CompTIA PenTest+ (PT0-002) — Question 450

Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

Answer options

• A. Whether the cloud service provider allows the penetration tester to test the environment
• B. Whether the specific cloud services are being used by the application
• C. The geographical location where the cloud services are running
• D. Whether the country where the cloud service is based has any impeding laws

Correct answer: A

Explanation

The correct answer is A because obtaining permission from the cloud service provider is crucial before conducting any tests to avoid legal and ethical issues. Options B, C, and D, while important considerations, do not take precedence over ensuring that testing is authorized by the provider.