CompTIA PenTest+ (PT0-002) — Question 345

A penetration tester is assessing the security of a client’s externally facing cloud infrastructure. After running reconnaissance, the tester notices that several services and systems are exposed, including a web server, application server, storage buckets, and an unknown portal requiring authentication. After closely examining each of the exposed resources, the tester stumbles upon confidential documents available without any security controls. Which of the following is the most likely reason the resources are exposed?

Answer options

• A. IAM misconfiguration
• B. Federation misconfiguration
• C. Access token misconfiguration
• D. Object storage misconfiguration

Correct answer: D

Explanation

The correct answer is D because the presence of confidential documents without security controls suggests that the object storage configuration is improperly set, allowing unauthorized access. Options A, B, and C refer to different aspects of cloud security that do not directly pertain to the storage of documents; thus, they are less likely to be the cause of the exposure.