Digital Forensics: Cloud Security and Cloud Forensics Advanced
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
About this mock
Advanced FACT-style drill on cloud security and cloud forensics, calibrated to the hardest band of the syllabus. Thirty single-best-answer items on IAM evaluation precedence with explicit Deny, AWS condition keys including aws:PrincipalArn, aws:SourceArn, aws:SourceAccount, kms:ViaService and kms:GrantOperations, the iam:PassRole + iam:CreatePolicyVersion + iam:SetDefaultPolicyVersion privilege escalation chain, sts:AssumeRole session principal ARN parsing, CloudTrail ConsoleLogin mfaUsed and eventCategory filters, VPC Flow Log version 5 pkt-srcaddr and tcp-flags bitmask reading, KMS GenerateDataKey family selection and KeyUsage SIGN_VERIFY vs ENCRYPT_DECRYPT, S3 server-side encryption header values including aws:kms:dsse for DSSE-KMS, S3 Object Lock GOVERNANCE vs COMPLIANCE retention, Azure RBAC scope inheritance and Diagnostic Settings AuditEvent, GCP Audit Logs Admin Activity vs Data Access defaults, EKS IRSA AssumeRoleWithWebIdentity flow, Kubernetes audit policy stages RequestReceived to ResponseComplete, NIST SP 800-61 Rev 2 IR phases, CLOUD Act 2018 Section 103 extra-territorial reach, India-US MLAT routing with DPDP Act 2023 Section 16, IT Rules 2021 Rule 4(2) SSMI traceability, SAML 2.0 Subject vs OIDC sub claim and SAML AuthnContextClassRef vs OIDC acr, mTLS at NLB passthrough vs ALB vs API Gateway, CloudTrail log file validation digest schema, and BYOK vs HYOK vs AWS KMS External Key Store.
Built for FACT aspirants, NFSU MSc Digital Forensics candidates, GCFA cloud-evidence pathways, SANS FOR509 prep, and AWS Certified Security Specialty candidates who want the hard-band differentiation between near-twin AWS, Azure, and GCP concepts. Every option set differs from the correct answer on a single parameter, so partial recall of the topic will not be enough to score well.
Topics covered:
- IAM policy evaluation: explicit Deny, cross-account two-way grant, condition keys
- Privilege escalation chains via iam:PassRole and IAM policy versioning
- CloudTrail event reading: AssumeRole session principal, ConsoleLogin, eventCategory
- VPC Flow Log version 5 fields: pkt-srcaddr, pkt-dstaddr, tcp-flags bitmask
- KMS API family, KeyUsage values, condition keys, grant tokens, XKS
- S3 SSE header values, DSSE-KMS, Object Lock COMPLIANCE vs GOVERNANCE
- Azure RBAC inheritance, GCP Audit Log defaults, EKS IRSA, Kubernetes audit stages
- Indian and cross-border law: CLOUD Act 2018, DPDP Act 2023 Section 16, IT Rules 2021 Rule 4(2)
This hard-band mock is calibrated for one-parameter discrimination, which is why every option in every item sits at the same level of abstraction and the same canonical form. Allow 30 minutes.
Sources & references
Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.
- cited in 20 questions
Amazon Web Services
Amazon S3 User Guide: Dual-layer server-side encryption with AWS KMS keys (DSSE-KMS)
Open source - cited in 2 questions
Ministry of Electronics and Information Technology
Digital Personal Data Protection Act 2023, Section 16: Processing of personal data outside India
Open source - cited in 2 questions
- cited in 1 question
Cloud Native Computing Foundation
Kubernetes documentation: Auditing, audit stages and audit policy
Open source - cited in 1 question
NIST Special Publication 800-61 Revision 2
Computer Security Incident Handling Guide (Cichonski, Millar, Grance, Scarfone, August 2012)
Open source - cited in 1 question
OpenID Foundation and OASIS
OpenID Connect Core 1.0, sub claim; SAML 2.0 Core, Subject and NameID
Open source - cited in 1 question
United States Government
Clarifying Lawful Overseas Use of Data (CLOUD) Act 2018, Public Law 115-141 Division V
Open source - cited in 1 question
- cited in 1 question
OpenID Foundation
OpenID Connect Core 1.0, acr and amr claims; OASIS SAML AuthnContextClassRef
Open source
How our mocks are built
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.
Common questions
What does the Digital Forensics: Cloud Security and Cloud Forensics Advanced mock cover?+
Advanced FACT-style drill on cloud security and cloud forensics, calibrated to the hardest band of the syllabus. Thirty single-best-answer items on IAM evaluation precedence with explicit Deny, AWS condition keys including aws:PrincipalArn, aws:SourceArn, aws:SourceAccount, kms:ViaService and kms:GrantOperations, the iam:PassRole + iam:CreatePolicyVersion + iam:SetDefaultPolicyVersion privilege escalation chain, sts:AssumeRole session principal ARN parsing, CloudTrail ConsoleLogin mfaUsed and ev
How many questions and how long is the test?+
30 multiple-choice questions, 30 minutes total. Difficulty: hard. Tier: Premium.
Who is this mock for?+
Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.
Are the questions reviewed?+
Each question carries a verified source citation. Faculty review for individual questions is in progress.
Do I need an account to take this mock?+
Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.