GIAC
GCIH · Question #752
GCIH Question #752: Real Exam Question with Answer & Explanation
The correct answer is D: HTTP Proxy. HTTP proxy logs capture outbound web requests, making them the best source for identifying access to cloud storage services across all providers.
Cloud Incident Response & Threat Hunting
Question
Which of the following logs could be queried to identify Azure, Amazon and Google storage use in an organization?
Options
- ADNS
- BAuthentication
- CWeb Server
- DHTTP Proxy
Explanation
HTTP proxy logs capture outbound web requests, making them the best source for identifying access to cloud storage services across all providers.
Common mistakes.
- A. DNS logs record domain resolution requests but do not capture the full request context or confirm that cloud storage services were actually accessed and used.
- B. Authentication logs track login and token events tied to identity providers, not outbound data transfer to cloud storage endpoints.
- C. Web server logs are server-side records of incoming requests to a hosted service, not client-side outbound traffic destined for external cloud storage.
Concept tested. HTTP proxy log analysis for cloud storage detection
Reference. https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad
Topics
#cloud storage detection#HTTP proxy logs#shadow IT#cloud service identification
Community Discussion
No community discussion yet for this question.