The correct answer is D. Secrets enumeration
When exposed cloud storage buckets are discovered, the tester should enumerate the contents for sensitive data such as API keys, access tokens, private keys, credentials, configuration files, database backups, source code, or other secrets. This is commonly referred to as secrets enumeration and is a key cloud assessment activity.
A is incorrect because protocol fingerprinting identifies protocols or services in use, but it does not help access or review bucket contents.
B is incorrect because credential brute forcing is intrusive, noisy, and often outside the expected safe approach unless explicitly authorized. The question states the buckets are exposed, so brute forcing is not the correct next step.
C is incorrect because service discovery identifies available services, but the storage buckets have already been discovered. The next step is to enumerate their accessible contents.
In PenTest+ terms, this falls under Information Gathering and Vulnerability Scanning, specifically cloud enumeration, exposed storage review, and identifying sensitive information in publicly accessible cloud resources.
