🔥 3-day streak
CompTIA PenTest+ (PT0-003)16 / 175
Question 16 of 175

During the reconnaissance phase of an authorized cloud assessment for a retail company, a penetration tester wants to discover publicly exposed AWS S3 buckets belonging to the target without generating traffic directly against the client's production infrastructure. The tester has the company name, brand names, and common naming conventions the organization uses. Which approach BEST supports passive discovery of exposed storage buckets while minimizing direct interaction with the target?

Reviewed for accuracy · Report an issueNext question