ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 288 discussion

Actual exam question from CompTIA's PT0-002
Question #: 288
Topic #: 1
[All PT0-002 Questions]

During the assessment of a client's cloud and on-premises environments, a penetration tester was able to gain ownership of a storage object within the cloud environment using the provided on-premises credentials.

Which of the following BEST describes why the tester was able to gain access?

  • A. Federation misconfiguration of the container
  • B. Key mismanagement between the environments
  • C. IaaS failure at the provider
  • D. Container listed in the public domain
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Mordor at Nov. 21, 2023, 4:24 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
manognavenkat
2 days, 18 hours ago
Selected Answer: B
Federation typically refers to identity federation, where an external identity provider is used for authentication. A misconfiguration in this context could allow unauthorized access, but the scenario doesn't mention any issues with federated identities or authentication systems between the on-premises and cloud environments.
upvoted 1 times
...
Etc_Shadow28000
9 months, 4 weeks ago
Selected Answer: A
A. Federation misconfiguration of the container: Federation allows users to use the same credentials across different systems, such as on-premises and cloud environments. B. Key mismanagement between the environments: This refers to improper handling or sharing of cryptographic keys. While it could be a reason for unauthorized access, the scenario specifically mentions gaining access through on-premises credentials rather than keys. C. IaaS failure at the provider: An Infrastructure as a Service (IaaS) failure would typically imply a problem at the cloud provider’s end, affecting the availability or security of the infrastructure. However, this scenario points to an issue with credentials and configuration rather than a provider failure. D. Container listed in the public domain: This would mean the storage object is publicly accessible, but the scenario describes gaining access using on-premises credentials, which indicates a permission or configuration issue rather than public exposure.
upvoted 4 times
...
Liaticce856
11 months, 1 week ago
Selected Answer: B
Just asked a Cloud Security expert. The answer is B. Storage object is not related to a container which is a virtual image
upvoted 1 times
...
Big_Dre
1 year ago
Selected Answer: B
B. Key mismanagement between the environments
upvoted 1 times
...
LiveLaughToasterBath
1 year, 2 months ago
Selected Answer: A
Key management has to do with encryption. Federation (Security) misconfiguration makes more sense as credentials were accidentally switched.
upvoted 4 times
...
joe99999
1 year, 4 months ago
A is correct. Another major way into cloud environments is through exploitation of misconfigured services. Although improperly set up or overly permissive identity and access management (IAM) is one of the most commonly leveraged weaknesses, federation configuration issues, insecure object storage in services like S3, or weak configuration in containerization services can all allow you to gain a foothold in a cloud environment. --CompTIA PenTest+ Study Guide: Exam PT0-002, 2nd Edition
upvoted 2 times
...
lordguck
1 year, 4 months ago
A is correct. B would be correct if the tester had to penetrate a system to gain the credentials.
upvoted 2 times
...
[Removed]
1 year, 5 months ago
Selected Answer: B
Going with B. Seems to be a hiccup between on-prem and cloud environments.
upvoted 1 times
...
Mordor
1 year, 5 months ago
B. Key mismanagement between the environments
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago