CAS-002 · Question #61
CAS-002 Question #61: Real Exam Question with Answer & Explanation
The correct answer is C: The likelihood a malicious user will obtain proprietary information by gaining local access to. The scenario highlights two critical risk factors: poor physical access control at the datacenter and VM multi-tenancy (multiple clients sharing the same physical hardware). Answer C directly addresses the compounded threat these two factors create. When VMs from different client
Question
Options
- AThe ability to implement user training programs for the purpose of educating internal staff
- BThe cost of resources required to relocate services in the event of resource exhaustion on a
- CThe likelihood a malicious user will obtain proprietary information by gaining local access to
- DAnnual loss expectancy resulting from social engineering attacks against the cloud service
Explanation
The scenario highlights two critical risk factors: poor physical access control at the datacenter and VM multi-tenancy (multiple clients sharing the same physical hardware). Answer C directly addresses the compounded threat these two factors create. When VMs from different clients share physical resources and physical access controls are weak, a malicious actor who gains local (physical) access to the hardware can potentially exploit VM escape vulnerabilities or side-channel attacks to access data belonging to other tenants, including proprietary company information. This is the most specific and relevant risk given the described environment. Answer A (user training) addresses internal staff, not the provider's vulnerabilities. Answer B (resource exhaustion) is an availability concern, not the primary confidentiality risk. Answer D (ALE from social engineering) is a valid metric but less specific than C to the physical/multi-tenancy risk combination described.
Community Discussion
No community discussion yet for this question.