AWS EC2 Instance Metadata Service Attack

Questions and Answers

What is the specific target of an IMDS attack?

• Origin web servers
• AWS virtual machines (correct)
• Access keys
• Content Delivery Networks

What type of information does the IMDS service return about EC2 instances?

• CDN cache details and storage bucket permissions
• Details about assigned roles and access keys (correct)
• DoS attack prevention mechanisms
• Malicious content injection locations

What is the primary purpose of a Content Delivery Network or CDN?

• To provide access keys to different users in an organization
• To create backups of origin web servers
• To strategically store data near users for faster delivery (correct)
• To prevent denial-of-service attacks

What could be a consequence of a Content Delivery Network cache poisoning attack?

Malicious content injected into the CDN cache (D)

What do access keys provide to users in an organization?

Programmatic authentication to AWS (B)

What type of attack involves compromising an identity provider's private key to forge authentication tokens?

Golden Security Assertion Markup Language (SAML) attack (C)

In the context of security and cryptography, which key can be shared with anybody?

Public key (A)

What is the primary advantage of a serverless environment for software developers?

Focus on writing code instead of server installation (B)

What feature of serverless cloud functions can help handle peak workloads?

Auto-scaling (A)

What security advice would be important for a team using serverless cloud functions?

Follow secure coding guidelines and avoid hard coding credentials into code (D)

What is the primary advantage of using serverless cloud functions for software developers?

Auto-scaling to handle peak workloads (B)

In the context of security and cryptography, which key can be shared with anybody?

Public key (D)

What is the specific target of a Golden Security Assertion Markup Language (SAML) type of attack?

Compromising an identity provider private key (A)

What type of attack involves compromising an identity provider's private key to forge authentication tokens?

Golden Security Assertion Markup Language (SAML) attack (D)

What feature of serverless cloud functions can help handle peak workloads?

Auto-scaling (A)

What is a potential consequence of an Instance Metadata Service (IMDS) attack on AWS EC2 instances?

Exposure of roles assigned to the VM and access keys configured for the specific VM (D)

In the context of Content Delivery Network (CDN) cache poisoning attacks, what could be a potential consequence of injecting malicious content into the CDN cache?

Denial-of-Service (DoS) attack to bring down origin servers (D)

What is the primary function of an Access Key in the context of AWS security?

Granting specific programmatically authentication to AWS resources (C)

In the context of cloud security, what is the potential impact of compromising an identity provider's private key?

Forging authentication tokens for unauthorized access to cloud resources (C)

What is the primary purpose of a Content Delivery Network (CDN) in cloud computing?

To strategically store copies of data from origin web servers near end users for efficient content delivery (D)

Flashcards are hidden until you start studying