Skip to content
Digital Forensicsmedium Premium

Digital Forensics: Cloud Security and Cloud Forensics Applied Scenarios

Published:

Questions

30

Duration

30 min

Faculty-reviewed

0

Updated

20 May 2026

Score, per-question explanations and topic breakdown shown right after you submit.

About this mock

Applied-scenario drill on cloud security architecture and cloud forensics for the FACT digital forensics paper. Questions are pitched at the medium band, where a candidate must connect two cloud concepts (Shared Responsibility plus an IaaS-PaaS-SaaS breach, IAM policy JSON plus a privilege-escalation chain, CloudTrail event types plus an investigation path) rather than recall a single definition. Sub-topics cover the AWS Shared Responsibility Model across EC2, RDS, and WorkDocs; IAM policy reading for Principal, Action, Resource, and Condition; the iam:PassRole plus iam:CreatePolicyVersion escalation pattern; envelope encryption with AWS KMS; SSE-S3 vs SSE-KMS vs SSE-C selection; mTLS at the Application Load Balancer; CloudTrail data events vs management events for S3 object-level breaches; AssumeRole chain reading for cross-account attacks; EBS snapshot preservation under legal hold; VPC Flow Log field interpretation; Lambda forensics via CloudWatch Logs and X-Ray; EKS pod IAM via IRSA; CSPM vs CWPP vs CNAPP selection; CLOUD Act vs MLAT routing; DPDP Act 2023 cross-border rules; SAML 2.0 and OIDC token verification; KMS key rotation; BYOK vs HYOK custody; CloudTrail integrity validation; Azure Activity Log vs Diagnostic Settings; GCP Admin Activity vs Data Access logs; NIST SP 800-207 zero trust; NIST SP 800-86 forensic phases; NIST IR 8006 ephemeral-resource challenges; and CSA Cloud Controls Matrix v4 domains.

Designed for FACT aspirants, NFSU MSc cyber forensics candidates, and cloud incident responders who want a fast self-check against the AWS, Azure, and Google Cloud security stacks together. Citations are grounded in AWS, Microsoft, and Google official documentation, NIST SP 800-86, NIST SP 800-207, NIST IR 8006, OASIS SAML 2.0, OpenID Connect Core 1.0, the CLOUD Act 2018, and the Digital Personal Data Protection Act 2023.

Topics covered:

  • Shared Responsibility scenarios across IaaS, PaaS, and SaaS breaches
  • IAM policy reading and privilege-escalation chains in AWS
  • Envelope encryption, key rotation, BYOK, and HYOK custody models
  • CloudTrail management vs data events and integrity validation
  • Cloud-platform investigation in AWS, Azure, and GCP audit logs
  • Lambda, EKS, and container forensic surfaces and limits
  • CSPM vs CWPP vs CNAPP and CCM v4 control mapping
  • Zero trust, MLAT and CLOUD Act routing, and DPDP Act 2023 transfers

A medium-band paper that rewards joined-up thinking over single-fact recall. Allow 30 minutes.

Sources & references

Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.

  • Amazon Web Services

    AWS SaaS shared responsibility guidance and Amazon WorkDocs documentation

    Open source
    cited in 19 questions
  • Ministry of Electronics and Information Technology

    Digital Personal Data Protection Act 2023, Section 16 on processing personal data outside India

    Open source
    cited in 1 question
  • Google Cloud

    Cloud Audit Logs overview, default enablement and log categories

    Open source
    cited in 1 question
  • NIST Interagency Report 8006

    NIST Cloud Computing Forensic Science Challenges (2020 draft), Ephemerality of Cloud Resources

    Open source
    cited in 1 question
  • Ministry of Home Affairs, Government of India

    Comprehensive Guidelines for Investigation Abroad and MLAT requests

    Open source
    cited in 1 question
  • OASIS

    Security Assertion Markup Language (SAML) v2.0 Core, Section 2.5 on Conditions and SubjectConfirmation

    Open source
    cited in 1 question
  • Cloud Security Alliance

    Cloud Controls Matrix v4, Data Security and Privacy Lifecycle Management (DSP) domain

    Open source
    cited in 1 question
  • NIST Special Publication 800-86

    Guide to Integrating Forensic Techniques into Incident Response, Section 3 Forensic Process

    Open source
    cited in 1 question
  • Gartner / Cloud Security Alliance

    Gartner Market Guide for Cloud-Native Application Protection Platforms and CSA Cloud Controls Matrix

    Open source
    cited in 1 question
  • NIST Special Publication 800-207

    Zero Trust Architecture (Rose, Borchert, Mitchell, Connelly, August 2020), Section 2 tenets

    Open source
    cited in 1 question
  • OpenID Foundation

    OpenID Connect Core 1.0, Section 3.1.3.7 ID Token Validation

    Open source
    cited in 1 question
  • Microsoft

    Azure Monitor documentation, Activity Log overview and subscription-scope events

    Open source
    cited in 1 question

How our mocks are built

Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.

Common questions

What does the Digital Forensics: Cloud Security and Cloud Forensics Applied Scenarios mock cover?+

Applied-scenario drill on cloud security architecture and cloud forensics for the FACT digital forensics paper. Questions are pitched at the medium band, where a candidate must connect two cloud concepts (Shared Responsibility plus an IaaS-PaaS-SaaS breach, IAM policy JSON plus a privilege-escalation chain, CloudTrail event types plus an investigation path) rather than recall a single definition. Sub-topics cover the AWS Shared Responsibility Model across EC2, RDS, and WorkDocs; IAM policy readi

How many questions and how long is the test?+

30 multiple-choice questions, 30 minutes total. Difficulty: medium. Tier: Premium.

Who is this mock for?+

Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.

Are the questions reviewed?+

Each question carries a verified source citation. Faculty review for individual questions is in progress.

Do I need an account to take this mock?+

Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.