Exam CS0-003 topic 1 question 24 discussion

Ans is B Traditional vulnerability scanners: These scanners are often designed for on-premises environments and might not be equipped to identify cloud-specific vulnerabilities or misconfigurations. Cloud platforms have unique security features: Each cloud platform (e.g., AWS, Azure, GCP) has its own security posture and configuration options, which traditional scanners might not be able to assess effectively.

While D is also apossible answer based on OWASP, but does explain the implications as per what the question is asking.

B. Cloud-specific misconfigurations may not be detected by the current scanners This is the BEST choice given the current choices.

B. Cloud-specific misconfigurations may not be detected by the current scanners

B) Cloud-specific misconfigurations If they move to an Azure or Google cloud, then Prowler, for example, wouldn't be able to scan for misconfigurations on those since it only works on AWS. Of the 4 choices, this one makes the most sense. See below for reference. From CompTIA Certmaster Topic 12B: Analyzing Cloud Vulnerabilities Prowler (github.com/toniblyx/prowler) is an audit tool for use with AWS only. It can detect misconfigurations and security issues, such as weak passwords, unpatched systems, and insecure protocol use. It can also be used to evaluate cloud infrastructure against the CIS Benchmarks™ for AWS (cisecurity.org/benchmark/amazon_web_services) and perform regulatory compliance checks.

The answer is B. Cloud-specific misconfigurations may not be detected by the current scanners.

Correct Cloud-specific misconfigurations may not be detected by the current scanners that are designed for on-premises environments, as they may not have the visibility or access to the cloud resources or the cloud provider’s APIs.