312-50V13 · Question #414
312-50V13 Question #414: Real Exam Question with Answer & Explanation
The correct answer is C: Cloudborne attack. The scenario describes a vulnerability in a bare-metal cloud server that allows persistent firmware backdoors even after reallocation, which is characteristic of a Cloudborne attack.
Question
Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable hackers to implant malicious backdoors in its firmware. He also identified that an installed backdoor can persist even if the server is reallocated to new clients or businesses that use it as an laaS. What is the type of cloud attack that can be performed by exploiting the vulnerability discussed in the above scenario?
Options
- AMan-in-the-cloud (MITC) attack
- BCloud cryptojacking
- CCloudborne attack
- DMetadata spoofing attack
Explanation
The scenario describes a vulnerability in a bare-metal cloud server that allows persistent firmware backdoors even after reallocation, which is characteristic of a Cloudborne attack.
Common mistakes.
- A. A Man-in-the-cloud (MITC) attack typically involves compromising cloud storage synchronization tokens to gain unauthorized access to cloud data, not firmware backdoors on bare-metal servers.
- B. Cloud cryptojacking involves using a victim's cloud resources to mine cryptocurrency without their permission, rather than implanting firmware backdoors.
- D. Metadata spoofing attack involves manipulating or forging metadata to gain unauthorized access or bypass security controls, which is distinct from exploiting server firmware.
Concept tested. Cloudborne attack on bare-metal server firmware
Topics
Community Discussion
No community discussion yet for this question.