Which of the following cloud-based solutions should be MOST concerned about this vulnerability?

A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster.
Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?
A. Single-tenant private cloud
B. Multitenant SaaS cloud
C. Single-tenant hybrid cloud
D. Multitenant IaaS cloud
E. Multitenant PaaS cloud
F. Single-tenant public cloud

How to PASS CAS-004 in First Attempt?

FULL Printable PDF and Software. VALID exam to help you PASS.

comptia-exams

4 thoughts on “Which of the following cloud-based solutions should be MOST concerned about this vulnerability?

  1. I would choose C.

    “A major security risk, beyond those for IaaS, is an application breaking out from its sandbox. Containers were not originally designed to be secure against breakout (particularly if the user is able to utilize some vulnerability to obtain root privileges). Programming language sandboxes have been found to be even more fragile; for example, new vulnerabilities are typically found and patched in the Java virtual machine every month.” https://www.ssh.com/academy/cloud/paas

  2. PaaS Security Concerns
    PaaS allows companies to build, run and ultimately manage Web applications without the infrastructure that is normally required.
    Since PaaS is based on the notion of using shared resources (such as hardware, network, and security provisions), security concerns are usually focused on mission-critical information that hackers can obtain during a data breach. If the PaaS tenants have Administrator/’root’, or shell access to the servers running their instances, additional security issues could arise if hackers are able to gain unauthorized access and change configurations. Additionally, security controls and self-service entitlements offered by the PaaS platform could pose a problem if not properly configured. Providers should be able to provide clear policies, guidelines, and adhere to industry accepted best practices.

    1. Source:

      With multi-tenancy resources are shared by multiple users. For example, two or more tenants
      could have their OSs running on the same server or two or running an instance of the same
      application with different data. Depending on the cloud deployment model the level of
      importance and sharing of multi-tenancy would be different [CSA09]; but without any doubt
      Infrastructure-as-a-Service (IaaS) in public clouds creates the most risks off all.

      https://www.ma.rhul.ac.uk/static/techrep/2012/MA-2012-12.pdf

      5
      1

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.