.
--------------------------------------------------
QUESTION 3
In Google Cloud, which service provides security analytics and threat detection across
cloud resources?
A) Cloud Monitoring
B) Cloud Security Command Center
C) Cloud Logging
D) Cloud Armor
ANSWER: B) Cloud Security Command Center
EXPLANATION: Security Command Center provides security and risk management
platform that helps with security health analytics, vulnerability scanning, and threat
detection.
--------------------------------------------------
QUESTION 4
What does "credential harvesting" typically involve in cloud attacks?
A) Using brute force against API endpoints
B) Phishing for cloud access keys
C) Exploiting misconfigured IAM roles
,D) Sniffing network traffic for tokens
ANSWER: B) Phishing for cloud access keys
EXPLANATION: Credential harvesting often involves phishing campaigns targeting cloud
credentials or exploiting credential leaks from public repositories.
--------------------------------------------------
QUESTION 5
Which AWS service helps identify resources shared with external entities?
A) AWS IAM Access Analyzer
B) AWS Resource Access Manager
C) AWS Organizations
D) AWS Control Tower
ANSWER: A) AWS IAM Access Analyzer
EXPLANATION: IAM Access Analyzer helps identify resources in your organization that are
shared with an external entity using comprehensive logic.
--------------------------------------------------
QUESTION 6
What is the primary risk of publicly exposed S3 buckets?
A) Increased storage costs
B) Data exfiltration and unauthorized access
C) DDoS amplification attacks
D) Malware distribution platform
ANSWER: B) Data exfiltration and unauthorized access
, EXPLANATION: Publicly exposed S3 buckets can lead to sensitive data exposure, data
theft, and compliance violations.
--------------------------------------------------
QUESTION 7
Which Azure service provides just-in-time (JIT) VM access?
A) Azure Security Center
B) Azure Policy
C) Azure Blueprints
D) Azure Bastion
ANSWER: A) Azure Security Center
EXPLANATION: Azure Security Center (now Microsoft Defender for Cloud) provides just-in-
time VM access that reduces exposure to attacks by enabling request-based access to
management ports.
--------------------------------------------------
QUESTION 8
What type of attack involves querying cloud instance metadata services?
A) SSRF attacks
B) SQL injection
C) Cross-site scripting
D) Directory traversal
ANSWER: A) SSRF attacks
EXPLANATION: Server-Side Request Forgery (SSRF) attacks often target cloud instance
metadata services to obtain temporary credentials.
CORRECT ANSWERS
=================================================
Total Questions: 100
Question Types: Multiple Choice (A-D)
Format: Question + Answer Key + Explanation
--------------------------------------------------
QUESTION 1
Which AWS service provides continuous security monitoring and threat detection using
machine learning?
A) AWS Security Hub
B) Amazon GuardDuty
C) AWS Config
D) Amazon Inspector
ANSWER: B) Amazon GuardDuty
EXPLANATION: GuardDuty is a threat detection service that continuously monitors for
malicious activity and unauthorized behavior using machine learning and threat
intelligence.
--------------------------------------------------
QUESTION 2
What is the primary purpose of Azure Sentinel?
A) Network perimeter security
B) Cloud-native SIEM and SOAR
C) Virtual machine encryption
,D) Database backup management
ANSWER: B) Cloud-native SIEM and SOAR
EXPLANATION: Azure Sentinel is a scalable, cloud-native SIEM (Security Information and
Event Management) and SOAR (Security Orchestration, Automation, and Response)
solution.
--------------------------------------------------
QUESTION 3
In Google Cloud, which service provides security analytics and threat detection across
cloud resources?
A) Cloud Monitoring
B) Cloud Security Command Center
C) Cloud Logging
D) Cloud Armor
ANSWER: B) Cloud Security Command Center
EXPLANATION: Security Command Center provides security and risk management
platform that helps with security health analytics, vulnerability scanning, and threat
detection.
--------------------------------------------------
QUESTION 4
What does "credential harvesting" typically involve in cloud attacks?
A) Using brute force against API endpoints
B) Phishing for cloud access keys
C) Exploiting misconfigured IAM roles
,D) Sniffing network traffic for tokens
ANSWER: B) Phishing for cloud access keys
EXPLANATION: Credential harvesting often involves phishing campaigns targeting cloud
credentials or exploiting credential leaks from public repositories.
--------------------------------------------------
QUESTION 5
Which AWS service helps identify resources shared with external entities?
A) AWS IAM Access Analyzer
B) AWS Resource Access Manager
C) AWS Organizations
D) AWS Control Tower
ANSWER: A) AWS IAM Access Analyzer
EXPLANATION: IAM Access Analyzer helps identify resources in your organization that are
shared with an external entity using comprehensive logic.
--------------------------------------------------
QUESTION 6
What is the primary risk of publicly exposed S3 buckets?
A) Increased storage costs
B) Data exfiltration and unauthorized access
C) DDoS amplification attacks
D) Malware distribution platform
ANSWER: B) Data exfiltration and unauthorized access
, EXPLANATION: Publicly exposed S3 buckets can lead to sensitive data exposure, data
theft, and compliance violations.
--------------------------------------------------
QUESTION 7
Which Azure service provides just-in-time (JIT) VM access?
A) Azure Security Center
B) Azure Policy
C) Azure Blueprints
D) Azure Bastion
ANSWER: A) Azure Security Center
EXPLANATION: Azure Security Center (now Microsoft Defender for Cloud) provides just-in-
time VM access that reduces exposure to attacks by enabling request-based access to
management ports.
--------------------------------------------------
QUESTION 8
What type of attack involves querying cloud instance metadata services?
A) SSRF attacks
B) SQL injection
C) Cross-site scripting
D) Directory traversal
ANSWER: A) SSRF attacks
EXPLANATION: Server-Side Request Forgery (SSRF) attacks often target cloud instance
metadata services to obtain temporary credentials.
