GIAC CLOUD THREAT DETECTION (GCTD) PRACTICE EXAM LATEST QUESTIONS AND
CORRECT ANSWERS GRADE A
=================================================
Total Questions: 100
Question Types: Multiple Choice (A-D)
Format: Question + Answer Key + Explanation
--------------------------------------------------
QUESTION 1
What is the primary purpose of AWS CloudTrail?
A) Monitor network traffic
B) Log API activity across AWS services
C) Detect malware in EC2 instances
D) Manage IAM policies
ANSWER: B) Log API activity across AWS services
EXPLANATION: AWS CloudTrail is a service that enables governance, compliance,
operational auditing, and risk auditing of your AWS account through logging API calls and
account activity.
--------------------------------------------------
QUESTION 2
Which Azure service provides centralized security policy management and threat detection
across hybrid cloud workloads?
A) Azure Security Center
B) Azure Sentinel
C) Azure Monitor
,D) Azure Policy
ANSWER: A) Azure Security Center
EXPLANATION: Azure Security Center provides unified security management and advanced
threat protection across hybrid cloud workloads, including security policy management
and threat detection capabilities.
--------------------------------------------------
QUESTION 3
What type of attack involves an adversary attempting to enumerate valid IAM users in a
cloud environment?
A) Credential stuffing
B) IAM user enumeration
C) Role assumption attack
D) Token hijacking
ANSWER: B) IAM user enumeration
EXPLANATION: IAM user enumeration is a reconnaissance technique where attackers
attempt to discover valid IAM user names through error messages or API responses.
--------------------------------------------------
QUESTION 4
In GCP, which service provides security and compliance health checks and threat
detection?
A) Cloud Security Command Center
B) Cloud Monitoring
C) Cloud Logging
,D) Cloud Armor
ANSWER: A) Cloud Security Command Center
EXPLANATION: Google Cloud Security Command Center provides security and risk
management platform that helps with security health analytics, vulnerability scanning, and
threat detection.
--------------------------------------------------
QUESTION 5
What is the primary risk associated with public S3 buckets?
A) Increased storage costs
B) Data exfiltration
C) DDoS attacks
D) Malware injection
ANSWER: B) Data exfiltration
EXPLANATION: Public S3 buckets can lead to data exfiltration if sensitive data is stored
without proper access controls, potentially exposing confidential information.
--------------------------------------------------
QUESTION 6
Which AWS service can detect unusual API activity that might indicate a compromised
account?
A) AWS GuardDuty
B) AWS Config
C) AWS Inspector
D) AWS Shield
, ANSWER: A) AWS GuardDuty
EXPLANATION: AWS GuardDuty is a threat detection service that continuously monitors for
malicious activity and unauthorized behavior using machine learning and threat
intelligence.
--------------------------------------------------
QUESTION 7
What is "shadow IT" in cloud security context?
A) Unauthorized cloud services usage
B) Dark web monitoring
C) Backup infrastructure
D) Penetration testing
ANSWER: A) Unauthorized cloud services usage
EXPLANATION: Shadow IT refers to IT systems and solutions built and used inside
organizations without explicit organizational approval, often using cloud services without
security oversight.
--------------------------------------------------
QUESTION 8
Which Azure service is a SIEM solution for cloud environments?
A) Azure Sentinel
B) Azure Defender
C) Azure Log Analytics
D) Azure Event Hubs
CORRECT ANSWERS GRADE A
=================================================
Total Questions: 100
Question Types: Multiple Choice (A-D)
Format: Question + Answer Key + Explanation
--------------------------------------------------
QUESTION 1
What is the primary purpose of AWS CloudTrail?
A) Monitor network traffic
B) Log API activity across AWS services
C) Detect malware in EC2 instances
D) Manage IAM policies
ANSWER: B) Log API activity across AWS services
EXPLANATION: AWS CloudTrail is a service that enables governance, compliance,
operational auditing, and risk auditing of your AWS account through logging API calls and
account activity.
--------------------------------------------------
QUESTION 2
Which Azure service provides centralized security policy management and threat detection
across hybrid cloud workloads?
A) Azure Security Center
B) Azure Sentinel
C) Azure Monitor
,D) Azure Policy
ANSWER: A) Azure Security Center
EXPLANATION: Azure Security Center provides unified security management and advanced
threat protection across hybrid cloud workloads, including security policy management
and threat detection capabilities.
--------------------------------------------------
QUESTION 3
What type of attack involves an adversary attempting to enumerate valid IAM users in a
cloud environment?
A) Credential stuffing
B) IAM user enumeration
C) Role assumption attack
D) Token hijacking
ANSWER: B) IAM user enumeration
EXPLANATION: IAM user enumeration is a reconnaissance technique where attackers
attempt to discover valid IAM user names through error messages or API responses.
--------------------------------------------------
QUESTION 4
In GCP, which service provides security and compliance health checks and threat
detection?
A) Cloud Security Command Center
B) Cloud Monitoring
C) Cloud Logging
,D) Cloud Armor
ANSWER: A) Cloud Security Command Center
EXPLANATION: Google Cloud Security Command Center provides security and risk
management platform that helps with security health analytics, vulnerability scanning, and
threat detection.
--------------------------------------------------
QUESTION 5
What is the primary risk associated with public S3 buckets?
A) Increased storage costs
B) Data exfiltration
C) DDoS attacks
D) Malware injection
ANSWER: B) Data exfiltration
EXPLANATION: Public S3 buckets can lead to data exfiltration if sensitive data is stored
without proper access controls, potentially exposing confidential information.
--------------------------------------------------
QUESTION 6
Which AWS service can detect unusual API activity that might indicate a compromised
account?
A) AWS GuardDuty
B) AWS Config
C) AWS Inspector
D) AWS Shield
, ANSWER: A) AWS GuardDuty
EXPLANATION: AWS GuardDuty is a threat detection service that continuously monitors for
malicious activity and unauthorized behavior using machine learning and threat
intelligence.
--------------------------------------------------
QUESTION 7
What is "shadow IT" in cloud security context?
A) Unauthorized cloud services usage
B) Dark web monitoring
C) Backup infrastructure
D) Penetration testing
ANSWER: A) Unauthorized cloud services usage
EXPLANATION: Shadow IT refers to IT systems and solutions built and used inside
organizations without explicit organizational approval, often using cloud services without
security oversight.
--------------------------------------------------
QUESTION 8
Which Azure service is a SIEM solution for cloud environments?
A) Azure Sentinel
B) Azure Defender
C) Azure Log Analytics
D) Azure Event Hubs
