CompTIA PenTest+ (PT0-002) — Question 28

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?

Answer options

• A. Whether sensitive client data is publicly accessible
• B. Whether the connection between the cloud and the client is secure
• C. Whether the client's employees are trained properly to use the platform
• D. Whether the cloud applications were developed using a secure SDLC

Correct answer: A

Explanation

The first step in assessing risk is to ensure that sensitive client data is not exposed to the public, which could lead to data breaches. While the security of connections, employee training, and secure development practices are important, they are secondary to confirming that sensitive information is safeguarded from unauthorized access.