GIAC Exam GCFR Topic 10 Question 39 Discussion

Actual exam question for GIAC's GCFR exam

Question #: 39
Topic #: 10

[All GCFR Questions]

An investigator his successfully installed the ExchangeOnlineManagement module on their investigation system and is attempting to search a client's Microsoft 365 Unified Audit Log using PowerShell. PowerShell returns a "command not found" error each time they try to execute the Search-UnifiedAuditLog cmdlet. How should the investigator troubleshoot this issue?

AEnsure their system has .NFT version 4.b or later Installed

BEnsure that MFA has been disabled for The account used

CCheck that they are using PowerShell Core

DCheck the permissions of the account used in Microsoft 365

Show Suggested Answer

Suggested Answer: C

by Agustin at Mar 08, 2025, 07:58 AM

Limited Time Offer

25%

Off

Get Premium GCFR Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Serina

1 days ago

Maybe they should also ensure their system has .NET version 4.0 or later installed.

upvoted 0 times

...

Noe

1 days ago

D is the way to go here. Permissions are key when it comes to accessing the Unified Audit Log. I bet they forgot to give the account the necessary admin rights.

upvoted 0 times

...

Marti

5 days ago

I agree with Paola. It's important to make sure the account has the necessary permissions.

upvoted 0 times

...

Clarence

9 days ago

Ah, the classic 'command not found' error. Looks like they need to check their PowerShell version and permissions. Let's hope they don't try to solve this by turning off MFA - that would be a security nightmare!

upvoted 0 times

...

Paola

16 days ago

I think the investigator should check the permissions of the account used in Microsoft 365.

upvoted 0 times

...