Certified Ethical Hacker (CEH v11) — Question 360

Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable hackers to implant malicious backdoors in its firmware. He also identified that an installed backdoor can persist even if the server is reallocated to new clients or businesses that use it as an IaaS.
What is the type of cloud attack that can be performed by exploiting the vulnerability discussed in the above scenario?

Answer options

• A. Cloudborne attack
• B. Man-in-the-cloud (MITC) attack
• C. Metadata spoofing attack
• D. Cloud cryptojacking

Correct answer: A

Explanation

The correct answer is A, Cloudborne attack, as the vulnerability allows for persistent backdoors that can affect multiple users of the server. The other options do not specifically relate to the concept of a vulnerability in firmware that persists through reallocations of cloud resources, making them less relevant in this scenario.