Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCFR Exam - Topic 10 Question 39 Discussion

Actual exam question for GIAC's GCFR exam
Question #: 39
Topic #: 10
[All GCFR Questions]

An investigator his successfully installed the ExchangeOnlineManagement module on their investigation system and is attempting to search a client's Microsoft 365 Unified Audit Log using PowerShell. PowerShell returns a "command not found" error each time they try to execute the Search-UnifiedAuditLog cmdlet. How should the investigator troubleshoot this issue?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Agustin at Mar 08, 2025, 07:58 AM

Limited Time Offer

25%

Off

Get Premium GCFR Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rozella
6 months ago
I thought .NET version 4.b was required for all cmdlets, is that not true?
upvoted 0 times
...
Cassi
6 months ago
Make sure you're using PowerShell Core, that's a common mistake!
upvoted 0 times
...
Stephaine
6 months ago
Wait, why would MFA need to be disabled? That seems risky.
upvoted 0 times
...
Bea
7 months ago
Definitely, permissions are key for accessing the audit log!
upvoted 0 times
...
Ty
7 months ago
You need to check the permissions of the account used in Microsoft 365.
upvoted 0 times
...
Madonna
7 months ago
I believe permissions are crucial for accessing the audit log, so maybe checking the account's permissions in Microsoft 365 could be a good first step.
upvoted 0 times
...
Samira
7 months ago
I practiced a question similar to this, and I feel like checking the PowerShell version is important, but I can't recall if it specifically needs to be PowerShell Core.
upvoted 0 times
...
Hubert
8 months ago
I think I read that MFA can sometimes cause issues with certain commands, but I'm not entirely clear on how it affects the Search-UnifiedAuditLog cmdlet.
upvoted 0 times
...
King
8 months ago
I remember something about needing the right version of .NET for certain cmdlets, but I'm not sure if it's 4.b or something else.
upvoted 0 times
...
Alison
8 months ago
I've encountered this problem before. I think the key is to make sure the account has the necessary permissions to access the Unified Audit Log. I'll carefully review the account settings.
upvoted 0 times
...
Erasmo
8 months ago
I'm a bit confused by this error. I wonder if there's some kind of compatibility issue with the ExchangeOnlineManagement module. I'll need to do some research to figure this out.
upvoted 0 times
...
Domitila
8 months ago
Okay, let's think this through step-by-step. First, I'll verify the PowerShell version and ensure I'm using the right one. Then I'll double-check the account permissions in M365.
upvoted 0 times
...
Willis
8 months ago
Hmm, this is a tricky one. I'll need to carefully check the system requirements and permissions to make sure I'm not missing anything obvious.
upvoted 0 times
...
Bev
1 year ago
D is definitely the way to go here. Permissions are everything when it comes to accessing that Unified Audit Log. Though I have to say, the idea of disabling MFA just to get this working is about as smart as using Internet Explorer for a cybersecurity investigation.
upvoted 0 times
Jill
12 months ago
D) Check the permissions of the account used in Microsoft 365
upvoted 0 times
...
Hassie
1 year ago
B) Ensure that MFA has been disabled for The account used
upvoted 0 times
...
Amira
1 year ago
A) Ensure their system has .NFT version 4.b or later Installed
upvoted 0 times
...
...
Yuriko
1 year ago
Ah, the joys of troubleshooting tech issues. I bet they're wishing they had a magic 8-ball to solve this one. Maybe they should try throwing some glitter at the problem - that's how I fix all my computer troubles!
upvoted 0 times
Candida
12 months ago
C) Check that they are using PowerShell Core
upvoted 0 times
...
Vernice
12 months ago
B) Ensure that MFA has been disabled for The account used
upvoted 0 times
...
Karl
12 months ago
A) Ensure their system has .NFT version 4.b or later Installed
upvoted 0 times
...
...
Marylou
1 year ago
Hmm, PowerShell Core, eh? Sounds like they're trying to be a trendy investigator. But hey, if it works, it works. Though I gotta say, turning off MFA is a bold move - not sure I'd recommend that one.
upvoted 0 times
...
Serina
1 year ago
Maybe they should also ensure their system has .NET version 4.0 or later installed.
upvoted 0 times
...
Noe
1 year ago
D is the way to go here. Permissions are key when it comes to accessing the Unified Audit Log. I bet they forgot to give the account the necessary admin rights.
upvoted 0 times
Geoffrey
1 year ago
User2: Absolutely, without the right permissions, you can't access the Unified Audit Log.
upvoted 0 times
...
Boris
1 year ago
User1: D is definitely important. Permissions can cause a lot of issues.
upvoted 0 times
...
...
Marti
1 year ago
I agree with Paola. It's important to make sure the account has the necessary permissions.
upvoted 0 times
...
Clarence
1 year ago
Ah, the classic 'command not found' error. Looks like they need to check their PowerShell version and permissions. Let's hope they don't try to solve this by turning off MFA - that would be a security nightmare!
upvoted 0 times
Svetlana
1 year ago
D) Check the permissions of the account used in Microsoft 365
upvoted 0 times
...
Bulah
1 year ago
C) Check that they are using PowerShell Core
upvoted 0 times
...
Danilo
1 year ago
A) Ensure their system has .NFT version 4.b or later Installed
upvoted 0 times
...
...
Paola
1 year ago
I think the investigator should check the permissions of the account used in Microsoft 365.
upvoted 0 times
...

Save Cancel