A company provides on-demand virtual computing for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for access to sensitive data. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data was found on a hidden directory within the hypervisor.
Which of the following has MOST likely occurred?
A . A stolen two factor token and a memory mapping RAM exploit were used to move data from one virtual guest to an unauthorized similar token.
B . An employee with administrative access to the virtual guests was able to dump the guest memory onto their mapped disk.
C . A host server was left un-patched and an attacker was able to use a VMEscape attack to gain unauthorized access.
D . A virtual guest was left un-patched and an attacker was able to use a privilege escalation attack to gain unauthorized access.
Answer: C
Leave a Reply