Digital Forensics: Cloud Security and Cloud Forensics Applied Scenarios
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
About this mock
Applied-scenario drill on cloud security architecture and cloud forensics for the FACT digital forensics paper. Questions are pitched at the medium band, where a candidate must connect two cloud concepts (Shared Responsibility plus an IaaS-PaaS-SaaS breach, IAM policy JSON plus a privilege-escalation chain, CloudTrail event types plus an investigation path) rather than recall a single definition. Sub-topics cover the AWS Shared Responsibility Model across EC2, RDS, and WorkDocs; IAM policy reading for Principal, Action, Resource, and Condition; the iam:PassRole plus iam:CreatePolicyVersion escalation pattern; envelope encryption with AWS KMS; SSE-S3 vs SSE-KMS vs SSE-C selection; mTLS at the Application Load Balancer; CloudTrail data events vs management events for S3 object-level breaches; AssumeRole chain reading for cross-account attacks; EBS snapshot preservation under legal hold; VPC Flow Log field interpretation; Lambda forensics via CloudWatch Logs and X-Ray; EKS pod IAM via IRSA; CSPM vs CWPP vs CNAPP selection; CLOUD Act vs MLAT routing; DPDP Act 2023 cross-border rules; SAML 2.0 and OIDC token verification; KMS key rotation; BYOK vs HYOK custody; CloudTrail integrity validation; Azure Activity Log vs Diagnostic Settings; GCP Admin Activity vs Data Access logs; NIST SP 800-207 zero trust; NIST SP 800-86 forensic phases; NIST IR 8006 ephemeral-resource challenges; and CSA Cloud Controls Matrix v4 domains.
Designed for FACT aspirants, NFSU MSc cyber forensics candidates, and cloud incident responders who want a fast self-check against the AWS, Azure, and Google Cloud security stacks together. Citations are grounded in AWS, Microsoft, and Google official documentation, NIST SP 800-86, NIST SP 800-207, NIST IR 8006, OASIS SAML 2.0, OpenID Connect Core 1.0, the CLOUD Act 2018, and the Digital Personal Data Protection Act 2023.
Topics covered:
- Shared Responsibility scenarios across IaaS, PaaS, and SaaS breaches
- IAM policy reading and privilege-escalation chains in AWS
- Envelope encryption, key rotation, BYOK, and HYOK custody models
- CloudTrail management vs data events and integrity validation
- Cloud-platform investigation in AWS, Azure, and GCP audit logs
- Lambda, EKS, and container forensic surfaces and limits
- CSPM vs CWPP vs CNAPP and CCM v4 control mapping
- Zero trust, MLAT and CLOUD Act routing, and DPDP Act 2023 transfers
A medium-band paper that rewards joined-up thinking over single-fact recall. Allow 30 minutes.
Sources & references
Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.
- cited in 19 questions
Amazon Web Services
AWS SaaS shared responsibility guidance and Amazon WorkDocs documentation
Open source - cited in 1 question
Ministry of Electronics and Information Technology
Digital Personal Data Protection Act 2023, Section 16 on processing personal data outside India
Open source - cited in 1 question
- cited in 1 question
NIST Interagency Report 8006
NIST Cloud Computing Forensic Science Challenges (2020 draft), Ephemerality of Cloud Resources
Open source - cited in 1 question
Ministry of Home Affairs, Government of India
Comprehensive Guidelines for Investigation Abroad and MLAT requests
Open source - cited in 1 question
OASIS
Security Assertion Markup Language (SAML) v2.0 Core, Section 2.5 on Conditions and SubjectConfirmation
Open source - cited in 1 question
Cloud Security Alliance
Cloud Controls Matrix v4, Data Security and Privacy Lifecycle Management (DSP) domain
Open source - cited in 1 question
NIST Special Publication 800-86
Guide to Integrating Forensic Techniques into Incident Response, Section 3 Forensic Process
Open source - cited in 1 question
Gartner / Cloud Security Alliance
Gartner Market Guide for Cloud-Native Application Protection Platforms and CSA Cloud Controls Matrix
Open source - cited in 1 question
NIST Special Publication 800-207
Zero Trust Architecture (Rose, Borchert, Mitchell, Connelly, August 2020), Section 2 tenets
Open source - cited in 1 question
- cited in 1 question
Microsoft
Azure Monitor documentation, Activity Log overview and subscription-scope events
Open source
How our mocks are built
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.
Common questions
What does the Digital Forensics: Cloud Security and Cloud Forensics Applied Scenarios mock cover?+
Applied-scenario drill on cloud security architecture and cloud forensics for the FACT digital forensics paper. Questions are pitched at the medium band, where a candidate must connect two cloud concepts (Shared Responsibility plus an IaaS-PaaS-SaaS breach, IAM policy JSON plus a privilege-escalation chain, CloudTrail event types plus an investigation path) rather than recall a single definition. Sub-topics cover the AWS Shared Responsibility Model across EC2, RDS, and WorkDocs; IAM policy readi
How many questions and how long is the test?+
30 multiple-choice questions, 30 minutes total. Difficulty: medium. Tier: Premium.
Who is this mock for?+
Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.
Are the questions reviewed?+
Each question carries a verified source citation. Faculty review for individual questions is in progress.
Do I need an account to take this mock?+
Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.