👻🕸️ Cybersecurity Awareness Month Sale - 50% off select memberships! 🕸️👻

5 days, 1 hour remaining!

Free CompTIA PenTest+ PT0-002 Practice Question

In a red team exercise against a company's cloud infrastructure, you discover that the Elastic Compute Cloud (EC2) instances are configured to allow any attached role to access the instance metadata service without restrictions. With this misconfiguration in mind, what sophisticated technique should be used to carry out an attack that leverages the instance metadata service to gain escalated privileges within the cloud environment?

  • Use NTLM relay attacks to capture authentication details and replay them against the metadata service for escalated cloud privileges.

  • Engage in Kerberoasting to steal Kerberos tickets from the EC2 instances and gain access to the metadata service.

  • Perform a VLAN hopping attack to bypass network segmentation and access the metadata service from a compromised instance within the same VLAN.

  • Execute a Direct-to-Origin attack by accessing the instance metadata service directly to retrieve security credentials for IAM role escalation.

This question's topic:
CompTIA PenTest+ PT0-002 / 
Attacks and Exploits
Your Score:

Check or uncheck an objective to set which questions you will receive.