CompTIA Cloud+ (CV0-003) — Question 87

A company that utilizes an IaaS service provider has contracted with a vendor to perform a penetration test on its environment. The vendor is able to exploit the virtualization layer and obtain access to other instances within the cloud provider's environment that do not belong to the company. Which of the following BEST describes this attack?

Answer options

• A. VM escape
• B. Directory traversal
• C. Buffer overflow
• D. Heap spraying

Correct answer: A

Explanation

The correct answer, VM escape, refers to a situation where a malicious actor can break out of their virtual machine and access other virtual machines on the same host, which is what happened in this scenario. The other options, such as Directory traversal and Buffer overflow, pertain to different types of vulnerabilities and exploits that do not involve accessing other virtual machines in a cloud environment.