Skip to content
Digital Forensicshard Premium

Digital Forensics: Cloud Security and Cloud Forensics Advanced

Published:

Questions

30

Duration

30 min

Faculty-reviewed

0

Updated

20 May 2026

Score, per-question explanations and topic breakdown shown right after you submit.

About this mock

Advanced FACT-style drill on cloud security and cloud forensics, calibrated to the hardest band of the syllabus. Thirty single-best-answer items on IAM evaluation precedence with explicit Deny, AWS condition keys including aws:PrincipalArn, aws:SourceArn, aws:SourceAccount, kms:ViaService and kms:GrantOperations, the iam:PassRole + iam:CreatePolicyVersion + iam:SetDefaultPolicyVersion privilege escalation chain, sts:AssumeRole session principal ARN parsing, CloudTrail ConsoleLogin mfaUsed and eventCategory filters, VPC Flow Log version 5 pkt-srcaddr and tcp-flags bitmask reading, KMS GenerateDataKey family selection and KeyUsage SIGN_VERIFY vs ENCRYPT_DECRYPT, S3 server-side encryption header values including aws:kms:dsse for DSSE-KMS, S3 Object Lock GOVERNANCE vs COMPLIANCE retention, Azure RBAC scope inheritance and Diagnostic Settings AuditEvent, GCP Audit Logs Admin Activity vs Data Access defaults, EKS IRSA AssumeRoleWithWebIdentity flow, Kubernetes audit policy stages RequestReceived to ResponseComplete, NIST SP 800-61 Rev 2 IR phases, CLOUD Act 2018 Section 103 extra-territorial reach, India-US MLAT routing with DPDP Act 2023 Section 16, IT Rules 2021 Rule 4(2) SSMI traceability, SAML 2.0 Subject vs OIDC sub claim and SAML AuthnContextClassRef vs OIDC acr, mTLS at NLB passthrough vs ALB vs API Gateway, CloudTrail log file validation digest schema, and BYOK vs HYOK vs AWS KMS External Key Store.

Built for FACT aspirants, NFSU MSc Digital Forensics candidates, GCFA cloud-evidence pathways, SANS FOR509 prep, and AWS Certified Security Specialty candidates who want the hard-band differentiation between near-twin AWS, Azure, and GCP concepts. Every option set differs from the correct answer on a single parameter, so partial recall of the topic will not be enough to score well.

Topics covered:

  • IAM policy evaluation: explicit Deny, cross-account two-way grant, condition keys
  • Privilege escalation chains via iam:PassRole and IAM policy versioning
  • CloudTrail event reading: AssumeRole session principal, ConsoleLogin, eventCategory
  • VPC Flow Log version 5 fields: pkt-srcaddr, pkt-dstaddr, tcp-flags bitmask
  • KMS API family, KeyUsage values, condition keys, grant tokens, XKS
  • S3 SSE header values, DSSE-KMS, Object Lock COMPLIANCE vs GOVERNANCE
  • Azure RBAC inheritance, GCP Audit Log defaults, EKS IRSA, Kubernetes audit stages
  • Indian and cross-border law: CLOUD Act 2018, DPDP Act 2023 Section 16, IT Rules 2021 Rule 4(2)

This hard-band mock is calibrated for one-parameter discrimination, which is why every option in every item sits at the same level of abstraction and the same canonical form. Allow 30 minutes.

Sources & references

Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.

  • Amazon Web Services

    Amazon S3 User Guide: Dual-layer server-side encryption with AWS KMS keys (DSSE-KMS)

    Open source
    cited in 20 questions
  • Ministry of Electronics and Information Technology

    Digital Personal Data Protection Act 2023, Section 16: Processing of personal data outside India

    Open source
    cited in 2 questions
  • Microsoft

    Azure documentation: Understand Azure role assignments and scope inheritance

    Open source
    cited in 2 questions
  • Cloud Native Computing Foundation

    Kubernetes documentation: Auditing, audit stages and audit policy

    Open source
    cited in 1 question
  • NIST Special Publication 800-61 Revision 2

    Computer Security Incident Handling Guide (Cichonski, Millar, Grance, Scarfone, August 2012)

    Open source
    cited in 1 question
  • OpenID Foundation and OASIS

    OpenID Connect Core 1.0, sub claim; SAML 2.0 Core, Subject and NameID

    Open source
    cited in 1 question
  • United States Government

    Clarifying Lawful Overseas Use of Data (CLOUD) Act 2018, Public Law 115-141 Division V

    Open source
    cited in 1 question
  • Google Cloud

    Google Cloud documentation: Cloud Audit Logs overview and default behaviour

    Open source
    cited in 1 question
  • OpenID Foundation

    OpenID Connect Core 1.0, acr and amr claims; OASIS SAML AuthnContextClassRef

    Open source
    cited in 1 question

How our mocks are built

Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.

Common questions

What does the Digital Forensics: Cloud Security and Cloud Forensics Advanced mock cover?+

Advanced FACT-style drill on cloud security and cloud forensics, calibrated to the hardest band of the syllabus. Thirty single-best-answer items on IAM evaluation precedence with explicit Deny, AWS condition keys including aws:PrincipalArn, aws:SourceArn, aws:SourceAccount, kms:ViaService and kms:GrantOperations, the iam:PassRole + iam:CreatePolicyVersion + iam:SetDefaultPolicyVersion privilege escalation chain, sts:AssumeRole session principal ARN parsing, CloudTrail ConsoleLogin mfaUsed and ev

How many questions and how long is the test?+

30 multiple-choice questions, 30 minutes total. Difficulty: hard. Tier: Premium.

Who is this mock for?+

Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.

Are the questions reviewed?+

Each question carries a verified source citation. Faculty review for individual questions is in progress.

Do I need an account to take this mock?+

Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.