The SecOps Group CCPenX-Az Actual Free Exam Questions & Community Discussion

  • Exam Code/Number: CCPenX-Az
  • Exam Name/Title: Certified Cloud Pentesting eXpert - Azure
  • Certification Provider: The SecOps Group
  • Corresponding Certification: Cloud Pentesting eXpert
  • Exam Questions: 33
  • Updated On: Jul 15, 2026
ExcaliburCorp has recently migrated part of its infrastructure to Microsoft Azure. Shortly after the migration, the company suffered a security breach resulting in the exposure of sensitive internal data. Their investigation revealed that the attack originated from a disgruntled developer who has since disappeared. To assess and mitigate further risks, ExcaliburCorp has granted you access to a replica Azure environment with the same permissions the developer had at the time of the incident. Your task is to simulate the attacker's actions, uncover the full extent of the compromise, and identify vulnerable configurations or services that enabled the breach.
Using the provided Azure login credentials, perform OSINT and reconnaissance to identify the Azure Active Directory/AAD Tenant ID associated with the environment.
Correct Answer:
See the Answer in Explanation below.
Explanation:
f015f36d-c07f-41fb-9bde-fffc3a22ee8b
Detailed Solution:
Log in using the supplied breached Azure account.
az login -u [email protected] -p ' pg:Lr{k102l(fh7! ' After successful authentication, check the active Azure subscription context.
az account show
The important fields are:
{
" id " : " 7403ec86-c39d-4d80-9efa-35c7580ecefa " ,
" name " : " Azure subscription 1 " ,
" tenantDefaultDomain " : " azuresecops.onmicrosoft.com " ,
" tenantDisplayName " : " ExcaliburCorp " ,
" tenantId " : " f015f36d-c07f-41fb-9bde-fffc3a22ee8b "
}
The AAD / Microsoft Entra tenant ID is the tenantId.
Final answer:
f015f36d-c07f-41fb-9bde-fffc3a22ee8b
You find a SAS token in a table entity. The token starts with:
?sv=2025-01-05 & ss=b & srt=sco & sp=rl & se=2026-08-01T00:00:00Z
Which permissions does sp=rl grant?
Correct Answer: C Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
You are reviewing Azure Activity Logs after a lab compromise. Which operation indicates that an attacker reset another user's password through Microsoft Entra ID?
Correct Answer: B Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
A compromised principal has permission to list role assignments. Identify which user has the User Access Administrator role at the resource group scope.
Correct Answer:
See the Answer in Explanation below.
Explanation:
[email protected]
Detailed Solution:
Run:
az role assignment list \
--resource-group rg-prod-apps-eastus \
--all \
--output table
Or filter by role:
az role assignment list \
--resource-group rg-prod-apps-eastus \
--role " User Access Administrator " \
--query " [].{Principal:principalName,Role:roleDefinitionName,Scope:scope} " \
--output table
Expected output:
Principal Role Scope
------------------------------------- ------------------------- ---------------------------- [email protected] User Access Administrator /subscriptions/.../rg-prod-apps-eastus Final answer:
[email protected]
0
0
0
10