A security consultant is conducting a penetration test against a customer enterprise that comprises local hosts and cloudbased servers. The hosting service employs a multitenancy model with elastic provisioning to meet customer demand.
The customer runs multiple virtualized servers on each provisioned cloud host. The security consultant is able to obtain multiple sets of administrator credentials without penetrating the customer network. Which of the following is the MOST likely risk the tester exploited?
A. Data-at-rest encryption misconfiguration and repeated key usage
B. Offline attacks against the cloud security broker service
C. The ability to scrape data remnants in a multitenancy environment
D. VM escape attacks against the customer network hypervisors
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
