C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

The SecOps Group CCPenX-AWS - Certified Cloud Pentesting eXpert-AWS (CCPenX-AWS) Certification Exam

Download Exam View Entire Exam
Page: 1 / 1
Question #1 (Topic: demo questions)

How would you enumerate subdomains for a given AWS application domain?

A.
See the Explanation.
Correct Answer: A
Explanation:
1. Use a subdomain wordlist with subfinder or amass:
subfinder -d example.com -o subs.txt
2. Validate with dnsx: dnsx -l subs.txt -a -resp
3. Use Google/Bing dorking for additional subdomain discovery.
4. Check for AWS-specific naming like dev.example.com.s3.amazonaws.com
5. Test discovered subdomains for active services or exposed APIs.
Question #2 (Topic: demo questions)

Describe how to crawl and spider an AWS-hosted application to enumerate all reachable endpoints and
parameterized pages.

A.
See the Explanation.
Correct Answer: A
Explanation:
1. Use Burp Suite → Target → Site Map to crawl automatically.
2. Or run: gospider -s https://example.com -o spider_output/
3. Parse the output for URLs, JS endpoints, and hidden paths.
4. Look for API endpoints and potential S3 links or tokens.
5. Feed discovered endpoints into fuzzers or scanners.
Question #3 (Topic: demo questions)

How would you perform content discovery on a web server hosted in AWS to find hidden files and
directories?

A.
See the Explanation.
Correct Answer: A
Explanation:
1. Use ffuf or dirsearch:
ffuf -u https://example.com/FUZZ -w /usr/share/wordlists/dirb/common.txt
2. Analyze the HTTP response codes for valid directories (e.g., 200/403).
3. Modify extensions: add .php, .bak, .zip, etc.
4. Add -e flag in ffuf for extension fuzzing: -e .php,.html,.bak
5. Explore valid paths manually or with tools like Burp Suite.
Question #4 (Topic: demo questions)

You need to perform a reverse DNS lookup on an IP you found in a previous scan. How do you determine
the domain or hostname associated with it?

A.
See the Explanation.
Correct Answer: A
Explanation:
1. Open a terminal.
2. Use the command: host 203.0.113.45
3. Alternatively, run: dig -x 203.0.113.45
4. If PTR record exists, it will return the associated domain.
5. Use the resolved domain for further DNS or HTTP-based recon.
Question #5 (Topic: demo questions)

You are assessing an AWS-hosted web application. How would you perform a DNS lookup to gather
basic information about the target domain using command-line tools?


A.
See the Explanation.
Correct Answer: A
Explanation:
1. Open a terminal.
2. Run: nslookup example.com or dig example.com
3. Observe the returned A records (IPv4), NS records (nameservers), and CNAMEs if any.
4. Use dig ANY example.com to pull additional DNS data in one command.
5. Note down all IPs and hostnames for further recon.
Download Exam
Page: 1 / 1
Next Page