An organization is implementing a virtualized thin-client solution for normal user computing and access. During a review of the architecture, concerns were raised that an attacker could gain access to multiple user environments by simply gaining a foothold on a single one with malware. Which of the following reasons BEST explains this?
A. Malware on one virtual environment could enable pivoting to others by leveraging vulnerabilities in the hypervisor.
B. A worm on one virtual environment could spread to others by taking advantage of guest OS networking services vulnerabilities.
C. One virtual environment may have one or more application-layer vulnerabilities, which could allow an attacker to escape that environment.
D. Malware on one virtual user environment could be copied to all others by the attached network storage controller.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Going with A.
The company is worried about the attacker gaining access to multiple systems from one system, not necessarily the specific type of procedure.
C simply states that the attacker will use vulnerabilities to escape. We can imply the purpose (i.e VM escape to gain access to other systems) but A explicitly states the intent/goal of the attacker (do x, get y)
A | pivot to gain access to multiple systems (no implying needed)
C | use application layer vulnerabilities to escape (need to imply intent)
Going with A.
A.
Using compromised VM as foothold to attack others. Pivoting.
https://hackmag.com/security/htb-pivoting/
A – that is the very definition of pivoting
C – The most talked about vulnerability within the virtual environment is vm escape.
C?