ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 131 discussion

Actual exam question from CompTIA's PT0-002
Question #: 131
Topic #: 1
[All PT0-002 Questions]

A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter, with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?

  • A. Data flooding
  • B. Session riding
  • C. Cybersquatting
  • D. Side channel
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Neolot at Oct. 8, 2022, noon

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ronniehaang
Highly Voted 1 year, 1 month ago
Selected Answer: D
Side-channel attacks in cloud environments rely on the ability to gain access that allows penetration testers to capture information by leveraging shared underlying hardware. Infrastructure as a service (IaaS) environments deploy multiple virtual machines on the same hardware platform, meaning that attackers may be able to use shared resources or compromise of the virtualization or containerization system itself to gain access to data without compromising the target system itself. It leverages a remnant data vulnerability when virtual drives are resized. Fortunately, the major players in the IaaS space have prevented this issue by using encrypted volumes and other techniques to ensure remnant data is no longer an issue. Despite this, side-channel attacks will always remain a concern while systems share underlying hardware.
upvoted 8 times
...
NotAHackerJustYet
Highly Voted 1 year ago
Selected Answer: D
The most concerning attack type to the company is D. Side Channel Attacks. Side channel attacks are a type of attack that allows an attacker to obtain privileged information (such as passwords, encryption keys, etc.) by exploiting the physical characteristics of the computer system. For example, an attacker could measure the power consumption of the system over time to infer the encryption key used. In this case, the company is concerned about the protection of its VMs, which are hosted in a datacenter with other companies sharing physical resources. Thus, a side channel attack is the most concerning attack type as it could potentially allow an attacker to gain access to the VMs without needing to compromise the security of the cloud provider. The other options are not as concerning as side channel attacks, as they typically involve the attacker gaining access to a user's session (Session Riding) or hijacking a domain name (Cybersquatting), or overwhelming a system with malicious data (Data Flooding).
upvoted 5 times
...
Neolot
Most Recent 1 year, 4 months ago
Selected Answer: D
https://www.techtarget.com/searchsecurity/definition/side-channel-attack#:~:text=Side%2Dchannel%20attacks%20can%20even,share%20the%20same%20physical%20hardware
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel