CompTIA PenTest+ (PT0-002) — Question 326

During the execution of a cloud penetration test, a tester was able to gain an initial footprint on the customer cloud infrastructure. Now the tester wants to scan the cloud resources, possible misconfigurations, and other relevant data that could be exploited. Which of the following tools should the tester most likely use?

Answer options

• A. Nikto
• B. Recon-ng
• C. Cobalt Strike
• D. Pacu

Correct answer: D

Explanation

Pacu is specifically designed for testing and exploiting vulnerabilities in Amazon Web Services (AWS) environments, making it the most appropriate choice for assessing cloud resources. Nikto is focused on web server vulnerabilities, Recon-ng is more about reconnaissance, and Cobalt Strike is geared towards advanced attack simulations, none of which are tailored for cloud-specific misconfiguration assessments.