Certified Ethical Hacker (CEH v12) — Question 305

Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable hackers to implant malicious backdoors in its firmware. He also identified that an installed backdoor can persist even if the server is reallocated to new clients or businesses that use it as an IaaS.

What is the type of cloud attack that can be performed by exploiting the vulnerability discussed in the above scenario?

Answer options

• A. Cloudborne attack
• B. Man-in-the-cloud (MITC) attack
• C. Metadata spoofing attack
• D. Cloud cryptojacking

Correct answer: A

Explanation

The correct answer is A, Cloudborne attack, as it refers to vulnerabilities in cloud environments that can lead to persistent threats like backdoors. The other options describe different types of attacks that do not specifically address the scenario of exploiting server firmware vulnerabilities for persistent access.