nerdexam
EC-Council

312-50V11 · Question #974

Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable hackers to

The correct answer is C. Cloudborne attack. A Cloudborne attack exploits firmware vulnerabilities in bare-metal cloud servers to implant persistent backdoors that survive server wiping and reallocation, compromising subsequent IaaS tenants using the same hardware.

Cloud Computing

Question

Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable hackers to implant malicious backdoors in its firmware. He also identified that an installed backdoor can persist even if the server is reallocated to new clients or businesses that use it as an laaS. What is the type of cloud attack that can be performed by exploiting the vulnerability discussed in the above scenario?

Options

  • AMan-in-the-cloud (MITC) attack
  • BCloud cryptojacking
  • CCloudborne attack
  • DMetadata spoofing attack

How the community answered

(32 responses)
  • A
    9% (3)
  • B
    3% (1)
  • C
    84% (27)
  • D
    3% (1)

Why each option

A Cloudborne attack exploits firmware vulnerabilities in bare-metal cloud servers to implant persistent backdoors that survive server wiping and reallocation, compromising subsequent IaaS tenants using the same hardware.

AMan-in-the-cloud (MITC) attack

Man-in-the-cloud (MITC) attacks abuse legitimate cloud synchronization token mechanisms such as those used by OneDrive or Dropbox to intercept data and maintain persistence, and are unrelated to bare-metal firmware backdoors.

BCloud cryptojacking

Cloud cryptojacking involves unauthorized hijacking of a victim's cloud compute resources to mine cryptocurrency, not implanting firmware-level backdoors that persist through hardware reallocation.

CCloudborne attackCorrect

The Cloudborne attack targets the baseboard management controller (BMC) or firmware layer of bare-metal cloud servers, where attackers can embed malicious backdoors that are not erased during standard server re-provisioning processes. Because firmware persists across operating system reinstalls and disk wipes, a new IaaS customer receiving the same physical hardware unknowingly inherits the compromised firmware. This hardware-level persistence across tenant boundaries is the defining characteristic of the Cloudborne attack vector.

DMetadata spoofing attack

Metadata spoofing attacks exploit cloud instance metadata endpoints such as AWS IMDSv1 to steal IAM credentials or tokens, not to implant persistent backdoors in bare-metal server firmware.

Concept tested: Cloudborne attack exploiting bare-metal cloud firmware

Source: https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/what-is-cloud-attack/

Topics

#cloudborne attack#bare-metal server#firmware backdoor#IaaS vulnerability

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice