Digital Forensics: Cloud Security Architecture and Cloud Forensics
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
About this mock
This FACT-aligned mock covers cloud security architecture and cloud forensics from an investigator's standpoint. It walks through the Shared Responsibility Model across IaaS, PaaS, and SaaS as published by AWS, Azure, and Google Cloud, the distinction between cloud control plane and data plane, Security Groups versus Network ACLs in a VPC, Web Application Firewalls at Layer 7, NIST SP 800-207 Zero Trust Architecture, Cloud Security Posture Management, and the design principles of the AWS Well-Architected Framework Security pillar. The Identity and Access Management block covers the JSON shape of an IAM policy, instance roles backed by short-lived STS credentials, SAML 2.0 federation, and the iam:PassRole privilege escalation pattern. The encryption block covers KMS customer-managed versus AWS-managed keys, envelope encryption with a DEK wrapped by a KEK, S3 server-side encryption SSE-KMS versus SSE-C, mutual TLS in a service mesh such as Istio or Linkerd, and Bring Your Own Key. The cloud forensics block uses NIST IR 8006 as its reference, addresses why cloud forensics is harder than on-prem, lays out the host, network, application, and log scope layers, walks through EBS snapshot acquisition, live memory acquisition from a cloud VM, and provider legal-hold preservation requests. The logging and detection block covers CloudTrail management versus data versus Insights events, VPC Flow Log fields, GuardDuty alongside Microsoft Sentinel and Google Security Command Center, CloudTrail log file validation by SHA-256 digest, and S3 Object Lock for evidentiary preservation. The legal block covers the US CLOUD Act 2018 and the India-US MLAT channel, alongside the Digital Personal Data Protection Act 2023 vocabulary of Data Principal, Data Fiduciary, and Data Processor.
This mock is built for MSc Forensic Science aspirants preparing for the NFSU FACT entrance examination, for digital forensics electives in BSc and MSc syllabi at Indian universities, and for working investigators preparing for industry credentials such as the SANS GCFA, EC-Council CHFI, ISC2 CCSP, and AWS Certified Security Specialty. It is also useful for UGC-NET Forensic Science Paper II candidates who have a cyber and cloud module in their syllabus.
Topics covered:
- Shared Responsibility Model across IaaS, PaaS, and SaaS
- Network controls: Security Groups, NACLs, WAF, zero-trust principles
- IAM policies, roles, federation, and privilege escalation patterns
- KMS, envelope encryption, S3 server-side encryption, key rotation
- NIST IR 8006 cloud forensic challenges and scope layers
- EBS snapshot acquisition and live VM memory capture
- CloudTrail, VPC Flow Logs, GuardDuty, log integrity controls
- CLOUD Act, MLAT routes, and India DPDP Act 2023 vocabulary
Practice across these clusters to build a coherent picture of cloud incidents from architecture to evidence to law. Allow 30 minutes.
Sources & references
Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.
- cited in 18 questions
Amazon Web Services
AWS Law Enforcement Information Requests and Information Disclosure Policy
Open source - cited in 3 questions
NIST Interagency Report 8006
NIST Cloud Computing Forensic Science Challenges (2020 draft)
Open source - cited in 2 questions
- cited in 1 question
- cited in 1 question
- cited in 1 question
Cloud Native Computing Foundation
Istio and Linkerd service mesh documentation on mutual TLS
Open source - cited in 1 question
NIST Special Publication 800-207
Zero Trust Architecture (Rose, Borchert, Mitchell, Connelly, August 2020)
Open source - cited in 1 question
- cited in 1 question
Public Law 115-141, Division V, Consolidated Appropriations Act, 2018
Clarifying Lawful Overseas Use of Data (CLOUD) Act, 2018
Open source - cited in 1 question
Ministry of Home Affairs, Government of India
Comprehensive Guidelines for Investigation Abroad and Issue of Letters Rogatory; India-US MLAT, 2001 (in force 2005)
Open source
How our mocks are built
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.
Common questions
What does the Digital Forensics: Cloud Security Architecture and Cloud Forensics mock cover?+
This FACT-aligned mock covers cloud security architecture and cloud forensics from an investigator's standpoint. It walks through the Shared Responsibility Model across IaaS, PaaS, and SaaS as published by AWS, Azure, and Google Cloud, the distinction between cloud control plane and data plane, Security Groups versus Network ACLs in a VPC, Web Application Firewalls at Layer 7, NIST SP 800-207 Zero Trust Architecture, Cloud Security Posture Management, and the design principles of the AWS Well-Ar
How many questions and how long is the test?+
30 multiple-choice questions, 30 minutes total. Difficulty: easy. Tier: Premium.
Who is this mock for?+
Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.
Are the questions reviewed?+
Each question carries a verified source citation. Faculty review for individual questions is in progress.
Do I need an account to take this mock?+
Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.