CompTIA PenTest+ (PT1-002) — Question 1

Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

Answer options

• A. Whether the cloud service provider allows the penetration tester to test the environment
• B. Whether the specific cloud services are being used by the application
• C. The geographical location where the cloud services are running
• D. Whether the country where the cloud service is based has any impeding laws

Correct answer: A

Explanation

The correct answer is A because obtaining permission from the cloud service provider is crucial to ensure that the testing is authorized and compliant with regulations. Options B, C, and D, while important considerations, do not take precedence over the need for explicit permission to conduct penetration testing.