Exam CCSP topic 1 question 462 discussion

Should be C . DDOS is not limited to the public cloud .

Multitenant Environments: -Conflict of Interest -Escalation of Privilege -Information Bleed -Legal Activity the answer is Dos/DDOS

While Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are a risk in any cloud environment, they are not specific to multitenancy in the public cloud. DoS/DDoS attacks target availability, affecting all cloud models, including public, private, hybrid, and community clouds. Public Cloud Multitenancy Risks: B. Information Bleed → Shared resources (e.g., memory, storage) could accidentally leak data between tenants. C. Risk of Loss/Disclosure Due to Legal Seizures → Data stored in a public cloud may be subject to legal actions against other tenants, resulting in potential data exposure or loss. D. Escalation of Privilege → If an attacker exploits a vulnerability in the cloud provider's infrastructure, they could gain elevated privileges, impacting multiple tenants.

A. DoS/DDoS Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are not specific to multitenancy or public cloud environments. These types of attacks can target any system connected to the internet, regardless of the underlying cloud model or multitenancy structure. They are a common threat across all types of networked environments.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are not risks specific to multitenancy in the public cloud. The other options, such as information bleed, risk of loss/disclosure due to legal seizures, and escalation of privilege, are risks associated with multitenancy in the public cloud environment.

D- Escalation of privilege

Answer is C. In normal envrionments a device being captured won't effect other tenents cox there are no tenants. its a risk experienced for all the tenants in cloud

D: Escalation of privilege

it says except answer is A all other are multi-tenant "issues"

Following the official guide, in multi tenant environments there is not DDoS in Multitenant environments. My sense says that DDoS is possible in all the models.

Poorly worded question.

C. Risk of loss/disclosure due to legal seizures

Question asks for this if you translate it well: Which risk is not linked to public cloud due to multitenancy?

C. the legal seizures can impact other customers in the cloud because of multitenancy, the solution is the encryption to avoid the problem. The DOS/DDOS could impact also in other kind of cloud

A.DDOS should be correct as DDOS is not a multitenancy related risk

I'm not disagreeing with the answer, but escalation of privilege also exists in traditional environments. Escalation of privileges is a very standard phase of a pen test.