Free 312-50v13 Questions Attempt

The correct answer is A. IMDS Attack.

The scenario describes an attacker executing code from inside a cloud instance and retrieving temporary credentials associated with the instance role. This is characteristic of an Instance Metadata Service (IMDS) attack. Cloud platforms expose metadata services to instances so applications can retrieve configuration and role credentials. If an attacker gains code execution on the instance, they may query IMDS and steal temporary credentials.

A cloud security reference explains that when an EC2 instance is associated with an instance profile, temporary security credentials are automatically provided to the instance through the Instance Metadata Service (IMDS) . In the scenario, the tester abuses this behavior after gaining code execution through the vulnerable web application.

Option B. CPDoS Attack is incorrect because Cache Poisoned Denial-of-Service targets caching behavior to cause service denial.

Option C. Cloud Snooper Attack is incorrect because Cloud Snooper refers to bypassing firewall controls and command-and-control through cloud infrastructure paths.

Option D. Wrapping Attack is incorrect because wrapping attacks commonly target SOAP/XML signatures or request manipulation, not cloud instance metadata credentials.

Therefore, the best answer is A. IMDS Attack.

The risk described is increased attack surface caused by unnecessary services and protocols running on a web server—specifically NetBIOS and SMB. The most direct hardening action to mitigate this is to block/disable unnecessary ports and protocols so they are not exposed to the network and cannot be abused by attackers. Option D captures that principle: reduce exposure by closing ports and restricting protocols that are not required for the server’s role.

A well-hardened web server should run only the services needed to deliver its intended web functionality (e.g., HTTP/HTTPS and necessary management interfaces under strict control). Services like SMB (commonly TCP 445/139) and NetBIOS (UDP 137/138, TCP 139) are not normally required for public-facing web hosting and are frequent targets for enumeration and exploitation. Leaving such services open can enable attackers to perform credential attacks, exploit legacy vulnerabilities, access shared resources, or pivot further into the environment. By blocking or disabling these ports at the host firewall and/or perimeter firewall, the organization reduces reachable attack paths and limits what an external attacker can interact with.

Why the other options are less direct:

Dedicated machine (A) can help separation of duties, but if unnecessary services still run, the attack surface remains.

Risk assessment for patching (B) is important, but it doesn’t immediately remove the exposure created by unneeded services.

Eliminating unnecessary files (C) addresses file-system exposure, not open network services like SMB/NetBIOS.

Because the problem is explicitly about unnecessary open services/protocols, the best mitigation is D. Block all unnecessary ports, ICMP traffic, and protocols (i.e., minimize exposed services).

The correct answer is D. Integrity. In the CIA triad, integrity refers to protecting information from unauthorized alteration, modification, or revision, whether the data is stored at rest or moving across a network. CEH-aligned material explains that integrity ensures data received is exactly the same as the data originally sent, and any addition, deletion, or alteration means integrity has been compromised. The question states that an attack altered the contents of two critical files, which directly indicates unauthorized modification of data. This is an integrity violation because the trustworthiness, accuracy, and reliability of those files can no longer be guaranteed. Availability is incorrect because availability concerns whether systems or data are accessible when needed. Authentication is incorrect because it verifies the identity of a user, device, or process. Confidentiality is also incorrect because confidentiality focuses on secrecy and preventing unauthorized disclosure, not file modification. Therefore, an attack that changes critical file contents is best described as an integrity attack.