Scribd
Upload
26 views4 pages

Ccpenx Aws Demo

The document provides a demo version of the CCPenX-AWS exam questions and answers, focusing on techniques for assessing AWS-hosted web applications. It includes methods for DNS lookups, reverse DNS lookups, content discovery, crawling applications, and enumerating subdomains. Each question is accompanied by a step-by-step explanation of the commands and tools used for the respective tasks.

Uploaded by

averey.gohan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
26 views4 pages

Ccpenx Aws Demo

The document provides a demo version of the CCPenX-AWS exam questions and answers, focusing on techniques for assessing AWS-hosted web applications. It includes methods for DNS lookups, reverse DNS lookups, content discovery, crawling applications, and enumerating subdomains. Each question is accompanied by a step-by-step explanation of the commands and tools used for the respective tasks.

Uploaded by

averey.gohan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

The SecOps group

CCPenX-AWS Exam
eXpert

Questions & Answers


(Demo Version - Limited Content)

Thank you for Downloading CCPenX-AWS exam PDF Demo

Get Full File:


https://www.certsland.com/ccpenx-aws-dumps/

www.certsland.com
Exam Dumps 1/2

Question: 1

You are assessing an AWS-hosted web application. How would you perform a DNS lookup to gather
basic information about the target domain using command-line tools?

A. See the Explanation.

Answer: A
Explanation:

1. Open a terminal.
2. Run: nslookup example.com or dig example.com
3. Observe the returned A records (IPv4), NS records (nameservers), and CNAMEs if any.
4. Use dig ANY example.com to pull additional DNS data in one command.
5. Note down all IPs and hostnames for further recon.

Question: 2

You need to perform a reverse DNS lookup on an IP you found in a previous scan. How do you determine
the domain or hostname associated with it?

A. See the Explanation.

Answer: A
Explanation:

1. Open a terminal.
2. Use the command: host 203.0.113.45
3. Alternatively, run: dig -x 203.0.113.45
4. If PTR record exists, it will return the associated domain.
5. Use the resolved domain for further DNS or HTTP-based recon.

Question: 3

How would you perform content discovery on a web server hosted in AWS to find hidden files and
directories?

A. See the Explanation.

www.certsland.com
Exam Dumps 2/2

Answer: A
Explanation:

1. Use ffuf or dirsearch:


ffuf -u https://example.com/FUZZ -w /usr/share/wordlists/dirb/common.txt
2. Analyze the HTTP response codes for valid directories (e.g., 200/403).
3. Modify extensions: add .php, .bak, .zip, etc.
4. Add -e flag in ffuf for extension fuzzing: -e .php,.html,.bak
5. Explore valid paths manually or with tools like Burp Suite.

Question: 4

Describe how to crawl and spider an AWS-hosted application to enumerate all reachable endpoints and
parameterized pages.

A. See the Explanation.

Answer: A
Explanation:

1. Use Burp Suite → Target → Site Map to crawl automatically.


2. Or run: gospider -s https://example.com -o spider_output/
3. Parse the output for URLs, JS endpoints, and hidden paths.
4. Look for API endpoints and potential S3 links or tokens.
5. Feed discovered endpoints into fuzzers or scanners.

Question: 5

How would you enumerate subdomains for a given AWS application domain?

A. See the Explanation.

Answer: A
Explanation:

1. Use a subdomain wordlist with subfinder or amass:


subfinder -d example.com -o subs.txt
2. Validate with dnsx: dnsx -l subs.txt -a -resp
3. Use Google/Bing dorking for additional subdomain discovery.
4. Check for AWS-specific naming like dev.example.com.s3.amazonaws.com
5. Test discovered subdomains for active services or exposed APIs.
1.

www.certsland.com
Thank You for trying CCPenX-AWS PDF Demo

https://www.certsland.com/ccpenx-aws-dumps/

Start Your CCPenX-AWS Preparation

[Limited Time Offer] Use Coupon " SAVE20 " for extra 20%
discount on the purchase of PDF file. Test your
CCPenX-AWS preparation with actual exam questions

www.certsland.com

You might also like