Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GCFR Topic 10 Question 39 Discussion

Actual exam question for GIAC's GCFR exam
Question #: 39
Topic #: 10
[All GCFR Questions]

An investigator his successfully installed the ExchangeOnlineManagement module on their investigation system and is attempting to search a client's Microsoft 365 Unified Audit Log using PowerShell. PowerShell returns a "command not found" error each time they try to execute the Search-UnifiedAuditLog cmdlet. How should the investigator troubleshoot this issue?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Agustin at Mar 08, 2025, 07:58 AM

Limited Time Offer

25%

Off

Get Premium GCFR Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Bev
2 months ago
D is definitely the way to go here. Permissions are everything when it comes to accessing that Unified Audit Log. Though I have to say, the idea of disabling MFA just to get this working is about as smart as using Internet Explorer for a cybersecurity investigation.
upvoted 0 times
Jill
16 days ago
D) Check the permissions of the account used in Microsoft 365
upvoted 0 times
...
Hassie
28 days ago
B) Ensure that MFA has been disabled for The account used
upvoted 0 times
...
Amira
1 months ago
A) Ensure their system has .NFT version 4.b or later Installed
upvoted 0 times
...
...
Yuriko
2 months ago
Ah, the joys of troubleshooting tech issues. I bet they're wishing they had a magic 8-ball to solve this one. Maybe they should try throwing some glitter at the problem - that's how I fix all my computer troubles!
upvoted 0 times
Candida
7 days ago
C) Check that they are using PowerShell Core
upvoted 0 times
...
Vernice
8 days ago
B) Ensure that MFA has been disabled for The account used
upvoted 0 times
...
Karl
12 days ago
A) Ensure their system has .NFT version 4.b or later Installed
upvoted 0 times
...
...
Marylou
2 months ago
Hmm, PowerShell Core, eh? Sounds like they're trying to be a trendy investigator. But hey, if it works, it works. Though I gotta say, turning off MFA is a bold move - not sure I'd recommend that one.
upvoted 0 times
...
Serina
2 months ago
Maybe they should also ensure their system has .NET version 4.0 or later installed.
upvoted 0 times
...
Noe
2 months ago
D is the way to go here. Permissions are key when it comes to accessing the Unified Audit Log. I bet they forgot to give the account the necessary admin rights.
upvoted 0 times
Geoffrey
2 months ago
User2: Absolutely, without the right permissions, you can't access the Unified Audit Log.
upvoted 0 times
...
Boris
2 months ago
User1: D is definitely important. Permissions can cause a lot of issues.
upvoted 0 times
...
...
Marti
2 months ago
I agree with Paola. It's important to make sure the account has the necessary permissions.
upvoted 0 times
...
Clarence
2 months ago
Ah, the classic 'command not found' error. Looks like they need to check their PowerShell version and permissions. Let's hope they don't try to solve this by turning off MFA - that would be a security nightmare!
upvoted 0 times
Svetlana
2 months ago
D) Check the permissions of the account used in Microsoft 365
upvoted 0 times
...
Bulah
2 months ago
C) Check that they are using PowerShell Core
upvoted 0 times
...
Danilo
2 months ago
A) Ensure their system has .NFT version 4.b or later Installed
upvoted 0 times
...
...
Paola
3 months ago
I think the investigator should check the permissions of the account used in Microsoft 365.
upvoted 0 times
...

Save Cancel