Digital Forensicseasy Premium
Digital Forensics: Cloud Security Architecture and Cloud Forensics
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
Practice with national-level exam (FACT, FACT Plus, NET, CUET, etc.) mocks, learn from structured notes, and get your doubts solved in one place.
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
Score, per-question explanations and topic breakdown shown right after you submit.
Free ForensicSpot account required to save your progress — you’ll sign in when you start.
This FACT-aligned mock covers cloud security architecture and cloud forensics from an investigator's standpoint. It walks through the Shared Responsibility Model across IaaS, PaaS, and SaaS as published by AWS, Azure, and Google Cloud, the distinction between cloud control plane and data plane, Security Groups versus Network ACLs in a VPC, Web Application Firewalls at Layer 7, NIST SP 800-207 Zero Trust Architecture, Cloud Security Posture Management, and the design principles of the AWS Well-Architected Framework Security pillar. The Identity and Access Management block covers the JSON shape of an IAM policy, instance roles backed by short-lived STS credentials, SAML 2.0 federation, and the iam:PassRole privilege escalation pattern. The encryption block covers KMS customer-managed versus AWS-managed keys, envelope encryption with a DEK wrapped by a KEK, S3 server-side encryption SSE-KMS versus SSE-C, mutual TLS in a service mesh such as Istio or Linkerd, and Bring Your Own Key. The cloud forensics block uses NIST IR 8006 as its reference, addresses why cloud forensics is harder than on-prem, lays out the host, network, application, and log scope layers, walks through EBS snapshot acquisition, live memory acquisition from a cloud VM, and provider legal-hold preservation requests. The logging and detection block covers CloudTrail management versus data versus Insights events, VPC Flow Log fields, GuardDuty alongside Microsoft Sentinel and Google Security Command Center, CloudTrail log file validation by SHA-256 digest, and S3 Object Lock for evidentiary preservation. The legal block covers the US CLOUD Act 2018 and the India-US MLAT channel, alongside the Digital Personal Data Protection Act 2023 vocabulary of Data Principal, Data Fiduciary, and Data Processor.
This mock is built for MSc Forensic Science aspirants preparing for the NFSU FACT entrance examination, for digital forensics electives in BSc and MSc syllabi at Indian universities, and for working investigators preparing for industry credentials such as the SANS GCFA, EC-Council CHFI, ISC2 CCSP, and AWS Certified Security Specialty. It is also useful for UGC-NET Forensic Science Paper II candidates who have a cyber and cloud module in their syllabus.
Topics covered:
Practice across these clusters to build a coherent picture of cloud incidents from architecture to evidence to law. Allow 30 minutes.
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.