The SecOps Group CCPenX-Az Actual Free Exam Questions & Community Discussion

  • Exam Code/Number: CCPenX-Az
  • Exam Name/Title: Certified Cloud Pentesting eXpert - Azure
  • Certification Provider: The SecOps Group
  • Corresponding Certification: Cloud Pentesting eXpert
  • Exam Questions: 33
  • Updated On: Jul 15, 2026
You've discovered that the compromised user holds directory-level privileges. Enumerate how this role can be abused to compromise another user in the directory. What is the Job Title attribute of the compromised target user?
Correct Answer:
See the Answer in Explanation below.
Explanation:
Flag{92c8bfe4a73f48a6bd94e62fca2179dd}
Detailed Solution:
As the second compromised user, enumerate directory users:
az ad user list --output table
Use a cleaner query to show names, UPNs, and job titles:
az ad user list \
--query " [].{DisplayName:displayName,UPN:userPrincipalName,JobTitle:jobTitle} " \
--output table
You should identify a target user whose profile contains a flag in the jobTitle attribute.
The important target is:
[email protected]
Her jobTitle field contains:
Flag{92c8bfe4a73f48a6bd94e62fca2179dd}
Because the compromised user has User Administrator, you can reset this target user's password and later authenticate as her.
Final answer:
Flag{92c8bfe4a73f48a6bd94e62fca2179dd}
Inside the public blob container, a file named backup-config.json contains service principal credentials. What field contains the App Registration client ID?
Correct Answer: A Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Using a discovered SAS token with read/list permissions, enumerate blobs inside the sensitive-exports container. Which file contains credentials?
Correct Answer:
See the Answer in Explanation below.
Explanation:
service-principal-creds.json
Detailed Solution:
Set variables:
ACCOUNT= " prodreportstore01 "
CONTAINER= " sensitive-exports "
SAS= " ?sv=2025-01-05 & ss=b & srt=sco & sp=rl & se=2026-08-01T00:00:00Z & sig= < signature > " List blobs:
az storage blob list \
--account-name " $ACCOUNT " \
--container-name " $CONTAINER " \
--sas-token " $SAS " \
--query " [].name " \
--output table
Expected output:
Name
----------------------------
monthly-report.csv
service-principal-creds.json
readme.txt
The credential file is:
service-principal-creds.json
================
The App Service has a system-assigned managed identity enabled. Identify the managed identity principal ID.
Correct Answer:
See the Answer in Explanation below.
Explanation:
b72a4c19-92f6-47f3-b3dd-9db5a31831d1
Detailed Solution:
Run:
az webapp identity show \
--name finance-reporting-api \
--resource-group rg-prod-apps-eastus \
--output json
Expected output:
{
" principalId " : " b72a4c19-92f6-47f3-b3dd-9db5a31831d1 " ,
" tenantId " : " 8f34c1de-1198-4c2a-b1a8-1eaa72f6e99a " ,
" type " : " SystemAssigned "
}
The principalId is the service principal object ID of the managed identity.
Microsoft documents that managed identities provide Azure-managed identities for applications and eliminate the need to manage application secrets directly.
0
0
0
10