Q: 1
[Incident Handling and Response Process]
Alice is a disgruntled employee. She decided to acquire critical information from her organization for
financial benefit. To acccomplish this, Alice started running a virtual machine on the same physical
host as her victim's virtual machine and took advantage of shared physical resources (processor
cache) to steal data (cryptographic key/plain text secrets) from the victim machine. Identify the type
of attack Alice is performing in the above scenario.
Options
Discussion
A. unless the VM isolation broke some other way, but cache attacks point to A here.
Option A here. Cache-based data theft between VMs is textbook side channel, not service hijack or cloud sync stuff. Pretty sure about this, but if someone sees another angle chime in.
A . B is tempting but the shared CPU cache means it's textbook side channel, not service hijacking.
Option A is the right pick. Side channel attacks are all about exploiting hardware resources like CPU cache, which fits this scenario better than the other choices. Service hijacking might look tempting but doesn't involve this kind of info leak. Disagree?
A
Seen questions like this in official practice tests. If you want more on side channel techniques, the EC-Council courseware actually covers some solid scenarios.
Most guides point to A for cache attacks between VMs, matches EC-Council's official materials I've seen. Worth re-reading the incident response section and grabbing a few lab scenarios if you want more clarity.
Cache timing between VMs usually means side channel right? Not seeing why it would be B or D based on exam reports.
Not D, it's A. Service hijacking sounds tempting but the cache method is classic side channel stuff here. Open to pushback though.
This is A. Similar scenario showed up in the official guide, so check that and maybe some practice tests for deeper dives.
A tbh. D is cloud sync, which doesn't fit the CPU cache trick here.
Be respectful. No spam.
