New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCFR Exam - Topic 10 Question 39 Discussion

Actual exam question for GIAC's GCFR exam
Question #: 39
Topic #: 10
[All GCFR Questions]

An investigator his successfully installed the ExchangeOnlineManagement module on their investigation system and is attempting to search a client's Microsoft 365 Unified Audit Log using PowerShell. PowerShell returns a "command not found" error each time they try to execute the Search-UnifiedAuditLog cmdlet. How should the investigator troubleshoot this issue?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Agustin at Mar 08, 2025, 07:58 AM

Limited Time Offer

25%

Off

Get Premium GCFR Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rozella
3 months ago
I thought .NET version 4.b was required for all cmdlets, is that not true?
upvoted 0 times
...
Cassi
3 months ago
Make sure you're using PowerShell Core, that's a common mistake!
upvoted 0 times
...
Stephaine
3 months ago
Wait, why would MFA need to be disabled? That seems risky.
upvoted 0 times
...
Bea
4 months ago
Definitely, permissions are key for accessing the audit log!
upvoted 0 times
...
Ty
4 months ago
You need to check the permissions of the account used in Microsoft 365.
upvoted 0 times
...
Madonna
4 months ago
I believe permissions are crucial for accessing the audit log, so maybe checking the account's permissions in Microsoft 365 could be a good first step.
upvoted 0 times
...
Samira
4 months ago
I practiced a question similar to this, and I feel like checking the PowerShell version is important, but I can't recall if it specifically needs to be PowerShell Core.
upvoted 0 times
...
Hubert
4 months ago
I think I read that MFA can sometimes cause issues with certain commands, but I'm not entirely clear on how it affects the Search-UnifiedAuditLog cmdlet.
upvoted 0 times
...
King
5 months ago
I remember something about needing the right version of .NET for certain cmdlets, but I'm not sure if it's 4.b or something else.
upvoted 0 times
...
Alison
5 months ago
I've encountered this problem before. I think the key is to make sure the account has the necessary permissions to access the Unified Audit Log. I'll carefully review the account settings.
upvoted 0 times
...
Erasmo
5 months ago
I'm a bit confused by this error. I wonder if there's some kind of compatibility issue with the ExchangeOnlineManagement module. I'll need to do some research to figure this out.
upvoted 0 times
...
Domitila
5 months ago
Okay, let's think this through step-by-step. First, I'll verify the PowerShell version and ensure I'm using the right one. Then I'll double-check the account permissions in M365.
upvoted 0 times
...
Willis
5 months ago
Hmm, this is a tricky one. I'll need to carefully check the system requirements and permissions to make sure I'm not missing anything obvious.
upvoted 0 times
...
Bev
10 months ago
D is definitely the way to go here. Permissions are everything when it comes to accessing that Unified Audit Log. Though I have to say, the idea of disabling MFA just to get this working is about as smart as using Internet Explorer for a cybersecurity investigation.
upvoted 0 times
Jill
9 months ago
D) Check the permissions of the account used in Microsoft 365
upvoted 0 times
...
Hassie
9 months ago
B) Ensure that MFA has been disabled for The account used
upvoted 0 times
...
Amira
9 months ago
A) Ensure their system has .NFT version 4.b or later Installed
upvoted 0 times
...
...
Yuriko
10 months ago
Ah, the joys of troubleshooting tech issues. I bet they're wishing they had a magic 8-ball to solve this one. Maybe they should try throwing some glitter at the problem - that's how I fix all my computer troubles!
upvoted 0 times
Candida
8 months ago
C) Check that they are using PowerShell Core
upvoted 0 times
...
Vernice
8 months ago
B) Ensure that MFA has been disabled for The account used
upvoted 0 times
...
Karl
9 months ago
A) Ensure their system has .NFT version 4.b or later Installed
upvoted 0 times
...
...
Marylou
10 months ago
Hmm, PowerShell Core, eh? Sounds like they're trying to be a trendy investigator. But hey, if it works, it works. Though I gotta say, turning off MFA is a bold move - not sure I'd recommend that one.
upvoted 0 times
...
Serina
10 months ago
Maybe they should also ensure their system has .NET version 4.0 or later installed.
upvoted 0 times
...
Noe
10 months ago
D is the way to go here. Permissions are key when it comes to accessing the Unified Audit Log. I bet they forgot to give the account the necessary admin rights.
upvoted 0 times
Geoffrey
10 months ago
User2: Absolutely, without the right permissions, you can't access the Unified Audit Log.
upvoted 0 times
...
Boris
10 months ago
User1: D is definitely important. Permissions can cause a lot of issues.
upvoted 0 times
...
...
Marti
11 months ago
I agree with Paola. It's important to make sure the account has the necessary permissions.
upvoted 0 times
...
Clarence
11 months ago
Ah, the classic 'command not found' error. Looks like they need to check their PowerShell version and permissions. Let's hope they don't try to solve this by turning off MFA - that would be a security nightmare!
upvoted 0 times
Svetlana
10 months ago
D) Check the permissions of the account used in Microsoft 365
upvoted 0 times
...
Bulah
10 months ago
C) Check that they are using PowerShell Core
upvoted 0 times
...
Danilo
10 months ago
A) Ensure their system has .NFT version 4.b or later Installed
upvoted 0 times
...
...
Paola
11 months ago
I think the investigator should check the permissions of the account used in Microsoft 365.
upvoted 0 times
...

Save Cancel