Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > The SecOps Group > Cloud Pentesting eXpert > CCPenX-Az

CCPenX-Az Certified Cloud Pentesting eXpert - Azure Question and Answers

Question # 4

ExcaliburCorp has recently migrated part of its infrastructure to Microsoft Azure. Shortly after the migration, the company suffered a security breach resulting in the exposure of sensitive internal data. Their investigation revealed that the attack originated from a disgruntled developer who has since disappeared. To assess and mitigate further risks, ExcaliburCorp has granted you access to a replica Azure environment with the same permissions the developer had at the time of the incident. Your task is to simulate the attacker’s actions, uncover the full extent of the compromise, and identify vulnerable configurations or services that enabled the breach.

Using the provided Azure login credentials, perform OSINT and reconnaissance to identify the Azure Active Directory/AAD Tenant ID associated with the environment.

Full Access
Question # 5

After gaining access to the Azure tenant, enumerate all resource groups available to the compromised user. One resource group contains the word prod. What is the name of that resource group?

Full Access
Question # 6

From inside the App Service environment, request an Azure Resource Manager token using the managed identity endpoint. Which resource value should be requested for Azure Resource Manager access?

A.

https://graph.microsoft.com/

B.

https://management.azure.com/

C.

https://vault.azure.net/

D.

https://storage.azure.com/

Full Access
Question # 7

Authenticate to Azure as a service principal using the credentials found in backup-config.json.

Full Access
Question # 8

The compromised service principal has Contributor access to a resource group but no direct Key Vault data-plane role. Can it immediately read Key Vault secret values?

A.

Yes, Contributor includes secret read permissions

B.

No, Contributor does not automatically grant Key Vault secret data-plane read

C.

Yes, if the vault is in the same resource group

D.

No, service principals cannot access Key Vault

Full Access
Question # 9

With access to the Web App’s Managed Identity, you can now query certain Azure Resources. Use this access to uncover the hidden secret left behind during provisioning. What is the secret?

Full Access